Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Minet.exe

Overview

General Information

Sample name:Minet.exe
Analysis ID:1575623
MD5:266dab6809fcc7a59f79a36edfff6682
SHA1:ab0b69adea1fffa3f35705db40c9b4531624ea84
SHA256:72f1513b6c29378f8e7cb14a727ccdea12f1581ebcb84a2a5dd7da8a2b70cc6d
Tags:exeNjRATuser-lontze7
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Creates autostart registry keys with suspicious names
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Sigma detected: New RUN Key Pointing to Suspicious Folder
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Minet.exe (PID: 3776 cmdline: "C:\Users\user\Desktop\Minet.exe" MD5: 266DAB6809FCC7A59F79A36EDFFF6682)
    • server.exe (PID: 2984 cmdline: "C:\Users\user\AppData\Local\Temp\server.exe" MD5: 266DAB6809FCC7A59F79A36EDFFF6682)
      • netsh.exe (PID: 5236 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 1996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • server.exe (PID: 3364 cmdline: "C:\Users\user\AppData\Local\Temp\server.exe" .. MD5: 266DAB6809FCC7A59F79A36EDFFF6682)
  • server.exe (PID: 6804 cmdline: "C:\Users\user\AppData\Local\Temp\server.exe" .. MD5: 266DAB6809FCC7A59F79A36EDFFF6682)
  • server.exe (PID: 2328 cmdline: "C:\Users\user\AppData\Local\Temp\server.exe" .. MD5: 266DAB6809FCC7A59F79A36EDFFF6682)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "learn-rage.gl.at.ply.gg", "Port": "27556", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "server.exe", "Install Dir": "TEMP"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Minet.exeJoeSecurity_NjratYara detected NjratJoe Security
    Minet.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x64c1:$a1: get_Registry
    • 0x7f06:$a3: Download ERROR
    • 0x81f8:$a5: netsh firewall delete allowedprogram "
    Minet.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x80ee:$a1: netsh firewall add allowedprogram
    • 0x82e8:$b1: [TAP]
    • 0x828e:$b2: & exit
    • 0x825a:$c1: md.exe /k ping 0 & del
    Minet.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x81f8:$s1: netsh firewall delete allowedprogram
    • 0x80ee:$s2: netsh firewall add allowedprogram
    • 0x8258:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
    • 0x7ee2:$s4: Execute ERROR
    • 0x7f42:$s4: Execute ERROR
    • 0x7f06:$s5: Download ERROR
    • 0x829e:$s6: [kl]

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\server.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Users\user\AppData\Local\Temp\server.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x64c1:$a1: get_Registry
      • 0x7f06:$a3: Download ERROR
      • 0x81f8:$a5: netsh firewall delete allowedprogram "
      C:\Users\user\AppData\Local\Temp\server.exenjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x80ee:$a1: netsh firewall add allowedprogram
      • 0x82e8:$b1: [TAP]
      • 0x828e:$b2: & exit
      • 0x825a:$c1: md.exe /k ping 0 & del
      C:\Users\user\AppData\Local\Temp\server.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
      • 0x81f8:$s1: netsh firewall delete allowedprogram
      • 0x80ee:$s2: netsh firewall add allowedprogram
      • 0x8258:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
      • 0x7ee2:$s4: Execute ERROR
      • 0x7f42:$s4: Execute ERROR
      • 0x7f06:$s5: Download ERROR
      • 0x829e:$s6: [kl]
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeJoeSecurity_NjratYara detected NjratJoe Security
        Click to see the 3 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x62c1:$a1: get_Registry
          • 0x7d06:$a3: Download ERROR
          • 0x7ff8:$a5: netsh firewall delete allowedprogram "
          00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x7eee:$a1: netsh firewall add allowedprogram
          • 0x80e8:$b1: [TAP]
          • 0x808e:$b2: & exit
          • 0x805a:$c1: md.exe /k ping 0 & del
          00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
            Process Memory Space: Minet.exe PID: 3776JoeSecurity_NjratYara detected NjratJoe Security
              Click to see the 1 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.Minet.exe.c0000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
                0.0.Minet.exe.c0000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
                • 0x64c1:$a1: get_Registry
                • 0x7f06:$a3: Download ERROR
                • 0x81f8:$a5: netsh firewall delete allowedprogram "
                0.0.Minet.exe.c0000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
                • 0x80ee:$a1: netsh firewall add allowedprogram
                • 0x82e8:$b1: [TAP]
                • 0x828e:$b2: & exit
                • 0x825a:$c1: md.exe /k ping 0 & del
                0.0.Minet.exe.c0000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
                • 0x81f8:$s1: netsh firewall delete allowedprogram
                • 0x80ee:$s2: netsh firewall add allowedprogram
                • 0x8258:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
                • 0x7ee2:$s4: Execute ERROR
                • 0x7f42:$s4: Execute ERROR
                • 0x7f06:$s5: Download ERROR
                • 0x829e:$s6: [kl]

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: New RUN Key Pointing to Suspicious Folder
                Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\user\AppData\Local\Temp\server.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\server.exe, ProcessId: 2984, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e456603c650484e45e47269f670d15a9
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\Temp\server.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\server.exe, ProcessId: 2984, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e456603c650484e45e47269f670d15a9
                Sigma detected: Startup Folder File Write
                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\server.exe, ProcessId: 2984, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe
                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\Temp\server.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\server.exe, ProcessId: 2984, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\e456603c650484e45e47269f670d15a9

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:20:55.680745+010020211761Malware Command and Control Activity Detected192.168.2.849708147.185.221.2227556TCP
                2024-12-16T07:21:19.600550+010020211761Malware Command and Control Activity Detected192.168.2.849713147.185.221.2227556TCP
                2024-12-16T07:21:43.644547+010020211761Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:07.697713+010020211761Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:31.749409+010020211761Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:55.769564+010020211761Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:19.801792+010020211761Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:43.804052+010020211761Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:07.833839+010020211761Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:31.865537+010020211761Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:20:55.680745+010020331321Malware Command and Control Activity Detected192.168.2.849708147.185.221.2227556TCP
                2024-12-16T07:21:19.600550+010020331321Malware Command and Control Activity Detected192.168.2.849713147.185.221.2227556TCP
                2024-12-16T07:21:43.644547+010020331321Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:07.697713+010020331321Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:31.749409+010020331321Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:55.769564+010020331321Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:19.801792+010020331321Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:43.804052+010020331321Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:07.833839+010020331321Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:31.865537+010020331321Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:21:01.321697+010028255641Malware Command and Control Activity Detected192.168.2.849708147.185.221.2227556TCP
                2024-12-16T07:21:25.979935+010028255641Malware Command and Control Activity Detected192.168.2.849713147.185.221.2227556TCP
                2024-12-16T07:21:45.617353+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:48.036003+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:50.145013+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:55.989002+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:56.207745+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:57.082446+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:57.207473+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:21:57.646154+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:01.507536+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:01.930353+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:02.052670+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:02.172426+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:02.772524+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:04.219516+010028255641Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:10.480173+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:10.600078+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:10.872018+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:10.991987+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:11.113050+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:12.076482+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:13.040407+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:13.265596+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:13.385426+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:13.946964+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:14.066706+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:14.376435+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:14.855771+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:15.696474+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:16.132469+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:16.252407+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:16.745740+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:17.707379+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:18.068455+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:18.308719+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:19.032362+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:19.636128+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:20.722731+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:20.842714+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:21.561916+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:21.681782+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:22.655166+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:23.416817+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:24.948640+010028255641Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:32.709959+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:33.549670+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:33.669978+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:34.509836+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:35.109248+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:35.229232+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:35.349093+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:35.468893+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:35.735827+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:36.708469+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:37.668766+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:38.627884+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:40.189955+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:40.309935+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:40.429943+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:41.152026+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:42.111476+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:42.859340+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:42.979234+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:43.099087+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:43.219888+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:43.572615+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:44.305249+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:44.425023+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:45.030425+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:45.270106+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:45.630963+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:45.750837+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:45.872633+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:47.079283+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:47.468359+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:47.703855+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:47.838517+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:48.923624+010028255641Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:56.249428+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:56.369346+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:56.489763+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:56.638793+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:57.240963+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:57.969300+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:58.809166+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:58.932560+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:22:59.656528+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:00.617245+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:01.457270+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:02.299721+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:02.994298+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:03.114247+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:05.034475+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:05.873959+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:06.840448+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:07.080838+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:07.751838+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:07.899048+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:08.018823+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:08.618575+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:09.522401+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:10.007470+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:10.674196+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:11.153887+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:11.993126+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:12.113132+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:12.793327+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:12.993314+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:13.524253+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:14.123581+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:15.204454+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:15.445013+010028255641Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:21.724606+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:21.844419+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:22.684823+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:23.526814+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:24.488905+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:26.179728+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:27.021605+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:27.501924+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:27.943427+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:28.065321+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:28.730743+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:28.851864+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:28.972228+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:29.092065+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:29.215349+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:30.665688+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:30.785558+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:30.970775+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:31.091189+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:31.595377+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:32.195044+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:32.434944+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:33.279787+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:33.768522+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:34.128528+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:34.248692+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:35.090503+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:39.902225+010028255641Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:44.285291+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:45.125154+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:45.965268+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:46.445337+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:46.926193+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:47.046030+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:47.766232+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:48.605990+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:49.566903+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:50.047441+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:50.167527+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:50.288576+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:50.408727+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:50.649171+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:50.769201+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:51.616309+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:52.340135+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:52.579956+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:53.420201+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:54.140325+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:54.380542+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:54.740366+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:55.100424+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:56.782385+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:00.866230+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:00.986023+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:02.353898+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:02.593554+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:03.023903+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:03.143731+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:03.362236+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:03.961449+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:04.924723+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:05.046909+010028255641Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:08.313915+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:08.434571+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:08.973059+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:09.867806+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:11.764889+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:11.884788+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:12.138227+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:12.258353+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:12.990032+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:14.498610+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:14.618504+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:15.339711+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:16.302206+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:17.142288+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:17.502382+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:17.862267+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:18.103275+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:18.944300+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:20.506765+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:22.194822+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:22.434663+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:22.674520+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:22.794646+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:23.517156+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:23.636928+010028255641Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:32.946631+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:33.066614+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:33.352307+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:33.472276+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:34.025386+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:34.624863+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:35.359357+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:35.974541+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:36.094467+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:36.619044+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:37.818383+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:38.537101+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:38.656906+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:38.776767+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:39.224813+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:39.344759+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:39.464652+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:42.255603+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:43.236416+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:43.358095+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:43.612775+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:43.735798+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:43.960386+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:44.080892+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:44.201958+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:44.618687+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:44.739468+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:44.965932+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:45.087731+010028255641Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:20:55.801206+010028255631Malware Command and Control Activity Detected192.168.2.849708147.185.221.2227556TCP
                2024-12-16T07:21:19.720916+010028255631Malware Command and Control Activity Detected192.168.2.849713147.185.221.2227556TCP
                2024-12-16T07:21:43.764477+010028255631Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:20:36.019904+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:00.907124+010028148601Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:03.375599+010028148601Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:05.062698+010028148601Malware Command and Control Activity Detected192.168.2.849731147.185.221.2227556TCP
                2024-12-16T07:22:11.594350+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:15.096600+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:17.948608+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:20.238875+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:22.410795+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:24.948640+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:27.373030+010028148601Malware Command and Control Activity Detected192.168.2.849785147.185.221.2227556TCP
                2024-12-16T07:22:36.339383+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:38.627884+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:40.789951+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:45.270106+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:48.562440+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:50.861048+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:22:53.054637+010028148601Malware Command and Control Activity Detected192.168.2.849840147.185.221.2227556TCP
                2024-12-16T07:23:00.257557+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:02.299721+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:05.394302+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:08.498656+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:11.393670+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:14.363654+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:16.789312+010028148601Malware Command and Control Activity Detected192.168.2.849896147.185.221.2227556TCP
                2024-12-16T07:23:24.008150+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:26.051336+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:29.456605+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:32.195044+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:34.488439+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:36.697452+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:38.917795+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:41.381480+010028148601Malware Command and Control Activity Detected192.168.2.849952147.185.221.2227556TCP
                2024-12-16T07:23:47.886227+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:49.927534+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:52.579956+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:54.620354+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:56.662208+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:23:58.981690+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:01.228513+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:04.202541+010028148601Malware Command and Control Activity Detected192.168.2.849985147.185.221.2227556TCP
                2024-12-16T07:24:13.922020+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:16.782346+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:18.944300+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:20.986632+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:23.396463+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:25.854003+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:27.830321+010028148601Malware Command and Control Activity Detected192.168.2.849986147.185.221.2227556TCP
                2024-12-16T07:24:37.698630+010028148601Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:40.434574+010028148601Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:41.882321+010028148601Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP
                2024-12-16T07:24:45.567803+010028148601Malware Command and Control Activity Detected192.168.2.849987147.185.221.2227556TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Minet.exeAvira: detected
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\server.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Found malware configuration
                Source: 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Njrat {"Host": "learn-rage.gl.at.ply.gg", "Port": "27556", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "server.exe", "Install Dir": "TEMP"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\server.exeReversingLabs: Detection: 92%
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeReversingLabs: Detection: 92%
                Multi AV Scanner detection for submitted file
                Source: Minet.exeReversingLabs: Detection: 92%
                Yara detected Njrat
                Source: Yara matchFile source: Minet.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Minet.exe PID: 3776, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: server.exe PID: 2984, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPED
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\server.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: Minet.exeJoe Sandbox ML: detected
                Source: Minet.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\Minet.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: Minet.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Minet.exe, 00000000.00000002.1743023608.00000000026E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: Minet.exe, 00000000.00000002.1743023608.00000000026E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: Minet.exe, 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                Source: Minet.exe, 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                Source: server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: Minet.exeBinary or memory string: autorun.inf
                Source: Minet.exeBinary or memory string: [autorun]
                Source: server.exe.0.drBinary or memory string: autorun.inf
                Source: server.exe.0.drBinary or memory string: [autorun]
                Source: e456603c650484e45e47269f670d15a9.exe.2.drBinary or memory string: autorun.inf
                Source: e456603c650484e45e47269f670d15a9.exe.2.drBinary or memory string: [autorun]

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49708 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49708 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.8:49708 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49713 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49713 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.8:49713 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49708 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49713 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49731 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49785 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49785 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49731 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49785 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49785 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49840 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49840 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.8:49731 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49840 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49731 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49840 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49731 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49896 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49896 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49896 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49952 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49952 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49896 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49952 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49985 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49985 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49952 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49985 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49986 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49986 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49986 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.8:49987 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.8:49987 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.8:49987 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49985 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49986 -> 147.185.221.22:27556
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.8:49987 -> 147.185.221.22:27556
                Source: global trafficTCP traffic: 192.168.2.8:49708 -> 147.185.221.22:27556
                Source: Joe Sandbox ViewIP Address: 147.185.221.22 147.185.221.22
                Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: learn-rage.gl.at.ply.gg
                Source: server.exe, 00000002.00000002.4132890159.00000000005F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.
                Source: server.exe, 00000002.00000002.4132890159.00000000005F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.LinkId=42127
                Source: Minet.exe, server.exe.0.dr, e456603c650484e45e47269f670d15a9.exe.2.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to log keystrokes (.Net Source)
                Source: Minet.exe, kl.cs.Net Code: VKCodeToUnicode
                Source: server.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode
                Source: e456603c650484e45e47269f670d15a9.exe.2.dr, kl.cs.Net Code: VKCodeToUnicode

                E-Banking Fraud

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: Minet.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Minet.exe PID: 3776, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: server.exe PID: 2984, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPED

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: Minet.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: Minet.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: Minet.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_0093B836 NtQuerySystemInformation,2_2_0093B836
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_0093B7FB NtQuerySystemInformation,2_2_0093B7FB
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00932E462_2_00932E46
                Source: Minet.exe, 00000000.00000002.1742443237.00000000005AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs Minet.exe
                Source: Minet.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: Minet.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: Minet.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: Minet.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: classification engineClassification label: mal100.troj.adwa.spyw.evad.winEXE@9/7@1/1
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_0093B5F6 AdjustTokenPrivileges,2_2_0093B5F6
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_0093B5BF AdjustTokenPrivileges,2_2_0093B5BF
                Source: C:\Users\user\Desktop\Minet.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Minet.exe.logJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1996:120:WilError_03
                Source: C:\Users\user\AppData\Local\Temp\server.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                Source: C:\Users\user\AppData\Local\Temp\server.exeMutant created: \Sessions\1\BaseNamedObjects\e456603c650484e45e47269f670d15a9
                Source: C:\Users\user\Desktop\Minet.exeFile created: C:\Users\user\AppData\Local\Temp\server.exeJump to behavior
                Source: Minet.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: Minet.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Users\user\Desktop\Minet.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: Minet.exeReversingLabs: Detection: 92%
                Source: C:\Users\user\Desktop\Minet.exeFile read: C:\Users\user\Desktop\Minet.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Minet.exe "C:\Users\user\Desktop\Minet.exe"
                Source: C:\Users\user\Desktop\Minet.exeProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe"
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
                Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" ..
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" ..
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" ..
                Source: C:\Users\user\Desktop\Minet.exeProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLEJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                Source: Minet.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: C:\Users\user\Desktop\Minet.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: Minet.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: Minet.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: server.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: e456603c650484e45e47269f670d15a9.exe.2.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00CA2 push ebx; ret 2_2_00B00CD1
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00D22 push ebx; ret 2_2_00B00D71
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B007AC push edx; ret 2_2_00B007B9
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00C2F push ecx; ret 2_2_00B00CA1
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00710 push edx; ret 2_2_00B00711
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00D92 push ebx; ret 2_2_00B00DC1
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00E82 push ebx; ret 2_2_00B00EB1
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00A04 push ecx; ret 2_2_00B00A11
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00D87 push ecx; ret 2_2_00B00D91
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B0000C push edi; ret 2_2_00B00051
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00CF2 push ebx; ret 2_2_00B00D21
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00E75 push ecx; ret 2_2_00B00E81
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B0077B push ecx; ret 2_2_00B00789
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B008E8 push ecx; ret 2_2_00B008E9
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B00CEB push ecx; ret 2_2_00B00CF1
                Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_00B0106E push ebx; ret 2_2_00B01FE1
                Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeJump to dropped file
                Source: C:\Users\user\Desktop\Minet.exeFile created: C:\Users\user\AppData\Local\Temp\server.exeJump to dropped file

                Boot Survival

                barindex
                Creates autostart registry keys with suspicious names
                Source: C:\Users\user\AppData\Local\Temp\server.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9Jump to behavior
                Drops PE files to the startup folder
                Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe\:Zone.Identifier:$DATAJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9Jump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeMemory allocated: A70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeMemory allocated: 46E0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: AE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 2760000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 4760000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: B30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 2780000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 4780000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 1380000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 3030000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 1380000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: CF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 2AB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 4AB0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: threadDelayed 3145Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: threadDelayed 1110Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: threadDelayed 4068Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: foregroundWindowGot 485Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: foregroundWindowGot 1228Jump to behavior
                Source: C:\Users\user\Desktop\Minet.exe TID: 3576Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 5532Thread sleep count: 3145 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 2716Thread sleep count: 1110 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 2716Thread sleep time: -1110000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 2716Thread sleep count: 4068 > 30Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 2716Thread sleep time: -4068000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 3380Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 6256Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 5200Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Minet.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: server.exe, 00000002.00000002.4132890159.00000000005F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQ
                Source: netsh.exe, 00000003.00000003.1817614917.0000000000741000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\Minet.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: Minet.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
                Source: Minet.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
                Source: Minet.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
                Source: C:\Users\user\Desktop\Minet.exeProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
                Source: server.exe, 00000002.00000002.4133641475.0000000002960000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002BB5000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.Wl
                Source: server.exe, 00000002.00000002.4133641475.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002C67000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002960000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: server.exe, 00000002.00000002.4132890159.00000000005BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rh Program ManagerDH
                Source: server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.WlL
                Source: server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager
                Source: server.exe, 00000002.00000002.4133641475.0000000002C8E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager@
                Source: server.exe, 00000002.00000002.4133641475.0000000002960000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@
                Source: server.exe, 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.Wlp
                Source: server.exe, 00000002.00000002.4133641475.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002C67000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4133641475.0000000002960000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9Wl
                Source: C:\Users\user\AppData\Local\Temp\server.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\server.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Modifies the windows firewall
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
                Uses netsh to modify the Windows network and firewall settings
                Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE

                Stealing of Sensitive Information

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: Minet.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Minet.exe PID: 3776, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: server.exe PID: 2984, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPED

                Remote Access Functionality

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: Minet.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.Minet.exe.c0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: Minet.exe PID: 3776, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: server.exe PID: 2984, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure1
                Replication Through Removable Media                		1
                Native API                		221
                Registry Run Keys / Startup Folder                		1
                Access Token Manipulation                		1
                Masquerading                		1
                Input Capture                		11
                Security Software Discovery                		Remote Services1
                Input Capture                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		12
                Process Injection                		21
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)221
                Registry Run Keys / Startup Folder                		31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		1
                Access Token Manipulation                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture1
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Process Injection                		LSA Secrets1
                Peripheral Device Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Obfuscated Files or Information                		Cached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSync12
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575623 Sample: Minet.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 37 learn-rage.gl.at.ply.gg 2->37 41 Suricata IDS alerts for network traffic 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 12 other signatures 2->47 9 Minet.exe 1 6 2->9         started        12 server.exe 3 2->12         started        14 server.exe 2 2->14         started        16 server.exe 2 2->16         started        signatures3 process4 file5 31 C:\Users\user\AppData\Local\Temp\server.exe, PE32 9->31 dropped 33 C:\Users\user\...\server.exe:Zone.Identifier, ASCII 9->33 dropped 35 C:\Users\user\AppData\Local\...\Minet.exe.log, ASCII 9->35 dropped 18 server.exe 2 6 9->18         started        process6 dnsIp7 39 learn-rage.gl.at.ply.gg 147.185.221.22, 27556, 49708, 49713 SALSGIVERUS United States 18->39 27 C:\...\e456603c650484e45e47269f670d15a9.exe, PE32 18->27 dropped 29 e456603c650484e45e...exe:Zone.Identifier, ASCII 18->29 dropped 49 Antivirus detection for dropped file 18->49 51 Multi AV Scanner detection for dropped file 18->51 53 Machine Learning detection for dropped file 18->53 55 4 other signatures 18->55 23 netsh.exe 2 18->23         started        file8 signatures9 process10 process11 25 conhost.exe 23->25         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Minet.exe92%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                Minet.exe100%AviraTR/ATRAPS.Gen
                Minet.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\server.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\AppData\Local\Temp\server.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\server.exe92%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe92%ReversingLabsByteCode-MSIL.Backdoor.njRAT

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://go.microsoft.LinkId=421270%Avira URL Cloudsafe
                http://go.microsoft.0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                learn-rage.gl.at.ply.gg
                		147.185.221.22
                		truetrue
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://go.microsoft.server.exe, 00000002.00000002.4132890159.00000000005F8000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0Minet.exe, server.exe.0.dr, e456603c650484e45e47269f670d15a9.exe.2.drfalse
                    		high
                    http://go.microsoft.LinkId=42127server.exe, 00000002.00000002.4132890159.00000000005F8000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    147.185.221.22
                    		learn-rage.gl.at.ply.ggUnited States
                    		12087SALSGIVERUStrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1575623
                    Start date and time:2024-12-16 07:19:13 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 22s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Minet.exe
                    Detection:MAL
                    Classification:mal100.troj.adwa.spyw.evad.winEXE@9/7@1/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 161
                    • Number of non-executed functions: 1
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • VT rate limit hit for: Minet.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    01:21:25API Interceptor293249x Sleep call for process: server.exe modified
                    07:20:52AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9 "C:\Users\user\AppData\Local\Temp\server.exe" ..
                    07:21:00AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9 "C:\Users\user\AppData\Local\Temp\server.exe" ..
                    07:21:09AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run e456603c650484e45e47269f670d15a9 "C:\Users\user\AppData\Local\Temp\server.exe" ..
                    07:21:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    147.185.221.22CVmkXJ7e0a.exeGet hashmaliciousSheetRatBrowse
                      ozgpPwVAu1.exeGet hashmaliciousXWormBrowse
                        exe003.exeGet hashmaliciousXWormBrowse
                          OXhiMvksgM.exeGet hashmaliciousXWormBrowse
                            7bZWBYVNPU.exeGet hashmaliciousXWormBrowse
                              BWoiYc9WwI.exeGet hashmaliciousXWormBrowse
                                fjijTlM2tu.exeGet hashmaliciousXWormBrowse
                                  gPEbJi1xiY.exeGet hashmaliciousXWormBrowse
                                    dHp58IIEYz.exeGet hashmaliciousXWormBrowse
                                      432mtXKD3l.exeGet hashmaliciousXWormBrowse

                                        Domains

                                        No context

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        SALSGIVERUSDiscordd.exeGet hashmaliciousAsyncRATBrowse
                                        • 147.185.221.18
                                        Discord2.exeGet hashmaliciousAsyncRATBrowse
                                        • 147.185.221.18
                                        Discord3.exeGet hashmaliciousAsyncRATBrowse
                                        • 147.185.221.18
                                        Loader.exeGet hashmaliciousAsyncRATBrowse
                                        • 147.185.221.20
                                        72OWK7wBVH.exeGet hashmaliciousXWormBrowse
                                        • 147.185.221.24
                                        aZDwfEKorn.exeGet hashmaliciousXWormBrowse
                                        • 147.185.221.24
                                        HdTSntLSMB.exeGet hashmaliciousXWormBrowse
                                        • 147.185.221.24
                                        7laJ4zKd8O.exeGet hashmaliciousXWormBrowse
                                        • 147.185.221.18
                                        file.exeGet hashmaliciousXWormBrowse
                                        • 147.185.221.24
                                        testingg.exeGet hashmaliciousNjratBrowse
                                        • 147.185.221.19

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Minet.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\Minet.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:modified
                                        Size (bytes):525
                                        Entropy (8bit):5.259753436570609
                                        Encrypted:false
                                        SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                        MD5:260E01CC001F9C4643CA7A62F395D747
                                        SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                        SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                        SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                        Malicious:true
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\server.exe.log

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\server.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):525
                                        Entropy (8bit):5.259753436570609
                                        Encrypted:false
                                        SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                        MD5:260E01CC001F9C4643CA7A62F395D747
                                        SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                        SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                        SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                                        C:\Users\user\AppData\Local\Temp\server.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Minet.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):37888
                                        Entropy (8bit):5.573843819764276
                                        Encrypted:false
                                        SSDEEP:384:oGnsiDjT95hL5YyUvZ7vLOw4qYddlrAF+rMRTyN/0L+EcoinblneHQM3epzXPNra:dvv5zUvZ7blYrlrM+rMRa8Nu58t
                                        MD5:266DAB6809FCC7A59F79A36EDFFF6682
                                        SHA1:AB0B69ADEA1FFFA3F35705DB40C9B4531624EA84
                                        SHA-256:72F1513B6C29378F8E7CB14A727CCDEA12F1581EBCB84A2A5DD7DA8A2B70CC6D
                                        SHA-512:4A8B8904023DEB4B31F42BF50CB9D3E5018158A52FDE270DAC933F6978153B9C9BF801093D7AEC22E654C7FF50E57F970DB9B14FFBF4E3E61DF5858AD2830F15
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Joe Security
                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: unknown
                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Brian Wallace @botnet_hunter
                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 92%
                                        Reputation:low
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.................................x...S.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                        C:\Users\user\AppData\Local\Temp\server.exe:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\Desktop\Minet.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\server.exe
                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Category:dropped
                                        Size (bytes):37888
                                        Entropy (8bit):5.573843819764276
                                        Encrypted:false
                                        SSDEEP:384:oGnsiDjT95hL5YyUvZ7vLOw4qYddlrAF+rMRTyN/0L+EcoinblneHQM3epzXPNra:dvv5zUvZ7blYrlrM+rMRa8Nu58t
                                        MD5:266DAB6809FCC7A59F79A36EDFFF6682
                                        SHA1:AB0B69ADEA1FFFA3F35705DB40C9B4531624EA84
                                        SHA-256:72F1513B6C29378F8E7CB14A727CCDEA12F1581EBCB84A2A5DD7DA8A2B70CC6D
                                        SHA-512:4A8B8904023DEB4B31F42BF50CB9D3E5018158A52FDE270DAC933F6978153B9C9BF801093D7AEC22E654C7FF50E57F970DB9B14FFBF4E3E61DF5858AD2830F15
                                        Malicious:true
                                        Yara Hits:
                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, Author: Joe Security
                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, Author: unknown
                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, Author: Brian Wallace @botnet_hunter
                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe, Author: ditekSHen
                                        Antivirus:
                                        • Antivirus: Avira, Detection: 100%
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 92%
                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................ ........@.. ....................................@.................................x...S.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e456603c650484e45e47269f670d15a9.exe:Zone.Identifier

                                        Download File
                                        Process:C:\Users\user\AppData\Local\Temp\server.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):26
                                        Entropy (8bit):3.95006375643621
                                        Encrypted:false
                                        SSDEEP:3:ggPYV:rPYV
                                        MD5:187F488E27DB4AF347237FE461A079AD
                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                        Malicious:true
                                        Preview:[ZoneTransfer]....ZoneId=0

                                        \Device\ConDrv

                                        Download File
                                        Process:C:\Windows\SysWOW64\netsh.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):313
                                        Entropy (8bit):4.971939296804078
                                        Encrypted:false
                                        SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                        MD5:689E2126A85BF55121488295EE068FA1
                                        SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                        SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                        SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                        Malicious:false
                                        Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):5.573843819764276
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:Minet.exe
                                        File size:37'888 bytes
                                        MD5:266dab6809fcc7a59f79a36edfff6682
                                        SHA1:ab0b69adea1fffa3f35705db40c9b4531624ea84
                                        SHA256:72f1513b6c29378f8e7cb14a727ccdea12f1581ebcb84a2a5dd7da8a2b70cc6d
                                        SHA512:4a8b8904023deb4b31f42bf50cb9d3e5018158a52fde270dac933f6978153b9c9bf801093d7aec22e654c7ff50e57f970db9b14ffbf4e3e61df5858ad2830f15
                                        SSDEEP:384:oGnsiDjT95hL5YyUvZ7vLOw4qYddlrAF+rMRTyN/0L+EcoinblneHQM3epzXPNra:dvv5zUvZ7blYrlrM+rMRa8Nu58t
                                        TLSH:EA033A4D7FE1816CD5FE057B06B2D01207BBE04B6E23D91E8EE5649A37636C48B50AF2
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................@................................

                                        File Icon

                                        Icon Hash:00928e8e8686b000

                                        Static PE Info

                                        General

                                        Entrypoint:0x40abce
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x66E5D2B2 [Sat Sep 14 18:15:14 2024 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xab780x53.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x240.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000x8bd40x8c00ad0c62463f499c2b40206e5790ae08b6False0.4636997767857143data5.605097336717196IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xc0000x2400x400f7ce2f7b506ce16c06c85a549ef2cd98False0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xe0000xc0x200fdf7ae43c201b1d7d13e0eef2dedbdcdFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_MANIFEST0xc0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Suricata IDS Alerts

                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:20:36.019904+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:20:55.680745+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849708147.185.221.2227556TCP
                                        2024-12-16T07:20:55.680745+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849708147.185.221.2227556TCP
                                        2024-12-16T07:20:55.801206+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.849708147.185.221.2227556TCP
                                        2024-12-16T07:21:01.321697+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849708147.185.221.2227556TCP
                                        2024-12-16T07:21:19.600550+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849713147.185.221.2227556TCP
                                        2024-12-16T07:21:19.600550+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849713147.185.221.2227556TCP
                                        2024-12-16T07:21:19.720916+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.849713147.185.221.2227556TCP
                                        2024-12-16T07:21:25.979935+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849713147.185.221.2227556TCP
                                        2024-12-16T07:21:43.644547+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:43.644547+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:43.764477+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:45.617353+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:48.036003+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:50.145013+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:55.989002+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:56.207745+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:57.082446+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:57.207473+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:21:57.646154+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:00.907124+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:01.507536+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:01.930353+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:02.052670+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:02.172426+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:02.772524+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:03.375599+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:04.219516+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:05.062698+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849731147.185.221.2227556TCP
                                        2024-12-16T07:22:07.697713+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:07.697713+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:10.480173+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:10.600078+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:10.872018+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:10.991987+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:11.113050+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:11.594350+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:12.076482+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:13.040407+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:13.265596+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:13.385426+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:13.946964+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:14.066706+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:14.376435+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:14.855771+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:15.096600+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:15.696474+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:16.132469+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:16.252407+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:16.745740+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:17.707379+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:17.948608+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:18.068455+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:18.308719+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:19.032362+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:19.636128+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:20.238875+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:20.722731+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:20.842714+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:21.561916+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:21.681782+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:22.410795+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:22.655166+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:23.416817+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:24.948640+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:24.948640+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:27.373030+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849785147.185.221.2227556TCP
                                        2024-12-16T07:22:31.749409+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:31.749409+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:32.709959+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:33.549670+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:33.669978+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:34.509836+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:35.109248+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:35.229232+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:35.349093+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:35.468893+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:35.735827+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:36.339383+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:36.708469+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:37.668766+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:38.627884+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:38.627884+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:40.189955+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:40.309935+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:40.429943+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:40.789951+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:41.152026+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:42.111476+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:42.859340+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:42.979234+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:43.099087+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:43.219888+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:43.572615+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:44.305249+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:44.425023+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:45.030425+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:45.270106+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:45.270106+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:45.630963+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:45.750837+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:45.872633+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:47.079283+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:47.468359+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:47.703855+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:47.838517+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:48.562440+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:48.923624+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:50.861048+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:53.054637+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849840147.185.221.2227556TCP
                                        2024-12-16T07:22:55.769564+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:55.769564+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:56.249428+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:56.369346+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:56.489763+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:56.638793+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:57.240963+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:57.969300+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:58.809166+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:58.932560+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:22:59.656528+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:00.257557+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:00.617245+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:01.457270+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:02.299721+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:02.299721+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:02.994298+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:03.114247+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:05.034475+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:05.394302+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:05.873959+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:06.840448+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:07.080838+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:07.751838+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:07.899048+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:08.018823+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:08.498656+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:08.618575+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:09.522401+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:10.007470+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:10.674196+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:11.153887+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:11.393670+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:11.993126+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:12.113132+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:12.793327+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:12.993314+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:13.524253+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:14.123581+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:14.363654+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:15.204454+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:15.445013+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:16.789312+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849896147.185.221.2227556TCP
                                        2024-12-16T07:23:19.801792+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:19.801792+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:21.724606+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:21.844419+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:22.684823+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:23.526814+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:24.008150+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:24.488905+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:26.051336+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:26.179728+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:27.021605+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:27.501924+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:27.943427+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:28.065321+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:28.730743+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:28.851864+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:28.972228+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:29.092065+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:29.215349+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:29.456605+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:30.665688+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:30.785558+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:30.970775+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:31.091189+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:31.595377+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:32.195044+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:32.195044+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:32.434944+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:33.279787+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:33.768522+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:34.128528+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:34.248692+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:34.488439+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:35.090503+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:36.697452+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:38.917795+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:39.902225+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:41.381480+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849952147.185.221.2227556TCP
                                        2024-12-16T07:23:43.804052+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:43.804052+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:44.285291+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:45.125154+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:45.965268+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:46.445337+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:46.926193+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:47.046030+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:47.766232+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:47.886227+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:48.605990+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:49.566903+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:49.927534+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:50.047441+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:50.167527+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:50.288576+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:50.408727+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:50.649171+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:50.769201+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:51.616309+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:52.340135+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:52.579956+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:52.579956+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:53.420201+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:54.140325+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:54.380542+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:54.620354+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:54.740366+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:55.100424+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:56.662208+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:56.782385+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:23:58.981690+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:00.866230+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:00.986023+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:01.228513+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:02.353898+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:02.593554+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:03.023903+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:03.143731+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:03.362236+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:03.961449+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:04.202541+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:04.924723+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:05.046909+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849985147.185.221.2227556TCP
                                        2024-12-16T07:24:07.833839+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:07.833839+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:08.313915+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:08.434571+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:08.973059+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:09.867806+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:11.764889+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:11.884788+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:12.138227+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:12.258353+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:12.990032+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:13.922020+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:14.498610+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:14.618504+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:15.339711+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:16.302206+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:16.782346+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:17.142288+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:17.502382+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:17.862267+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:18.103275+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:18.944300+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:18.944300+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:20.506765+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:20.986632+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:22.194822+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:22.434663+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:22.674520+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:22.794646+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:23.396463+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:23.517156+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:23.636928+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:25.854003+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:27.830321+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849986147.185.221.2227556TCP
                                        2024-12-16T07:24:31.865537+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:31.865537+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:32.946631+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:33.066614+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:33.352307+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:33.472276+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:34.025386+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:34.624863+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:35.359357+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:35.974541+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:36.094467+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:36.619044+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:37.698630+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:37.818383+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:38.537101+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:38.656906+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:38.776767+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:39.224813+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:39.344759+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:39.464652+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:40.434574+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:41.882321+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:42.255603+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:43.236416+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:43.358095+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:43.612775+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:43.735798+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:43.960386+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:44.080892+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:44.201958+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:44.618687+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:44.739468+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:44.965932+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:45.087731+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.849987147.185.221.2227556TCP
                                        2024-12-16T07:24:45.567803+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.849987147.185.221.2227556TCP

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Dec 16, 2024 07:20:55.443207026 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:20:55.563308954 CET2755649708147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:20:55.563474894 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:20:55.680744886 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:20:55.800652981 CET2755649708147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:20:55.801206112 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:20:55.920953989 CET2755649708147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:01.321696997 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:01.555198908 CET2755649708147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:17.465934992 CET2755649708147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:17.466084957 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:19.475898027 CET4970827556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:19.477762938 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:19.595788956 CET2755649708147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:19.597454071 CET2755649713147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:19.597557068 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:19.600549936 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:19.720760107 CET2755649713147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:19.720916033 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:19.841087103 CET2755649713147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:25.979934931 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:26.100028038 CET2755649713147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:41.508599997 CET2755649713147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:41.510878086 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:43.520055056 CET4971327556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:43.521471024 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:43.640014887 CET2755649713147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:43.641254902 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:43.641352892 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:43.644546986 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:43.764302015 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:43.764477015 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:43.884234905 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:45.617352962 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:45.737987995 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:48.036003113 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:48.155755043 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:50.145013094 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:50.264729977 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:55.989001989 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:56.108997107 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:56.207745075 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:56.327399015 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:57.082446098 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:57.202421904 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:57.207473040 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:57.327347040 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:57.646153927 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:57.766014099 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:57.766083002 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:57.885819912 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:57.885910034 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.005747080 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.005844116 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.125622034 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.125683069 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.245415926 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.245477915 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.365340948 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.365468979 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.485205889 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.485287905 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.605003119 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.605214119 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.740256071 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.740331888 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.860379934 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.860465050 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:58.980211020 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:58.980367899 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.100393057 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.100542068 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.220441103 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.220592976 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.340398073 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.340470076 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.460355997 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.460464001 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.580279112 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.580363035 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.700278997 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.700423002 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.820681095 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.822329998 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:21:59.942771912 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:21:59.944710970 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.064681053 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.064949989 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.184731007 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.184799910 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.304560900 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.304661036 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.424541950 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.424873114 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.544601917 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.544680119 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.667210102 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.667320967 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.787071943 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.787123919 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:00.906949043 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:00.907124043 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.026882887 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.026968002 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.146716118 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.146853924 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.266575098 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.266647100 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.386356115 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.386416912 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.506227016 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.507535934 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.627448082 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.628669024 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:01.748406887 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:01.930352926 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.050040007 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.052670002 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.172367096 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.172425985 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.292227983 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.292314053 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.412214041 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.412305117 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.532001972 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.532119036 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.651855946 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.652667046 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.772449017 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.772524118 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:02.892580032 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:02.892666101 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.012434959 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.012514114 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.132263899 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.132375002 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.252185106 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.255111933 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.374886036 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.375598907 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.495371103 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.495434999 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.615330935 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.616966963 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.736721039 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.736802101 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.856509924 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.858843088 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:03.978785992 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:03.978910923 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.098882914 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.098951101 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.219336033 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.219516039 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.339396954 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.339456081 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.460190058 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.462866068 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.582568884 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.582894087 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.702640057 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.702833891 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.822678089 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.822774887 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:04.942569971 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:04.942712069 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.062632084 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.062697887 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.182368994 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.182439089 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.302138090 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.302273989 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.421945095 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.422017097 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.541764021 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.541944027 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.555926085 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.556082010 CET4973127556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:05.661613941 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:05.675796032 CET2755649731147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:07.569138050 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:07.688819885 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:07.688946962 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:07.697712898 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:07.817461967 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:07.817531109 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:07.937272072 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:07.937376976 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.057087898 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.057365894 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.177064896 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.177170038 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.296931028 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.297022104 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.416826963 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.416992903 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.536716938 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.536787987 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.656541109 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.656672955 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.776464939 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.776658058 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:08.897053003 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:08.897146940 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.016853094 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.016930103 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.136636019 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.136703968 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.256472111 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.256594896 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.376383066 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.376523018 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.496361017 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.496480942 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.616277933 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.616374969 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.736555099 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.736629009 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.856439114 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.856568098 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:09.976491928 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:09.976562977 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.096524954 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.096616030 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.217168093 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.217314959 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.337620020 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.337693930 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.459738016 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.480173111 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.599980116 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.600078106 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.720050097 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.872018099 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:10.991890907 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:10.991986990 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.112987041 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.113049984 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.232930899 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.233016968 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.353039026 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.353113890 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.474366903 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.474431038 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.594271898 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.594350100 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.714158058 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.714232922 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.833949089 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.836668968 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:11.956458092 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:11.956643105 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.076375961 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.076482058 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.196358919 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.196594954 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.316447020 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.316638947 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.436444044 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.436528921 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.556457996 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.556662083 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.676794052 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.680685997 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.800518990 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.800615072 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:12.920383930 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:12.920510054 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:13.040297985 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:13.040406942 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:13.160135984 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:13.265595913 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:13.385361910 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:13.385426044 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:13.505151987 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:13.946964025 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.066605091 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.066705942 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.186342001 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.186408997 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.306040049 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.376435041 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.496099949 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.496160030 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.615876913 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.615956068 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.735765934 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.735831022 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.855694056 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.855771065 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:14.975471973 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:14.976629972 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.096478939 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.096600056 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.216352940 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.216573954 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.336262941 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.336366892 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.456146955 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.456657887 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.576455116 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.576612949 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.696402073 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.696474075 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.816191912 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.816263914 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:15.936017036 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:15.936147928 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:16.055882931 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:16.132468939 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:16.252269030 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:16.252407074 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:16.372401953 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:16.745739937 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:16.866127014 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:16.866204023 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:16.986083984 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:16.986177921 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.106396914 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.106570005 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.226644993 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.226728916 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.347476006 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.347598076 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.467422009 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.467557907 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.587258101 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.587338924 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.707077026 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.707379103 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.827374935 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.828773975 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:17.948462009 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:17.948607922 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.068347931 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.068454981 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.188720942 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.188792944 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.308604956 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.308718920 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.428456068 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.428778887 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.549678087 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.552629948 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.672494888 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.672707081 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.792444944 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.792596102 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:18.912489891 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:18.912575960 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.032305956 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.032361984 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.152461052 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.152601957 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.272277117 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.272349119 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.392076969 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.392201900 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.512132883 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.512244940 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.632030964 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.636127949 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.755954027 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.756077051 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.875791073 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.877302885 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:19.997066021 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:19.999176025 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.118922949 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.118987083 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.238804102 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.238874912 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.358797073 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.362890005 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.482620001 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.482745886 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.602581024 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.602801085 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.722573042 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.722731113 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.842641115 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.842714071 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:20.962498903 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:20.962609053 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.082309008 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.082408905 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.202220917 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.202292919 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.322112083 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.322220087 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.442018032 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.442101955 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.561836004 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.561916113 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.681704998 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.681782007 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.801503897 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.804656029 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:21.924446106 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:21.924670935 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.044455051 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.044611931 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.164586067 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.166461945 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.287458897 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.290750980 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.410650969 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.410794973 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.531111002 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.531191111 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.650935888 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.655165911 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.775511026 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.775604963 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:22.895479918 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:22.895628929 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:23.016288042 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:23.016432047 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:23.136203051 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:23.136322021 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:23.256102085 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:23.256205082 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:23.416743040 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:23.416816950 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:23.621539116 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:23.621649981 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:23.864500999 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:23.864645004 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:24.104861975 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:24.105011940 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:24.463409901 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:24.463490009 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:24.704556942 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:24.704628944 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:24.944602013 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:24.948640108 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:25.188574076 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:25.191229105 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:25.432738066 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:25.432806969 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:25.672547102 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:25.675189018 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:25.916613102 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:25.916753054 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:26.156601906 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:26.156754017 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:26.397391081 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:26.397464991 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:26.644542933 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:26.644651890 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:26.884548903 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:26.886748075 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:27.128576040 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:27.131175995 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:27.372785091 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:27.373029947 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:27.620616913 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:27.620717049 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:27.860567093 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:27.860749960 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:28.100644112 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:28.100750923 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:28.344707012 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:28.344861031 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:28.588597059 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:28.588660002 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:28.832931995 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:28.833093882 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:29.076625109 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:29.076709986 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:29.318289995 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:29.318362951 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:29.561006069 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:29.561115026 CET4978527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:29.605418921 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:29.681370974 CET2755649785147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:31.615861893 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:31.735619068 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:31.735702038 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:31.749408960 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:31.869215012 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:31.869313002 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:31.989083052 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:31.989212990 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.109086990 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.109246016 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.229012012 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.229599953 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.349391937 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.349781036 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.469579935 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.469790936 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.589917898 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.590089083 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.709810019 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.709959030 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.829647064 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.830239058 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:32.950016975 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:32.950120926 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.069911957 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.070044041 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.189852953 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.190035105 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.309801102 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.309927940 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.429722071 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.429836988 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.549585104 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.549669981 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.669855118 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.669977903 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.789731979 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.789849043 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:33.909553051 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:33.909734011 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.029494047 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.029582024 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.149251938 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.149466991 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.269279957 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.270126104 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.389880896 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.390043974 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.509762049 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.509835958 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.629559994 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.629686117 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.749610901 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.749731064 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.869415045 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.869673014 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:34.989305973 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:34.989366055 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.109184980 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.109247923 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.229113102 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.229232073 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.348958015 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.349092960 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.468811989 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.468893051 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.588665962 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.588751078 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.708472967 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.735826969 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.855518103 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.855588913 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:35.975318909 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:35.975519896 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.095272064 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.095407963 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.215198040 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.219449043 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.339250088 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.339382887 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.463148117 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.466989994 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.586725950 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.588280916 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.708184958 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.708468914 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.828278065 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.828777075 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:36.948779106 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:36.949017048 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.068983078 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.069179058 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.188949108 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.189096928 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.308806896 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.309058905 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.428852081 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.428930044 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.548835993 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.548899889 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.668694019 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.668766022 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.788590908 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.788754940 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:37.908550024 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:37.908699989 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.028603077 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.028738022 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.148451090 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.148523092 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.268295050 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.268457890 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.388212919 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.388343096 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.508028984 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.508117914 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.627804995 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.627883911 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.747706890 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.747870922 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.867733002 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.867793083 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:38.987535954 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:38.987714052 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.109574080 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.109730005 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.229374886 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.229489088 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.349224091 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.350104094 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.470125914 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.470469952 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.590233088 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.590332031 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.709995031 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.710062027 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.829849005 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.829973936 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:39.949794054 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:39.950061083 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.069953918 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.070111990 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.189874887 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.189954996 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.309863091 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.309935093 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.429863930 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.429943085 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.549688101 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.549781084 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.669475079 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.669678926 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.789657116 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.789951086 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:40.910396099 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:40.910546064 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:41.031405926 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:41.031497955 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:41.151935101 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:41.152025938 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:41.371258020 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:41.371340036 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:41.492793083 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:41.492891073 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:41.613461018 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.111475945 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:42.231376886 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.231518030 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:42.351300001 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.351408005 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:42.472681999 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.472757101 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:42.592720985 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.592839003 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:42.712527037 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.859339952 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:42.978986979 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:42.979233980 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:43.098927975 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:43.099087000 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:43.218717098 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:43.219887972 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:43.339504957 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:43.572614908 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:43.692379951 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:43.694686890 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:43.814580917 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:43.820653915 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:43.940428972 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:43.940574884 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:44.060507059 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:44.060619116 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:44.180365086 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:44.305248976 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:44.424927950 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:44.425023079 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:44.544806957 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.030425072 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.150197983 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.150273085 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.270041943 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.270106077 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.389873028 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.389997959 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.511054993 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.511152983 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.630893946 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.630963087 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.750745058 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.750837088 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.870578051 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.872632980 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:45.992429018 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:45.995326996 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.115083933 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.115176916 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.234869003 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.234947920 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.354665041 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.355031013 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.474777937 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.479449034 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.599208117 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.599273920 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.719019890 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.719630003 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.839354992 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.839437962 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:46.959217072 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:46.959305048 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:47.079123974 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:47.079282999 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:47.199322939 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:47.468358994 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:47.588201046 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:47.703855038 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:47.824266911 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:47.838516951 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:47.959000111 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:47.959290981 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.080959082 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.081168890 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.201718092 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.201792002 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.321568966 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.321703911 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.441602945 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.441673040 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.561846018 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.562439919 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.682271004 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.682677031 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.802541971 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.802665949 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:48.922993898 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:48.923624039 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.043361902 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.043464899 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.163228035 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.163636923 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.283405066 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.283981085 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.404335976 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.404624939 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.524383068 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.526616096 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.688808918 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.688864946 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:49.888993979 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:49.889169931 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:50.133018970 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:50.133147001 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:50.376902103 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:50.377055883 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:50.616897106 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:50.617001057 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:50.860924959 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:50.861047983 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:51.100970984 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:51.101144075 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:51.345027924 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:51.345148087 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:51.588879108 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:51.589324951 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:51.833250999 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:51.833338022 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:52.076850891 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:52.077382088 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:52.324860096 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:52.324937105 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:52.564870119 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:52.565049887 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:52.809942007 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:52.810170889 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:53.054436922 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:53.054636955 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:53.296933889 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:53.297527075 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:53.541807890 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:53.542085886 CET4984027556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:53.639374971 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:53.663337946 CET2755649840147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:55.646374941 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:55.766211987 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:55.766311884 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:55.769563913 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:55.889271975 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:55.889410973 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.009227991 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.009386063 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.129266977 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.129348993 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.249355078 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.249428034 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.369261026 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.369345903 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.489360094 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.489763021 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.610105991 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.638792992 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.758570910 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.758698940 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:56.878484964 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:56.880583048 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.000303030 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.000544071 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.120699883 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.120795965 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.240679026 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.240962982 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.360815048 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.363105059 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.483158112 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.484600067 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.604285002 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.604363918 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.724126101 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.728611946 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.848464012 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.849410057 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:57.969234943 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:57.969300032 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.089077950 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.089225054 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.209043980 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.209142923 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.329008102 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.329183102 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.449354887 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.449533939 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.569348097 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.569448948 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.689189911 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.689273119 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.809094906 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.809165955 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:58.928931952 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:58.932559967 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.052323103 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.052619934 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.172477961 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.176595926 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.296422958 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.296546936 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.416280031 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.416390896 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.536153078 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.536331892 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.656177998 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.656527996 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.776279926 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.776402950 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:22:59.896106005 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:22:59.896194935 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.016069889 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.016134024 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.137151957 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.137382030 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.257431984 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.257556915 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.377430916 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.377531052 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.497308016 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.497383118 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.617182016 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.617244959 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.737040043 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.737169981 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.857090950 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.857240915 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:00.977092028 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:00.977176905 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.097059965 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.097219944 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.217240095 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.217313051 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.337188959 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.337325096 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.457195044 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.457269907 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.577117920 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.577184916 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.696938992 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.697083950 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.816844940 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.816983938 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:01.938565969 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:01.938648939 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:02.058696032 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:02.058779955 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:02.179725885 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:02.179843903 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:02.299639940 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:02.299721003 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:02.419790983 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:02.994297981 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.114187956 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.114247084 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.234035969 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.234124899 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.354197025 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.354348898 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.474118948 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.474262953 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.594332933 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.594417095 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.714138985 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.714224100 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.834218025 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.834280968 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:03.954037905 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:03.954154968 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.073952913 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.074058056 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.193830967 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.193902969 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.313931942 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.314083099 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.434281111 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.434351921 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.554094076 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.554166079 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.673927069 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.674581051 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.794410944 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.794528961 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:04.914339066 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:04.914427996 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.034406900 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.034475088 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.154294968 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.154423952 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.274194002 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.274305105 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.394232988 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.394301891 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.514110088 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.514236927 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.634161949 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.634229898 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.754019976 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.754143953 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.873873949 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.873959064 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:05.993788958 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:05.993891954 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.113670111 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.116564989 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.236325026 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.236424923 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.356452942 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.356544971 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.476670027 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.480411053 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.600277901 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.600568056 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.720356941 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.720448017 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.840358973 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.840447903 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:06.960392952 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:06.960464954 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:07.080733061 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:07.080837965 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:07.202449083 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:07.751837969 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:07.871644974 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:07.899048090 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.018767118 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.018822908 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.138592005 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.138663054 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.258373022 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.258505106 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.378350973 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.378575087 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.498570919 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.498656034 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.618496895 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.618575096 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.738511086 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.738584042 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:08.858321905 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:08.858511925 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.040750027 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.043435097 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.280210972 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.282587051 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.402439117 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.402532101 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.522284985 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.522401094 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.642080069 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.642159939 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.761885881 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.762773037 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:09.882594109 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:09.886549950 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:10.007385015 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:10.007469893 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:10.127262115 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:10.674196005 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:10.793956041 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:10.794024944 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:10.913849115 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:10.913913965 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.033787012 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.033948898 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.153757095 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.153887033 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.273725033 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.273871899 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.393601894 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.393670082 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.513384104 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.513449907 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.633198977 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.633316040 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.753206968 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.753324986 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.873064041 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.873187065 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:11.992825985 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:11.993125916 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.113070011 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.113132000 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.232969046 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.236572027 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.356467009 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.356556892 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.477324009 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.480578899 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.600374937 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.600523949 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.761353970 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.793327093 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:12.993179083 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:12.993314028 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:13.233179092 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:13.524252892 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:13.644069910 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:13.644217968 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:13.763886929 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:13.763952017 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:13.883753061 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:13.883824110 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.003592014 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.003766060 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.123508930 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.123580933 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.243386984 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.243506908 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.363573074 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.363653898 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.483421087 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.483639956 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.603446007 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.603570938 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.723390102 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.723464012 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.843465090 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.843631029 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:14.963419914 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:14.964567900 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:15.084353924 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:15.084422112 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:15.204336882 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:15.204453945 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:15.324229002 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:15.324328899 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:15.444945097 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:15.445013046 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:15.606165886 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:15.608565092 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:15.813386917 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:15.816518068 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:16.057195902 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:16.057291985 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:16.301882029 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:16.302071095 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:16.545284033 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:16.545450926 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:16.789222002 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:16.789311886 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:17.037220955 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:17.038225889 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:17.281155109 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:17.284569979 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:17.525314093 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:17.527896881 CET4989627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:17.674241066 CET2755649896147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:19.678363085 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:19.798388958 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:19.799129009 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:19.801791906 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:19.921561003 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:19.922452927 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.042246103 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.042371988 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.162158012 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.162386894 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.282390118 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.282561064 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.402472973 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.402940035 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.522670031 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.522804022 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.642514944 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.642672062 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.762528896 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.762664080 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:20.882503986 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:20.882662058 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.002607107 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.002836943 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.122613907 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.122764111 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.363396883 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.363662004 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.483721018 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.484006882 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.604048014 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.604312897 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.724484921 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.724606037 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.844310999 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.844419003 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:21.964140892 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:21.964409113 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.084386110 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.084501028 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.204354048 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.204560041 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.324351072 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.324594975 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.444446087 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.444693089 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.564524889 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.564661980 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.684533119 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.684823036 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.805145979 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.805350065 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:22.925146103 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:22.925296068 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.046137094 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.046252012 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.166101933 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.166625023 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.286456108 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.286676884 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.406565905 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.406825066 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.526745081 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.526813984 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.646748066 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.647119999 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.767355919 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.767570019 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:23.887392044 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:23.887814045 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.007927895 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.008150101 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.128323078 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.128514051 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.248686075 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.248791933 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.368726015 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.368974924 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.488816023 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.488904953 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.610761881 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.611336946 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.731131077 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.731343031 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.851056099 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.851337910 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:24.971009016 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:24.971340895 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.091233969 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.091309071 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.211240053 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.211333990 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.331257105 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.331331968 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.451190948 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.451337099 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.571135998 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.571336985 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.691102982 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.691241980 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.811043978 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.811223984 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:25.930972099 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:25.931341887 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.051110029 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.051336050 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.171251059 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.179728031 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.299587011 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.299896002 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.420936108 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.421122074 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.540843010 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.541052103 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.660743952 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.660932064 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.781574965 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.781649113 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:26.901504993 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:26.901624918 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.021378040 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.021605015 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.141791105 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.141875029 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.261862040 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.261996984 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.381828070 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.381899118 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.501708984 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.501924038 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.621803045 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.623178959 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.744499922 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.744574070 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:27.864451885 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:27.943427086 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:28.065215111 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:28.065320969 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:28.185398102 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:28.730742931 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:28.851676941 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:28.851864100 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:28.971688986 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:28.972228050 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.091949940 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.092065096 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.211788893 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.215348959 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.335143089 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.336580038 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.456402063 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.456604958 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.576414108 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.580512047 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.701029062 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.704612970 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.824409008 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.824985981 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:29.944745064 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:29.944829941 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.064564943 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.064851999 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.184575081 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.184927940 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.305782080 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.305900097 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.425890923 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.426068068 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.545747042 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.545895100 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.665623903 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.665688038 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.785500050 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.785557985 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:30.905422926 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:30.970774889 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:31.091116905 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:31.091188908 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:31.210983992 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:31.595376968 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:31.715138912 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:31.715234041 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:31.834927082 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:31.835087061 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:31.954860926 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:31.955010891 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.074852943 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.074918985 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.194642067 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.195044041 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.314867020 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.314939976 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.434864998 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.434943914 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.554706097 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.554971933 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.674806118 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.674890041 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:32.794707060 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:32.794855118 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.031152964 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.036184072 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.159517050 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.159953117 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.279629946 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.279787064 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.399580956 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.399755001 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.520975113 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.526185036 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.645879984 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.648533106 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.768254995 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.768522024 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:33.888251066 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:33.888535976 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.008482933 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.008593082 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.128452063 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.128528118 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.248420000 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.248692036 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.368452072 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.368575096 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.488306999 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.488439083 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.608541012 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.608728886 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.728629112 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.728907108 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.848695040 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.848850012 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:34.968565941 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:34.969536066 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:35.089607954 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:35.090502977 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:35.254409075 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:35.255340099 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:35.461590052 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:35.462739944 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:35.709485054 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:35.710963011 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:35.957381964 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:35.957503080 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:36.205722094 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:36.205902100 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:36.453402996 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:36.453495979 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:36.697360039 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:36.697452068 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:36.941345930 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:36.941483021 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:37.185539007 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:37.185625076 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:37.433389902 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:37.433572054 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:37.681484938 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:37.681648016 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:37.929430008 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:37.929555893 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:38.177345991 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:38.177504063 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:38.421742916 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:38.422276020 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:38.669435978 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:38.669703007 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:38.917506933 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:38.917794943 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:39.165458918 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:39.165688038 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:39.413400888 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:39.413489103 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:39.657344103 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:39.657440901 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:39.901515007 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:39.902225018 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:40.149529934 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:40.151338100 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:40.397407055 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:40.398668051 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:40.645389080 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:40.645468950 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:40.889508009 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:40.892503977 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:41.137412071 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:41.137581110 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:41.381386042 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:41.381479979 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:41.626492023 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:41.626900911 CET4995227556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:41.674329042 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:41.746591091 CET2755649952147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:43.677524090 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:43.797660112 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:43.797812939 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:43.804052114 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:43.924554110 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:43.924647093 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.045253038 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.045391083 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.165318966 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.165378094 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.285219908 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.285290956 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.405141115 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.405280113 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.525202990 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.525274992 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.645108938 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.645282030 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.765064955 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.765209913 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:44.885087967 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:44.885231972 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.005038977 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.005122900 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.125093937 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.125154018 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.245042086 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.245125055 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.365039110 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.365197897 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.485119104 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.485300064 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.605150938 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.605298996 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.725328922 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.725408077 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.845211029 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.845330954 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:45.965203047 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:45.965267897 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.085094929 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.085238934 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.205148935 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.205276966 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.325129032 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.325201035 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.445257902 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.445337057 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.565943956 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.566102028 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.685977936 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.686105967 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.805979013 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.806052923 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:46.926139116 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:46.926192999 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.045962095 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.046030045 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.166068077 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.166182995 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.286338091 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.286458015 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.406722069 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.406860113 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.526492119 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.526618004 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.646306992 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.646382093 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.766159058 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.766232014 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:47.886104107 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:47.886226892 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.005960941 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.006056070 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.125972033 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.126113892 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.245847940 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.245984077 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.365691900 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.365781069 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.485784054 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.485873938 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.605911970 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.605989933 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.725945950 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.726054907 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.845921993 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.846105099 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:48.966701984 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:48.966798067 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.086709976 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.086904049 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.206870079 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.207062960 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.326981068 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.327091932 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.446937084 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.447031975 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.566838026 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.566903114 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.686857939 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.687012911 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.806976080 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.807154894 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:49.927468061 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:49.927534103 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.047347069 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.047441006 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.167453051 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.167526960 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.288419962 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.288575888 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.408642054 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.408726931 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.528987885 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.529138088 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.649060965 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.649171114 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.769088984 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.769201040 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:50.889071941 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:50.889163971 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.009243965 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.009444952 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.129498959 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.129645109 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.249968052 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.252460003 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.372982979 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.376466990 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.496207952 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.496282101 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.616149902 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.616308928 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.736110926 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.736475945 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.856321096 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.856515884 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:51.976500034 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:51.980542898 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.100358009 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.100420952 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.220201969 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.220269918 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.340035915 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.340135098 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.460038900 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.460140944 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.579891920 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.579956055 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.699702024 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.699821949 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.819736958 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.819806099 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:52.939773083 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:52.939904928 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.059894085 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.060024023 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.180003881 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.180190086 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.300179005 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.300265074 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.420111895 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.420201063 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.540046930 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.540195942 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.660109997 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.660227060 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.780092001 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.780234098 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:53.900089979 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:53.900257111 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.020190954 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.020273924 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.140192032 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.140325069 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.260493040 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.260627031 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.380448103 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.380542040 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.500349998 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.500514030 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.620279074 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.620353937 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.740272999 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.740365982 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.860256910 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.860394955 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:54.980320930 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:54.980437994 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.100339890 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.100424051 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.220550060 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.220705986 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.340831995 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.340980053 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.461147070 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.461277008 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.581229925 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.581357002 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.701184034 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.701370001 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.821387053 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.821474075 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:55.941376925 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:55.941478014 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.061640024 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.061733007 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.181761980 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.181896925 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.301814079 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.301918030 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.421822071 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.421966076 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.542139053 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.542321920 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.662131071 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.662208080 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.782288074 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.782385111 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:56.902285099 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:56.902367115 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.022356033 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.022433043 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.144347906 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.144448996 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.264372110 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.264513016 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.385329962 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.385466099 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.545795918 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.545859098 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.749696970 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.749778986 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:57.997695923 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:57.997869968 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:58.245570898 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:58.245659113 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:58.489636898 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:58.489727020 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:58.737576008 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:58.737759113 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:58.981622934 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:58.981689930 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:59.225822926 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:59.226010084 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:59.473706961 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:59.473793983 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:59.722006083 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:59.722187042 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:23:59.969682932 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:23:59.969846964 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:00.217737913 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:00.217843056 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:00.626317978 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:00.626431942 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:00.746186018 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:00.746273041 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:00.866144896 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:00.866230011 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:00.985953093 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:00.986022949 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.105761051 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.108479023 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.228214025 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.228513002 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.348268032 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.348424911 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.468305111 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.468420029 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.588327885 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.588407993 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.708283901 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.709160089 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.828978062 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.830497980 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:01.950279951 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:01.950995922 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:02.070736885 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:02.070812941 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:02.190675020 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:02.190784931 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:02.310667038 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:02.353898048 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:02.473675013 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:02.473754883 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:02.593460083 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:02.593554020 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:02.753983974 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.023902893 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.143673897 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.143731117 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.263564110 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.362236023 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.481916904 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.481998920 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.601691961 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.601823092 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.721537113 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.721683979 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.841375113 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.841459036 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:03.961366892 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:03.961448908 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.081312895 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.082612991 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.202373981 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.202541113 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.322321892 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.322556973 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.442325115 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.442514896 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.562211990 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.562305927 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.682053089 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.682185888 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.802987099 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.803716898 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:04.923448086 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:04.924722910 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:05.044455051 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:05.046909094 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:05.209667921 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:05.209810019 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:05.409665108 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:05.409737110 CET4998527556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:05.653747082 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:05.691107988 CET2755649985147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:07.709300041 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:07.829125881 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:07.831011057 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:07.833838940 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:07.954086065 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:07.955061913 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:08.075644970 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:08.075738907 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:08.195755005 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:08.313915014 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:08.434158087 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:08.434571028 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:08.554394960 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:08.973058939 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:09.092961073 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:09.093056917 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:09.410190105 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:09.625602007 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:09.625628948 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:09.625792027 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:09.745611906 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:09.745685101 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:09.865571976 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:09.867805958 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:09.987497091 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:09.987597942 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.107264996 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.108422995 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.228166103 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.228240967 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.348050117 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.348603964 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.468226910 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.468498945 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.588164091 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.588587046 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.708223104 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.708493948 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.828341007 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.828464031 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:10.948292971 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:10.948477983 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:11.068234921 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:11.764889002 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:11.884680033 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:11.884788036 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.004715919 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.004816055 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.124562979 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.138226986 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.258255005 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.258352995 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.381213903 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.384505987 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.504770994 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.504870892 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.626050949 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.628479958 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.748364925 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.748570919 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.868391037 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.868957043 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:12.988782883 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:12.990031958 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:13.110059023 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:13.110632896 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:13.230663061 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:13.230756998 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:13.350415945 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:13.350562096 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:13.470453978 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:13.470567942 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:13.590476036 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:13.590578079 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:13.921933889 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:13.922019958 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:14.042213917 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:14.498610020 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:14.618448973 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:14.618504047 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:14.739716053 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:14.739873886 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:14.859648943 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:14.859745026 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:14.979584932 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:14.979665995 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.099560022 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.099869013 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.219676971 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.219762087 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.339541912 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.339710951 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.459476948 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.459553957 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.579374075 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.579536915 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.700376987 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.700562954 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.820458889 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.820636988 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:15.940465927 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:15.940581083 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.061151981 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.062000036 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.182152987 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.182229042 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.302102089 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.302206039 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.422046900 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.422193050 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.542097092 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.542179108 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.662071943 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.662190914 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.782218933 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.782346010 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:16.902287960 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:16.902441025 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.022275925 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.022362947 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.142190933 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.142287970 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.262090921 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.262176037 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.382044077 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.382217884 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.502137899 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.502382040 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.622165918 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.622354984 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.742089987 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.742310047 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.862198114 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.862267017 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:17.982969999 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:17.983055115 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.103096962 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.103275061 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.223237038 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.223517895 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.343441010 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.343599081 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.463548899 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.463814020 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.583720922 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.584129095 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.704044104 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.704227924 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.824295998 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.824374914 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:18.944166899 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:18.944299936 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.065253019 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.065426111 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.185249090 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.185745955 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.305697918 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.305847883 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.425817966 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.426013947 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.545977116 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.546277046 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.665997028 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.666112900 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.785839081 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.785926104 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:19.905668020 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:19.906120062 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.025929928 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.026113033 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.146070004 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.146596909 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.266504049 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.266654968 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.386661053 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.386966944 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.506709099 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.506764889 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.626532078 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.626723051 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.746562004 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.746707916 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.866446972 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.866575003 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:20.986305952 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:20.986632109 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.106620073 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.106690884 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.226485014 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.226640940 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.346427917 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.346515894 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.473556042 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.473740101 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.593564034 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.593693972 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.713424921 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.713501930 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.833266020 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.833555937 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:21.954730034 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:21.954871893 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.074661970 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.074736118 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.194638968 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.194822073 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.314654112 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.314789057 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.434602022 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.434663057 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.554496050 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.554568052 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.674310923 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.674520016 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.794367075 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.794646025 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:22.914391041 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:22.914475918 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.034249067 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.034508944 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.154290915 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.154599905 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.274267912 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.276551962 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.396306992 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.396462917 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.517019033 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.517155886 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.636878967 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.636928082 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.756750107 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.756915092 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:23.876602888 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:23.880522013 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:24.000322104 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:24.000456095 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:24.162029982 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:24.162190914 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:24.375608921 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:24.375730038 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:24.621795893 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:24.621967077 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:24.865976095 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:24.866111040 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:25.113964081 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:25.114044905 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:25.357898951 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:25.358120918 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:25.605945110 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:25.606162071 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:25.853777885 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:25.854002953 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:26.097791910 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:26.097922087 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:26.341824055 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:26.342025995 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:26.586585045 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:26.586693048 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:26.833899975 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:26.834131956 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:27.082269907 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:27.082345963 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:27.330105066 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:27.330285072 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:27.581970930 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:27.582050085 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:27.829916954 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:27.830321074 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:28.077867031 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:28.078083038 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:28.325823069 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:28.325944901 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:28.570040941 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:28.570194006 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:28.817819118 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:28.817900896 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:29.062002897 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:29.062097073 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:29.310134888 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:29.310256958 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:29.557966948 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:29.558105946 CET4998627556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:29.722578049 CET2755649986147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:31.740235090 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:31.860192060 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:31.860315084 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:31.865536928 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:31.985445023 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:31.985517979 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.106884003 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.107016087 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.226912975 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.227015972 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.346831083 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.346910954 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.466712952 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.466845036 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.586764097 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.586838961 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.706630945 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.706744909 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.826515913 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.826664925 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:32.946554899 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:32.946630955 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:33.066544056 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:33.066613913 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:33.186439991 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:33.352307081 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:33.472198963 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:33.472275972 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:33.592246056 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.025386095 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.145230055 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.145298004 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.265083075 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.265192032 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.385050058 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.385152102 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.504914045 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.504997015 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.624788046 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.624862909 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.747370005 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.747509956 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.867403030 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.867553949 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:34.987507105 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:34.987615108 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.107613087 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.107717037 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.227607012 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.227677107 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.347604036 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.359357119 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.479172945 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.479273081 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.599045038 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.599198103 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.719016075 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.719146967 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.838926077 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.839035988 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:35.958842039 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:35.974540949 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:36.094377995 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:36.094466925 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:36.214339018 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:36.619044065 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:36.738765955 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:36.738850117 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:36.858624935 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:36.858689070 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:36.978364944 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:36.978425026 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.098053932 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.098114967 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.217772961 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.217845917 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.337500095 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.337631941 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.458775997 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.458909035 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.578628063 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.578783989 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.698503017 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.698630095 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.818331957 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.818382978 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:37.938040018 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:37.938182116 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.057858944 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.057991982 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.177638054 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.177791119 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.297461033 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.297595978 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.417299986 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.417377949 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.537030935 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.537101030 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.656836033 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.656905890 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.776655912 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:38.776767015 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:38.898339987 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.224812984 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:39.344672918 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.344758987 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:39.464579105 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.464652061 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:39.584419012 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.584568977 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:39.704313993 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.704397917 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:39.824235916 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.824311972 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:39.944021940 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:39.944113016 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.063952923 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.064039946 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.184092045 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.186793089 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.307634115 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.310878038 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.430727959 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.434573889 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.554426908 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.555437088 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.675214052 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.675899029 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.795768976 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.798429966 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:40.918236017 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:40.919711113 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.039417028 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.042490005 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.162190914 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.162302971 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.282104969 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.282167912 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.402014971 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.402139902 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.522006989 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.522102118 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.642093897 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.642235994 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.762192965 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.762384892 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:41.882239103 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:41.882320881 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.002254009 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.002351046 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.122169971 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.122225046 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.242242098 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.255603075 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.375324965 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.375509024 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.495332003 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.495398998 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.615331888 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.615391970 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.735243082 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.735361099 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.855217934 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.855459929 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:42.975462914 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:42.975573063 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:43.095547915 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:43.095763922 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:43.215698004 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:43.236416101 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:43.356339931 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:43.358094931 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:43.477883101 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:43.612775087 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:43.732626915 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:43.735797882 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:43.855783939 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:43.960386038 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:44.080396891 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:44.080892086 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:44.200706959 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:44.201957941 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:44.321830988 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:44.618686914 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:44.738554955 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:44.739468098 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:44.859323025 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:44.965931892 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.085676908 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.087730885 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.207617044 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.207768917 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.327640057 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.327713013 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.447581053 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.447715998 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.567645073 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.567802906 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.687691927 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.687839031 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.807689905 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.807869911 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:45.927634001 CET2755649987147.185.221.22192.168.2.8
                                        Dec 16, 2024 07:24:45.927699089 CET4998727556192.168.2.8147.185.221.22
                                        Dec 16, 2024 07:24:46.047467947 CET2755649987147.185.221.22192.168.2.8

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Dec 16, 2024 07:20:55.172748089 CET5458553192.168.2.81.1.1.1
                                        Dec 16, 2024 07:20:55.440257072 CET53545851.1.1.1192.168.2.8

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Dec 16, 2024 07:20:55.172748089 CET192.168.2.81.1.1.10xca73Standard query (0)learn-rage.gl.at.ply.ggA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Dec 16, 2024 07:20:55.440257072 CET1.1.1.1192.168.2.80xca73No error (0)learn-rage.gl.at.ply.gg147.185.221.22A (IP address)IN (0x0001)false

                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:01:20:39
                                        Start date:16/12/2024
                                        Path:C:\Users\user\Desktop\Minet.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\Desktop\Minet.exe"
                                        Imagebase:0xc0000
                                        File size:37'888 bytes
                                        MD5 hash:266DAB6809FCC7A59F79A36EDFFF6682
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                        • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1674915520.00000000000C2000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:2
                                        Start time:01:20:45
                                        Start date:16/12/2024
                                        Path:C:\Users\user\AppData\Local\Temp\server.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\Temp\server.exe"
                                        Imagebase:0x170000
                                        File size:37'888 bytes
                                        MD5 hash:266DAB6809FCC7A59F79A36EDFFF6682
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000002.00000002.4133641475.0000000002761000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Joe Security
                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: unknown
                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Brian Wallace @botnet_hunter
                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                        Antivirus matches:
                                        • Detection: 100%, Avira
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 92%, ReversingLabs
                                        Reputation:low
                                        Has exited:false

                                        General

                                        Target ID:3
                                        Start time:01:20:52
                                        Start date:16/12/2024
                                        Path:C:\Windows\SysWOW64\netsh.exe
                                        Wow64 process (32bit):true
                                        Commandline:netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
                                        Imagebase:0x15c0000
                                        File size:82'432 bytes
                                        MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:4
                                        Start time:01:20:52
                                        Start date:16/12/2024
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff6ee680000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        General

                                        Target ID:8
                                        Start time:01:21:00
                                        Start date:16/12/2024
                                        Path:C:\Users\user\AppData\Local\Temp\server.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\Temp\server.exe" ..
                                        Imagebase:0x1a0000
                                        File size:37'888 bytes
                                        MD5 hash:266DAB6809FCC7A59F79A36EDFFF6682
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:9
                                        Start time:01:21:09
                                        Start date:16/12/2024
                                        Path:C:\Users\user\AppData\Local\Temp\server.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\Temp\server.exe" ..
                                        Imagebase:0x9e0000
                                        File size:37'888 bytes
                                        MD5 hash:266DAB6809FCC7A59F79A36EDFFF6682
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        General

                                        Target ID:10
                                        Start time:01:21:17
                                        Start date:16/12/2024
                                        Path:C:\Users\user\AppData\Local\Temp\server.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\Temp\server.exe" ..
                                        Imagebase:0x5b0000
                                        File size:37'888 bytes
                                        MD5 hash:266DAB6809FCC7A59F79A36EDFFF6682
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:low
                                        Has exited:true

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:8.7%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:37
                                          Total number of Limit Nodes:1
                                          execution_graph 1620 6ba462 1621 6ba486 RegSetValueExW 1620->1621 1623 6ba507 1621->1623 1624 6ba361 1625 6ba392 RegQueryValueExW 1624->1625 1627 6ba41b 1625->1627 1640 6baa07 1641 6baa3e CopyFileW 1640->1641 1643 6baa8e 1641->1643 1592 6ba646 1593 6ba67e CreateMutexW 1592->1593 1595 6ba6c1 1593->1595 1596 6ba8c6 1599 6ba8ef SetFileAttributesW 1596->1599 1598 6ba90b 1599->1598 1600 6bac46 1601 6bac6c ShellExecuteExW 1600->1601 1603 6bac88 1601->1603 1632 6ba8a4 1634 6ba8c6 SetFileAttributesW 1632->1634 1635 6ba90b 1634->1635 1636 6bac24 1638 6bac46 ShellExecuteExW 1636->1638 1639 6bac88 1638->1639 1608 6ba2fe 1609 6ba32a SetErrorMode 1608->1609 1610 6ba353 1608->1610 1611 6ba33f 1609->1611 1610->1609 1612 6baa3e 1615 6baa67 CopyFileW 1612->1615 1614 6baa8e 1615->1614 1628 6ba2d2 1630 6ba2d6 SetErrorMode 1628->1630 1631 6ba33f 1630->1631 1644 6ba612 1647 6ba646 CreateMutexW 1644->1647 1646 6ba6c1 1647->1646

                                          Callgraph

                                          • Executed
                                          • Not Executed
                                          • Opacity -> Relevance
                                          • Disassembly available
                                          callgraph 0 Function_04880C8D 1 Function_006BA56E 2 Function_04880080 3 Function_006BA462 4 Function_006BA361 5 Function_006BAAE1 6 Function_04880B03 7 Function_04880F05 8 Function_006B2364 9 Function_006B2264 10 Function_04880007 11 Function_04880D98 12 Function_006BACFA 13 Function_006BA078 14 Function_006BA2FE 15 Function_006BA97E 16 Function_006B247C 17 Function_04880310 29 Function_00AF0606 17->29 55 Function_00AF05E1 17->55 59 Function_04880958 17->59 18 Function_006BA172 19 Function_006B21F0 20 Function_00AF0734 21 Function_006B2675 22 Function_006B23F4 23 Function_006BA1F4 24 Function_006BAB74 25 Function_04880BA8 26 Function_00AF000C 27 Function_006BAACF 28 Function_006BA74E 30 Function_04880C22 31 Function_006BA540 32 Function_006BA7C7 33 Function_006BACC7 34 Function_006BA646 35 Function_006BA8C6 36 Function_006BAC46 37 Function_006B2044 38 Function_04880938 39 Function_006B2458 40 Function_006B2558 41 Function_048803BD 41->29 41->55 41->59 42 Function_006BA25E 43 Function_006BA45C 44 Function_006B2A52 45 Function_006BA2D2 46 Function_006BA952 47 Function_006B2AD1 48 Function_006B20D0 49 Function_00AF0710 50 Function_00AF026D 51 Function_00AF066A 52 Function_006BA02E 53 Function_04880D40 54 Function_006BA120 56 Function_006BA8A4 57 Function_006BAC24 58 Function_00AF067F 59->29 59->55 60 Function_04880F58 61 Function_006B2AB9 62 Function_0488075A 63 Function_006BAA3E 64 Function_006B23BC 65 Function_006B213C 66 Function_006BA23C 67 Function_006B2430 68 Function_00AF0074 69 Function_04880E55 70 Function_006B22B4 71 Function_006B260A 72 Function_00AF0648 72->51 73 Function_006BAA07 74 Function_006BA486 75 Function_006BAB06 76 Function_006B2006 77 Function_00AF05C1 78 Function_006BA005 79 Function_006BA09A 80 Function_006B2098 81 Function_006BAB9E 82 Function_006BA81E 83 Function_0488087F 83->29 83->55 84 Function_048806FF 85 Function_006BA392 86 Function_006BA612 87 Function_006BAC11 88 Function_006B2310 89 Function_006BA710 90 Function_00AF05D1 91 Function_006B2194

                                          Executed Functions

                                          Function 04880310 Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 4880310-4880334 2 488033e-4880346 0->2 3 4880336-4880338 0->3 4 4880348-488034d 2->4 5 488034e-4880391 2->5 3->2 8 48803d8-4880418 5->8 9 4880393-48803bb 5->9 16 488041a 8->16 17 488041f 8->17 14 48803ce 9->14 14->8 16->17 53 488041f call 4880958 17->53 54 488041f call af0606 17->54 55 488041f call af05e1 17->55 18 4880425-4880434 19 488046b-4880523 18->19 20 4880436-4880460 18->20 39 4880570-4880587 19->39 40 4880525-4880569 19->40 20->19 41 488058d-48805bf 39->41 42 4880880 39->42 40->39 41->42 53->18 54->18 55->18
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1743144832.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4880000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [}l^$-[}l^$2Wl$2Wl$2Wl$=[}l^
                                          • API String ID: 0-3018672042
                                          • Opcode ID: f2e3d591d91a762cccb5e4f88959c5cc02d82ea1d2f9e5d78f494db8483400fa
                                          • Instruction ID: ef6e9aa2716adf0afa9bedcbd3c5a453ea99128580605e122cba3ac16303409d
                                          • Opcode Fuzzy Hash: f2e3d591d91a762cccb5e4f88959c5cc02d82ea1d2f9e5d78f494db8483400fa
                                          • Instruction Fuzzy Hash: 6551FF307002108FDB08BB79D850ABD37E7AB86208B55856DE006DF79ADF35DD4A97A2
                                          Function 048803BD Relevance: 7.6, Strings: 6, Instructions: 135COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 56 48803bd-4880418 64 488041a 56->64 65 488041f 56->65 64->65 101 488041f call 4880958 65->101 102 488041f call af0606 65->102 103 488041f call af05e1 65->103 66 4880425-4880434 67 488046b-4880523 66->67 68 4880436-4880460 66->68 87 4880570-4880587 67->87 88 4880525-4880569 67->88 68->67 89 488058d-48805bf 87->89 90 4880880 87->90 88->87 89->90 101->66 102->66 103->66
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1743144832.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4880000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [}l^$-[}l^$2Wl$2Wl$2Wl$=[}l^
                                          • API String ID: 0-3018672042
                                          • Opcode ID: c3e9aa8ba01914c716bb6ca70d84a41f8bbac5ec97692d61f69c3bfdc7ce5b18
                                          • Instruction ID: ac03fcbb9d8a2ccfecb6f9c961c67a3878766d6283996fea2397f4a33f24d162
                                          • Opcode Fuzzy Hash: c3e9aa8ba01914c716bb6ca70d84a41f8bbac5ec97692d61f69c3bfdc7ce5b18
                                          • Instruction Fuzzy Hash: A841DF307001114FDB48BBB98825ABD36E39BC6248755442DE006EFBA6DF39CD4E97E6
                                          Function 04880958 Relevance: 3.0, Strings: 2, Instructions: 481COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 104 4880958-4880993 106 4880999-4880a22 104->106 107 4880a2e-4880a30 104->107 256 4880a24 call af0606 106->256 257 4880a24 call af05e1 106->257 108 4880a37-4880a3c 107->108 110 4880b1e-4880bc2 108->110 111 4880a42-4880a7a 108->111 148 4880bc8-4880c8b 110->148 149 4880c9e-4880ca7 110->149 127 4880a7c-4880a9a 111->127 128 4880aa1-4880afc 111->128 127->128 167 4880b01 128->167 147 4880a2a-4880a2c 147->107 153 4880a32 147->153 148->149 150 4880cad-4880d3e 149->150 151 4880d51-4880d5a 149->151 150->151 154 4880d7a-4880d83 151->154 155 4880d5c-4880d73 151->155 153->108 157 4880da9-4880db2 154->157 158 4880d85-4880d96 154->158 155->154 163 4880db8-4880e06 157->163 164 4880f33-4880f3a 157->164 158->157 183 4880f1c-4880f2d 163->183 167->110 183->164 186 4880e0b-4880e14 183->186 189 4880e1a-4880f1a 186->189 190 4880f40-4880fd1 186->190 189->183 237 4880f3b 189->237 219 48810ca 190->219 220 4880fd7-4880fe8 190->220 221 48810cc-48810d3 219->221 226 4880fea-488100b 220->226 234 488100d 226->234 235 4881012-4881048 226->235 234->235 243 488104a 235->243 244 488104f-4881077 235->244 237->190 243->244 248 4881079-488107b 244->248 249 488107d-48810a1 244->249 248->221 252 48810aa-48810b4 249->252 253 48810a3-48810a8 249->253 254 48810ba-48810c4 252->254 255 48810b6-48810b8 252->255 253->221 254->219 254->226 255->221 256->147 257->147
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1743144832.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4880000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: :@0l$\OWl
                                          • API String ID: 0-3699172287
                                          • Opcode ID: 201be90302b4e7eade7c7becff4b76a186682935f4374657c4ba15f0fe6d87ad
                                          • Instruction ID: 846dec92a4db14190b92c74bedfceb70756ec5480db15521da73b221d00ba736
                                          • Opcode Fuzzy Hash: 201be90302b4e7eade7c7becff4b76a186682935f4374657c4ba15f0fe6d87ad
                                          • Instruction Fuzzy Hash: 8C025D347002148FCB14FB78D854AAE77E7AF89308B10856DD406DB7A9EF359C8ADB91
                                          Function 006BA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 258 6ba612-6ba695 262 6ba69a-6ba6a3 258->262 263 6ba697 258->263 264 6ba6a8-6ba6b1 262->264 265 6ba6a5 262->265 263->262 266 6ba6b3-6ba6d7 CreateMutexW 264->266 267 6ba702-6ba707 264->267 265->264 270 6ba709-6ba70e 266->270 271 6ba6d9-6ba6ff 266->271 267->266 270->271
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 006BA6B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 67f3692d3d3df650b92aad9164906a50f78b216af02da1b89699d3754f3bbf2d
                                          • Instruction ID: 7318017156904961ba0e5656fa6d084fe0e0368b746a06d44cb71d5b97fb206c
                                          • Opcode Fuzzy Hash: 67f3692d3d3df650b92aad9164906a50f78b216af02da1b89699d3754f3bbf2d
                                          • Instruction Fuzzy Hash: 3E3193B55093806FE712CB65CC45B96FFF8EF06314F08849AE984CF292D365E909C762
                                          Function 006BA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 274 6ba361-6ba3cf 277 6ba3d1 274->277 278 6ba3d4-6ba3dd 274->278 277->278 279 6ba3df 278->279 280 6ba3e2-6ba3e8 278->280 279->280 281 6ba3ea 280->281 282 6ba3ed-6ba404 280->282 281->282 284 6ba43b-6ba440 282->284 285 6ba406-6ba419 RegQueryValueExW 282->285 284->285 286 6ba41b-6ba438 285->286 287 6ba442-6ba447 285->287 287->286
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,16D714A9,00000000,00000000,00000000,00000000), ref: 006BA40C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: b85db31bb66e7641fda2761c26017703e92ac5fb0d9e6beaba10b3e30548a85b
                                          • Instruction ID: fe1a5b831ffe47a5ecdff85b5fb57d743eb30b392202098ebe9e3609c504152a
                                          • Opcode Fuzzy Hash: b85db31bb66e7641fda2761c26017703e92ac5fb0d9e6beaba10b3e30548a85b
                                          • Instruction Fuzzy Hash: FC3161B5509780AFE721CF51CC84F92BBF8EF05714F08849AE985CB692D364E949CB72
                                          Function 006BA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 291 6ba462-6ba4c3 294 6ba4c8-6ba4d4 291->294 295 6ba4c5 291->295 296 6ba4d9-6ba4f0 294->296 297 6ba4d6 294->297 295->294 299 6ba4f2-6ba505 RegSetValueExW 296->299 300 6ba527-6ba52c 296->300 297->296 301 6ba52e-6ba533 299->301 302 6ba507-6ba524 299->302 300->299 301->302
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,16D714A9,00000000,00000000,00000000,00000000), ref: 006BA4F8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 0634d338381f4a0eca4ebda9a29bb9c07e2c8a6e03f26e887a021e687c9e3d5b
                                          • Instruction ID: 3c7945f0545e4594a12db5c6b2634756a575a90052196386237bd7c246450fac
                                          • Opcode Fuzzy Hash: 0634d338381f4a0eca4ebda9a29bb9c07e2c8a6e03f26e887a021e687c9e3d5b
                                          • Instruction Fuzzy Hash: D22192B65083806FD7228F51DC44FA7BFBCEF45614F08849AE985CB652D364E948C7B2
                                          Function 006BAA07 Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 321 6baa07-6baa65 323 6baa6a-6baa70 321->323 324 6baa67 321->324 325 6baa72 323->325 326 6baa75-6baa7e 323->326 324->323 325->326 327 6baac1-6baac6 326->327 328 6baa80-6baaa0 CopyFileW 326->328 327->328 331 6baac8-6baacd 328->331 332 6baaa2-6baabe 328->332 331->332
                                          APIs
                                          • CopyFileW.KERNELBASE(?,?,?), ref: 006BAA86
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: c35562c323393c14d5d7638b3035cacd02cd8acc892ffd597c0dc79545042c85
                                          • Instruction ID: c65905e1187ac9839eda53a614eb99008afaa7a164f29816bf07ab9ce1da735c
                                          • Opcode Fuzzy Hash: c35562c323393c14d5d7638b3035cacd02cd8acc892ffd597c0dc79545042c85
                                          • Instruction Fuzzy Hash: 882171B15093809FD711CB65DD45B92BFF8EF06314F0984DAE885CB262E224D949CB71
                                          Function 006BA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 306 6ba646-6ba695 309 6ba69a-6ba6a3 306->309 310 6ba697 306->310 311 6ba6a8-6ba6b1 309->311 312 6ba6a5 309->312 310->309 313 6ba6b3-6ba6bb CreateMutexW 311->313 314 6ba702-6ba707 311->314 312->311 315 6ba6c1-6ba6d7 313->315 314->313 317 6ba709-6ba70e 315->317 318 6ba6d9-6ba6ff 315->318 317->318
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 006BA6B9
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 9493e995cbf8d752c81d0388d0e5529de1de12fe8504ad539654a4e66d3f231c
                                          • Instruction ID: 914517e6766b712254b179837b794d0ea4ceaef630e45ebdd450312e9faa99dd
                                          • Opcode Fuzzy Hash: 9493e995cbf8d752c81d0388d0e5529de1de12fe8504ad539654a4e66d3f231c
                                          • Instruction Fuzzy Hash: 9F21C2B55042409FE720CFA5CD45BE6FBE8EF04324F18846AE9448F741E775E849CB62
                                          Function 006BA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 334 6ba392-6ba3cf 336 6ba3d1 334->336 337 6ba3d4-6ba3dd 334->337 336->337 338 6ba3df 337->338 339 6ba3e2-6ba3e8 337->339 338->339 340 6ba3ea 339->340 341 6ba3ed-6ba404 339->341 340->341 343 6ba43b-6ba440 341->343 344 6ba406-6ba419 RegQueryValueExW 341->344 343->344 345 6ba41b-6ba438 344->345 346 6ba442-6ba447 344->346 346->345
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,16D714A9,00000000,00000000,00000000,00000000), ref: 006BA40C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: cfaf8e7764112fbcd373b555b20a5b6725bc9a7ca3fb11c362018403f977ae9c
                                          • Instruction ID: 2a0296db0287479dd40abc8dae29feff844899eff2021439d8d2c484b3b08798
                                          • Opcode Fuzzy Hash: cfaf8e7764112fbcd373b555b20a5b6725bc9a7ca3fb11c362018403f977ae9c
                                          • Instruction Fuzzy Hash: D2214DB5500604AFE720CE95CC84FE6B7ECEF04714F18845AE945CB751D7A4E949CBB2
                                          Function 006BA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 350 6ba486-6ba4c3 352 6ba4c8-6ba4d4 350->352 353 6ba4c5 350->353 354 6ba4d9-6ba4f0 352->354 355 6ba4d6 352->355 353->352 357 6ba4f2-6ba505 RegSetValueExW 354->357 358 6ba527-6ba52c 354->358 355->354 359 6ba52e-6ba533 357->359 360 6ba507-6ba524 357->360 358->357 359->360
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,16D714A9,00000000,00000000,00000000,00000000), ref: 006BA4F8
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 2d5abb6f9c2c6767b7b25cec11f350371d866f40539f3e9d712e2e04afead3e4
                                          • Instruction ID: aceec4d1bb5b8ba8b06700de1d6c43cb81a0c592061d82cc940eb978a0e2d8f1
                                          • Opcode Fuzzy Hash: 2d5abb6f9c2c6767b7b25cec11f350371d866f40539f3e9d712e2e04afead3e4
                                          • Instruction Fuzzy Hash: 9C1181B6500600AFEB318E91DC45FE6FBECEF04714F14845AED458AB51D760E949CBB2
                                          Function 006BA2D2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 364 6ba2d2-6ba2d4 365 6ba2de-6ba328 364->365 366 6ba2d6-6ba2dd 364->366 368 6ba32a-6ba33d SetErrorMode 365->368 369 6ba353-6ba358 365->369 366->365 370 6ba35a-6ba35f 368->370 371 6ba33f-6ba352 368->371 369->368 370->371
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 006BA330
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 1b4b3ee46c905cadd78691903cf930624f414b797340f7e2406604cbdb7404d3
                                          • Instruction ID: 734965c1b756cc9d64df899c1e485d0059f2a5a767990367e78207f905d91438
                                          • Opcode Fuzzy Hash: 1b4b3ee46c905cadd78691903cf930624f414b797340f7e2406604cbdb7404d3
                                          • Instruction Fuzzy Hash: 6C212C7540E3C06FD7138B65DC54A92BFB49F07624F0D80DBDD858F2A3C265A848DB62
                                          Function 006BAC24 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 374 6bac24-6bac6a 376 6bac6f-6bac78 374->376 377 6bac6c 374->377 378 6bac7a-6bac9a ShellExecuteExW 376->378 379 6bacb9-6bacbe 376->379 377->376 382 6bac9c-6bacb8 378->382 383 6bacc0-6bacc5 378->383 379->378 383->382
                                          APIs
                                          • ShellExecuteExW.SHELL32(?), ref: 006BAC80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: ExecuteShell
                                          • String ID:
                                          • API String ID: 587946157-0
                                          • Opcode ID: 1a73c8c04be6d67ba2833bb189b09212bacc37c87597434b524c22da7d175b68
                                          • Instruction ID: ff24ad2cda6dd1734873a785fa096925ffb6d19cb74d1a8dab97639f10cd8ca0
                                          • Opcode Fuzzy Hash: 1a73c8c04be6d67ba2833bb189b09212bacc37c87597434b524c22da7d175b68
                                          • Instruction Fuzzy Hash: 051182715093809FD712CF65DC94B92BFB8DF46224F0884EBED45CF252D265E948CB62
                                          Function 006BA8A4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 385 6ba8a4-6ba8ed 387 6ba8ef 385->387 388 6ba8f2-6ba8fb 385->388 387->388 389 6ba8fd-6ba91d SetFileAttributesW 388->389 390 6ba93c-6ba941 388->390 393 6ba91f-6ba93b 389->393 394 6ba943-6ba948 389->394 390->389 394->393
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 006BA903
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: c61e0e75722c7fd48c22926c22db93640e4a16ba9ea8dd66c2ae57037d4211df
                                          • Instruction ID: b1659aabd1a71868295657ad298ffb003e45c99467d7df9a9f8c74e806e795f9
                                          • Opcode Fuzzy Hash: c61e0e75722c7fd48c22926c22db93640e4a16ba9ea8dd66c2ae57037d4211df
                                          • Instruction Fuzzy Hash: 721193715053809FD711CF65DC44B96BFE8EF06220F0984AEEC85CB252D225E848CB62
                                          Function 006BAA3E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 396 6baa3e-6baa65 397 6baa6a-6baa70 396->397 398 6baa67 396->398 399 6baa72 397->399 400 6baa75-6baa7e 397->400 398->397 399->400 401 6baac1-6baac6 400->401 402 6baa80-6baa88 CopyFileW 400->402 401->402 403 6baa8e-6baaa0 402->403 405 6baac8-6baacd 403->405 406 6baaa2-6baabe 403->406 405->406
                                          APIs
                                          • CopyFileW.KERNELBASE(?,?,?), ref: 006BAA86
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: e1cab1d07782a0355ef4d7dbb61dc24faf57cf05452161caa2c3849c3ada7ef1
                                          • Instruction ID: c7378e9e8a91e9b8de8c607f05f3f06c903f4ccb2f5d542647faa6fec19f593b
                                          • Opcode Fuzzy Hash: e1cab1d07782a0355ef4d7dbb61dc24faf57cf05452161caa2c3849c3ada7ef1
                                          • Instruction Fuzzy Hash: B11182B16002409FEB10CFA9DD44796FBE8EF04720F0884AADC49CB741E230E858CB72
                                          Function 006BA8C6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 408 6ba8c6-6ba8ed 409 6ba8ef 408->409 410 6ba8f2-6ba8fb 408->410 409->410 411 6ba8fd-6ba905 SetFileAttributesW 410->411 412 6ba93c-6ba941 410->412 413 6ba90b-6ba91d 411->413 412->411 415 6ba91f-6ba93b 413->415 416 6ba943-6ba948 413->416 416->415
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 006BA903
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 0a7048679b202ce130120bc3c5ef4a59c73c05e7eb71da5a4185a58e37635ab6
                                          • Instruction ID: 819f0e1eaa8ab48625030dfca7d927148d429cac2f93b86b9bf66b80ad9d3f40
                                          • Opcode Fuzzy Hash: 0a7048679b202ce130120bc3c5ef4a59c73c05e7eb71da5a4185a58e37635ab6
                                          • Instruction Fuzzy Hash: A80180B15002409FDB10DFA5DC847A6FBE8EF04724F0884AADD49CB741E675E889DB62
                                          Function 006BAC46 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • ShellExecuteExW.SHELL32(?), ref: 006BAC80
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: ExecuteShell
                                          • String ID:
                                          • API String ID: 587946157-0
                                          • Opcode ID: 83fcd64c8a87857cc2a5acfb356e32c0e21adf91eb167f35ea56961622b699e5
                                          • Instruction ID: 8c4efdb30b2d746ad6c7ba1ae38265fa3635264a22db27872c98cab12fbf7345
                                          • Opcode Fuzzy Hash: 83fcd64c8a87857cc2a5acfb356e32c0e21adf91eb167f35ea56961622b699e5
                                          • Instruction Fuzzy Hash: D00180715042409FDB10CFA5D9847A6BBE8EF04724F08C4AADD49CF742E375E848CBA2
                                          Function 006BA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 006BA330
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742637539.00000000006BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 006BA000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6ba000_Minet.jbxd
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: a28c6a81c60a836b0551b652da5fd0e7d390189241ede7665cbbda7c8fd898b2
                                          • Instruction ID: a4dc89115c1afddc9676598ee2a3a3b7a560d18cc1f4efe6a32cf48a6f477cb6
                                          • Opcode Fuzzy Hash: a28c6a81c60a836b0551b652da5fd0e7d390189241ede7665cbbda7c8fd898b2
                                          • Instruction Fuzzy Hash: 5CF08C75804240DFDB208F89D8847A1FBE4EF04724F18C09ADD498F752D275E888DBA2
                                          Function 0488087F Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1743144832.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4880000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: jl
                                          • API String ID: 0-1059535554
                                          • Opcode ID: 9c19ea859e0dab62eeadc04cdb47ce07d5fbcf0f368db3428c6a86de3afdf89e
                                          • Instruction ID: af8390196aaac962962e9cce96e18a79b4aa933b79bb70e24d979b4aac2d19e1
                                          • Opcode Fuzzy Hash: 9c19ea859e0dab62eeadc04cdb47ce07d5fbcf0f368db3428c6a86de3afdf89e
                                          • Instruction Fuzzy Hash: 5E11E334109342CFC700FBB4D8548A97BF2AF8530C704895DF4868F269DA304849DB97
                                          Function 04880080 Relevance: .1, Instructions: 130COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1743144832.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4880000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a490784b6fc7ba7ee57721c86f49aa5139715b9c7767ecc8b02c240aa9bd5b7
                                          • Instruction ID: 6533ddfef95c20b2c88521c2b41401476536305328f12dd6cd7045990838c390
                                          • Opcode Fuzzy Hash: 1a490784b6fc7ba7ee57721c86f49aa5139715b9c7767ecc8b02c240aa9bd5b7
                                          • Instruction Fuzzy Hash: 9A515E302012428FC704FB75E59599A77F3BBA6209350E92DD0089F7AEEB745A4EDBC1
                                          Function 04880007 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1743144832.0000000004880000.00000040.00000800.00020000.00000000.sdmp, Offset: 04880000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_4880000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 22f09efd03565b95808ae2214ecdd539e87ad924bd0b1e6ec435ae8cf62c5790
                                          • Instruction ID: 231d275a573e42223b6c6982c29043cd5e7ca4b39673d93ef0c1e25005b72a72
                                          • Opcode Fuzzy Hash: 22f09efd03565b95808ae2214ecdd539e87ad924bd0b1e6ec435ae8cf62c5790
                                          • Instruction Fuzzy Hash: D401BE8645FBD16FD343A3301D66A917F706E03114B5E89DBC5C1CB0A3D50D594ED762
                                          Function 00AF05E1 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742962840.0000000000AF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_af0000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cd0ca2cc0fc4b1425b7601ebd3e63eee2285a055d0e41d18c595f476886b6f8
                                          • Instruction ID: 73b20039be6eed5389f506032c715b96157ffe8ea900e39da6afc5c88e3f4191
                                          • Opcode Fuzzy Hash: 2cd0ca2cc0fc4b1425b7601ebd3e63eee2285a055d0e41d18c595f476886b6f8
                                          • Instruction Fuzzy Hash: 7B0181B65097806FD7128B16AC40863FFBCDF86634719C49FEC498B652D225B809CBB2
                                          Function 00AF0606 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742962840.0000000000AF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00AF0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_af0000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a25c72c5d6a54cebfc97a6aceec32f3ef5a2e029b11e8075dc63e1d071266bd
                                          • Instruction ID: 1bb5fe5336d091c78f762a86ea5d93a4a66729a3bfff440a39bf84b53a7a9a87
                                          • Opcode Fuzzy Hash: 5a25c72c5d6a54cebfc97a6aceec32f3ef5a2e029b11e8075dc63e1d071266bd
                                          • Instruction Fuzzy Hash: 28E092B6A006005BD650CF0AED41462F7E8EB88630718C47FDC0D8B711D235B508CAA6
                                          Function 006B23F4 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742622117.00000000006B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B2000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b2000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07caf9994815b8ce0418696b3e385787f2b8aaa43af6054ac3da174fb3d4bc0d
                                          • Instruction ID: 1cf6a49fb6a899b2a786068f40beda0705dd861a3ebe421e156ffca58f0acb66
                                          • Opcode Fuzzy Hash: 07caf9994815b8ce0418696b3e385787f2b8aaa43af6054ac3da174fb3d4bc0d
                                          • Instruction Fuzzy Hash: 79D02EB92006D24FD3128A0CC1A4BC53BE4AF40704F0A00FDA8008BB63C728E8C1C200
                                          Function 006B23BC Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.1742622117.00000000006B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 006B2000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_6b2000_Minet.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4990f6c71816eccd6cde71d4afbadc2d205ea2b0a7537923a85657ace34b3337
                                          • Instruction ID: f480aa4a3b04bde24ec7c380cfbdb5981b1f5e30529945284bf1c3ab7a8bb855
                                          • Opcode Fuzzy Hash: 4990f6c71816eccd6cde71d4afbadc2d205ea2b0a7537923a85657ace34b3337
                                          • Instruction Fuzzy Hash: A0D05E742402824BC715EA0CC2E4FD937E5AB44714F1A44ECAC108F762C7A8ECC1CA00

                                          Execution Graph

                                          Execution Coverage:17.8%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:4.8%
                                          Total number of Nodes:147
                                          Total number of Limit Nodes:7
                                          execution_graph 6979 4d62dd6 6980 4d62e0b GetExitCodeProcess 6979->6980 6982 4d62e34 6980->6982 6983 4d62a56 6984 4d62a8e RegCreateKeyExW 6983->6984 6986 4d62b00 6984->6986 7093 4d61696 7096 4d616cb GetProcessTimes 7093->7096 7095 4d616fd 7096->7095 7097 4d62f96 7100 4d62fcb SetProcessWorkingSetSize 7097->7100 7099 4d62ff7 7100->7099 6987 93a392 6989 93a3c7 RegQueryValueExW 6987->6989 6990 93a41b 6989->6990 7101 93ab52 7102 93ab8a RegOpenKeyExW 7101->7102 7104 93abe0 7102->7104 7105 93add6 7107 93adff CopyFileW 7105->7107 7108 93ae26 7107->7108 6991 93a09a 6992 93a107 6991->6992 6993 93a0cf send 6991->6993 6992->6993 6994 93a0dd 6993->6994 7109 93ac5a 7111 93ac83 SetFileAttributesW 7109->7111 7112 93ac9f 7111->7112 6995 4d619da 6996 4d61a0f WSAConnect 6995->6996 6998 4d61a2e 6996->6998 6999 93ae9e 7001 93aed6 CreateFileW 6999->7001 7002 93af25 7001->7002 7116 93bede 7117 93bf54 7116->7117 7118 93bf1c DuplicateHandle 7116->7118 7117->7118 7119 93bf2a 7118->7119 7003 c617c8 7004 c61412 7003->7004 7009 c6189f 7004->7009 7014 c61811 7004->7014 7019 c61881 7004->7019 7024 c618b2 7004->7024 7010 c618a6 7009->7010 7011 c619fc 7010->7011 7029 c627b8 7010->7029 7033 c627a9 7010->7033 7015 c6184b 7014->7015 7016 c619fc 7015->7016 7017 c627b8 2 API calls 7015->7017 7018 c627a9 2 API calls 7015->7018 7017->7016 7018->7016 7020 c61888 7019->7020 7021 c619fc 7020->7021 7022 c627b8 2 API calls 7020->7022 7023 c627a9 2 API calls 7020->7023 7022->7021 7023->7021 7025 c618b9 7024->7025 7026 c619fc 7025->7026 7027 c627b8 2 API calls 7025->7027 7028 c627a9 2 API calls 7025->7028 7027->7026 7028->7026 7030 c627e3 7029->7030 7031 c6282b 7030->7031 7037 c62dd1 7030->7037 7031->7011 7034 c627b8 7033->7034 7035 c6282b 7034->7035 7036 c62dd1 2 API calls 7034->7036 7035->7011 7036->7035 7038 c62e05 7037->7038 7042 4d61ad6 7038->7042 7045 4d61a66 7038->7045 7039 c62e40 7039->7031 7043 4d61b26 GetVolumeInformationA 7042->7043 7044 4d61b2e 7043->7044 7044->7039 7046 4d61ad6 GetVolumeInformationA 7045->7046 7048 4d61b2e 7046->7048 7048->7039 7120 4d62d02 7122 4d62d2b select 7120->7122 7123 4d62d60 7122->7123 7049 93a486 7051 93a4bb RegSetValueExW 7049->7051 7052 93a507 7051->7052 7053 93aa06 7054 93aa35 WaitForInputIdle 7053->7054 7056 93aa6b 7053->7056 7055 93aa43 7054->7055 7056->7054 7128 93a646 7131 93a67e CreateMutexW 7128->7131 7130 93a6c1 7131->7130 7057 4d613ce 7059 4d61403 shutdown 7057->7059 7060 4d6142c 7059->7060 7061 4d6084e 7062 4d60883 ReadFile 7061->7062 7064 4d608b5 7062->7064 7065 4d61cca 7066 4d61d22 7065->7066 7067 4d61cf9 CoGetObjectContext 7065->7067 7066->7067 7068 4d61d0e 7067->7068 7136 93a74e 7137 93a77a CloseHandle 7136->7137 7138 93a7b9 7136->7138 7139 93a788 7137->7139 7138->7137 7140 4d60ab6 7142 4d60aee WSASocketW 7140->7142 7143 4d60b2a 7142->7143 7144 93b772 7145 93b79e K32EnumProcesses 7144->7145 7147 93b7ba 7145->7147 7148 93a172 7149 93a1c2 EnumWindows 7148->7149 7150 93a1ca 7149->7150 7151 4d62eb2 7153 4d62ee7 GetProcessWorkingSetSize 7151->7153 7154 4d62f13 7153->7154 7069 93afb6 7070 93afeb GetFileType 7069->7070 7072 93b018 7070->7072 7073 93b836 7074 93b896 7073->7074 7075 93b86b NtQuerySystemInformation 7073->7075 7074->7075 7076 93b880 7075->7076 7155 93b5f6 7158 93b625 AdjustTokenPrivileges 7155->7158 7157 93b647 7158->7157 7159 93b476 7161 93b49f LookupPrivilegeValueW 7159->7161 7162 93b4c6 7161->7162 7163 c61120 KiUserExceptionDispatcher 7164 c61154 7163->7164 7077 4d617fa 7079 4d61835 getaddrinfo 7077->7079 7080 4d618a7 7079->7080 7081 4d60f7a 7083 4d60fb2 ConvertStringSecurityDescriptorToSecurityDescriptorW 7081->7083 7084 4d60ff3 7083->7084 7165 93a2fe 7166 93a353 7165->7166 7167 93a32a SetErrorMode 7165->7167 7166->7167 7168 93a33f 7167->7168 7169 4d62c26 7171 4d62c5b ioctlsocket 7169->7171 7172 4d62c87 7171->7172 7085 4d61d62 7086 4d61d9d LoadLibraryA 7085->7086 7088 4d61dda 7086->7088 7173 4d6112a 7174 4d61162 MapViewOfFile 7173->7174 7176 4d611b1 7174->7176

                                          Executed Functions

                                          Function 0093B5BF Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0093B63F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: AdjustPrivilegesToken
                                          • String ID:
                                          • API String ID: 2874748243-0
                                          • Opcode ID: edec9e6c4e02a2f732b6144dde7749d9983149ae7130458971cafb214390a87c
                                          • Instruction ID: 477e79e2379ce13521f23fd4803da70f3690f16514c39720df3f854e7a433750
                                          • Opcode Fuzzy Hash: edec9e6c4e02a2f732b6144dde7749d9983149ae7130458971cafb214390a87c
                                          • Instruction Fuzzy Hash: 0821AD755097809FEB228F25DC41B52BFB8EF06320F08849AE9858B163D371A908DB62
                                          Function 0093B7FB Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0093B871
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: InformationQuerySystem
                                          • String ID:
                                          • API String ID: 3562636166-0
                                          • Opcode ID: 8302254fb986c06a57fe6903371bab872bc86a637875f333115b752ce67b473b
                                          • Instruction ID: d0d0b68059e96f9933600aace5316c9e23bb1f338813d1351fbd8c52054bd819
                                          • Opcode Fuzzy Hash: 8302254fb986c06a57fe6903371bab872bc86a637875f333115b752ce67b473b
                                          • Instruction Fuzzy Hash: 6721C0754097C0AFDB238B20DC45A52FFB4EF17314F0984CBEA848B1A3D265A90DCB62
                                          Function 0093B5F6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0093B63F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: AdjustPrivilegesToken
                                          • String ID:
                                          • API String ID: 2874748243-0
                                          • Opcode ID: e7f5c942d7a24d06240f5afc1903ef6467a79d879df4101708e890c9507508c8
                                          • Instruction ID: 5aecf846cb1a53d7772d0f1d69c3adce16593ffd9ce2e996f21d390459e1df51
                                          • Opcode Fuzzy Hash: e7f5c942d7a24d06240f5afc1903ef6467a79d879df4101708e890c9507508c8
                                          • Instruction Fuzzy Hash: 70119E355002009FEB20CF55D845B66FBE8EF04324F08C8AAEE468B662D335E818DF61
                                          Function 0093B836 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 0093B871
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: InformationQuerySystem
                                          • String ID:
                                          • API String ID: 3562636166-0
                                          • Opcode ID: 4d7eb8d3e6ebd8211b06b1c69e15d535510770fd3ce1c69ba188c2f8ba242aa1
                                          • Instruction ID: 9d13c6b34d498242f4dc58af155a43e483ef2dce819f0701f3b73d017915096d
                                          • Opcode Fuzzy Hash: 4d7eb8d3e6ebd8211b06b1c69e15d535510770fd3ce1c69ba188c2f8ba242aa1
                                          • Instruction Fuzzy Hash: A0018F35400640DFDB208F45D884B61FBE4EF44724F08C49ADE494A651D375E818DFA2
                                          Function 00C61120 Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1074 c61120-c6115b KiUserExceptionDispatcher 1077 c61163 1074->1077 1078 c61165-c6119e 1077->1078 1082 c611a0-c611a2 1078->1082 1083 c611ed-c611f0 1078->1083 1107 c611a4 call c61db7 1082->1107 1108 c611a4 call b005e2 1082->1108 1109 c611a4 call b00606 1082->1109 1084 c611f2-c61200 1083->1084 1085 c6126d-c6128a 1083->1085 1084->1078 1086 c61206-c6120a 1084->1086 1088 c6125e-c61268 1086->1088 1089 c6120c-c6121d 1086->1089 1087 c611aa-c611b9 1090 c611ea 1087->1090 1091 c611bb-c611be 1087->1091 1088->1077 1089->1085 1097 c6121f-c6122f 1089->1097 1090->1083 1110 c611c0 call b005e2 1091->1110 1111 c611c0 call b00606 1091->1111 1112 c611c0 call c625cf 1091->1112 1095 c611c6-c611e2 1095->1090 1098 c61250-c61256 1097->1098 1099 c61231-c6123c 1097->1099 1098->1088 1099->1085 1102 c6123e-c61248 1099->1102 1102->1098 1107->1087 1108->1087 1109->1087 1110->1095 1111->1095 1112->1095
                                          APIs
                                          • KiUserExceptionDispatcher.NTDLL ref: 00C61147
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133604541.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_c60000_server.jbxd
                                          Similarity
                                          • API ID: DispatcherExceptionUser
                                          • String ID:
                                          • API String ID: 6842923-0
                                          • Opcode ID: 367ad1cbef2139bfd759193a088a48424756fef96e52e1e8a393099dcca2ffa2
                                          • Instruction ID: ab5edcd85dd2677b89be94683dae1e98a02858f6710b3a79d44454044332583a
                                          • Opcode Fuzzy Hash: 367ad1cbef2139bfd759193a088a48424756fef96e52e1e8a393099dcca2ffa2
                                          • Instruction Fuzzy Hash: 284193356102058FCB14DFB5C8956AD77F6AF88249B188079D809DB39AEB38DE46C7E0
                                          Function 00C6110F Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1113 c6110f-c6114d KiUserExceptionDispatcher 1114 c61154-c6115b 1113->1114 1116 c61163 1114->1116 1117 c61165-c6119e 1116->1117 1121 c611a0-c611a2 1117->1121 1122 c611ed-c611f0 1117->1122 1146 c611a4 call c61db7 1121->1146 1147 c611a4 call b005e2 1121->1147 1148 c611a4 call b00606 1121->1148 1123 c611f2-c61200 1122->1123 1124 c6126d-c6128a 1122->1124 1123->1117 1125 c61206-c6120a 1123->1125 1127 c6125e-c61268 1125->1127 1128 c6120c-c6121d 1125->1128 1126 c611aa-c611b9 1129 c611ea 1126->1129 1130 c611bb-c611be 1126->1130 1127->1116 1128->1124 1136 c6121f-c6122f 1128->1136 1129->1122 1149 c611c0 call b005e2 1130->1149 1150 c611c0 call b00606 1130->1150 1151 c611c0 call c625cf 1130->1151 1134 c611c6-c611e2 1134->1129 1137 c61250-c61256 1136->1137 1138 c61231-c6123c 1136->1138 1137->1127 1138->1124 1141 c6123e-c61248 1138->1141 1141->1137 1146->1126 1147->1126 1148->1126 1149->1134 1150->1134 1151->1134
                                          APIs
                                          • KiUserExceptionDispatcher.NTDLL ref: 00C61147
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133604541.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_c60000_server.jbxd
                                          Similarity
                                          • API ID: DispatcherExceptionUser
                                          • String ID:
                                          • API String ID: 6842923-0
                                          • Opcode ID: fe0def777c7acc20885bca76e8d98450f3d39a86eeaaa92cb088a690bf2b10d8
                                          • Instruction ID: e2f5ded537b7464e073509905dd956942cb64da81039feefa5d7d5713dd6a826
                                          • Opcode Fuzzy Hash: fe0def777c7acc20885bca76e8d98450f3d39a86eeaaa92cb088a690bf2b10d8
                                          • Instruction Fuzzy Hash: B84182356112118FCB14DF75C8D5AAE77E1AF88345B188069D809DB39ADB38CD46CBA0
                                          Function 04D62A2A Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1152 4d62a2a-4d62aae 1156 4d62ab3-4d62abf 1152->1156 1157 4d62ab0 1152->1157 1158 4d62ac4-4d62acd 1156->1158 1159 4d62ac1 1156->1159 1157->1156 1160 4d62ad2-4d62ae9 1158->1160 1161 4d62acf 1158->1161 1159->1158 1163 4d62b2b-4d62b30 1160->1163 1164 4d62aeb-4d62afe RegCreateKeyExW 1160->1164 1161->1160 1163->1164 1165 4d62b32-4d62b37 1164->1165 1166 4d62b00-4d62b28 1164->1166 1165->1166
                                          APIs
                                          • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 04D62AF1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 6c0a3478cb625dc46d8c07465a934d4258a02156d1f1a4b6057336bc26f787d5
                                          • Instruction ID: 7ebeb5cd1373f821071526ab95dd787f8c0f6f13235bf255146f2efbc54fef2e
                                          • Opcode Fuzzy Hash: 6c0a3478cb625dc46d8c07465a934d4258a02156d1f1a4b6057336bc26f787d5
                                          • Instruction Fuzzy Hash: C8317072504744AFE721DF65CC84FA7BBFCEF05310F08859AE9858B662D364E908CBA1
                                          Function 04D609A3 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1171 4d609a3-4d609c3 1172 4d609e5-4d60a17 1171->1172 1173 4d609c5-4d609e4 1171->1173 1177 4d60a1a-4d60a72 RegQueryValueExW 1172->1177 1173->1172 1179 4d60a78-4d60a8e 1177->1179
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 04D60A6A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 7c51c1de3ed6c0a8078660324db1044cf0233bce2b805db8dcfb5fe362a74fab
                                          • Instruction ID: 5f95746e0914d4f2f39c56320318840d2e9f9c9a6703b8648f0010439d62ebc5
                                          • Opcode Fuzzy Hash: 7c51c1de3ed6c0a8078660324db1044cf0233bce2b805db8dcfb5fe362a74fab
                                          • Instruction Fuzzy Hash: CE316F7510E7C06FD3138B258C61A61BFB5EF47610B0E45CBE8C48F6A3D2196919C7B2
                                          Function 04D617D8 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1180 4d617d8-4d61897 1186 4d618e9-4d618ee 1180->1186 1187 4d61899-4d618a1 getaddrinfo 1180->1187 1186->1187 1189 4d618a7-4d618b9 1187->1189 1190 4d618f0-4d618f5 1189->1190 1191 4d618bb-4d618e6 1189->1191 1190->1191
                                          APIs
                                          • getaddrinfo.WS2_32(?,00000E24), ref: 04D6189F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: getaddrinfo
                                          • String ID:
                                          • API String ID: 300660673-0
                                          • Opcode ID: 77337747df20e902cfe14e28ef20e19ddc90af2749938c844b6e64358814c919
                                          • Instruction ID: 656f86152cee3005b3c3ac4289e43e5ce85f2bb3c000ebf6c1d476b267b503b0
                                          • Opcode Fuzzy Hash: 77337747df20e902cfe14e28ef20e19ddc90af2749938c844b6e64358814c919
                                          • Instruction Fuzzy Hash: 1B31D1B2404340AFEB21CF50CC84FA6FBBCEF04714F04489AFA489B291D374A908CB61
                                          Function 04D61A66 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 04D61B26
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: InformationVolume
                                          • String ID:
                                          • API String ID: 2039140958-0
                                          • Opcode ID: 315088ac9345ab997c118f16610df75df48c00fcf779fe4fcad04f936236c0f4
                                          • Instruction ID: 6a8e93f263b5ccede1f411718857180c41c8ccc50a4a0aef90c964b99da988f6
                                          • Opcode Fuzzy Hash: 315088ac9345ab997c118f16610df75df48c00fcf779fe4fcad04f936236c0f4
                                          • Instruction Fuzzy Hash: 5A31807150D3C06FD3038B258C61AA2BFB4EF47610F1980CBE8C48F5A3D225A959C7A2
                                          Function 0093AB1E Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0093ABD1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: 15f0f905f3cec241115a4dd416bda90e60fdf9b420b25dbe77b0779566a2e8b4
                                          • Instruction ID: b58b832d309462630af81d1061a85b2d16c22afac3c9673d042f5383f99e8ec6
                                          • Opcode Fuzzy Hash: 15f0f905f3cec241115a4dd416bda90e60fdf9b420b25dbe77b0779566a2e8b4
                                          • Instruction Fuzzy Hash: 9C3184754097846FE7228B51CC84FA7BFBCEF06314F08849AE9858B653D324E909CB76
                                          Function 04D60F54 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                          Download Yara Rule
                                          APIs
                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 04D60FEB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: DescriptorSecurity$ConvertString
                                          • String ID:
                                          • API String ID: 3907675253-0
                                          • Opcode ID: fc1effb286c2aa7457fbf2fb8b8c1f90c6bdf7a2c802e715a1d7405d81a400ea
                                          • Instruction ID: 87f26adbc41ef379f7f53afe9db806453293e6efd68925be0577807ad5b6c733
                                          • Opcode Fuzzy Hash: fc1effb286c2aa7457fbf2fb8b8c1f90c6bdf7a2c802e715a1d7405d81a400ea
                                          • Instruction Fuzzy Hash: 94318F71509385AFEB21CF64DC45FA7BBF8EF45220F08849AE945DB652D324E809CB61
                                          Function 04D61658 Relevance: 1.6, APIs: 1, Instructions: 89timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessTimes.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D616F5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ProcessTimes
                                          • String ID:
                                          • API String ID: 1995159646-0
                                          • Opcode ID: d6424e693c0267ddce88190cf0606a61214c2b80069169afb1d21b6a37ac9422
                                          • Instruction ID: 684687566b034c7ff096ff36bc202e2357d25bb57b8cf685a83f72afe2a41d27
                                          • Opcode Fuzzy Hash: d6424e693c0267ddce88190cf0606a61214c2b80069169afb1d21b6a37ac9422
                                          • Instruction Fuzzy Hash: 9731D7764097809FE712CF60DC45F96BFB8EF46314F08849AE9858F193D325A909CB75
                                          Function 0093A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 0093A6B9
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: e0ab42047450180c38ca97c56449f2a5c8324a0c07808e585f5961ea622bf4db
                                          • Instruction ID: 18c04adc34c57df3b6336e57a609ef0ef09ff39385855916b82decdb628fa5ed
                                          • Opcode Fuzzy Hash: e0ab42047450180c38ca97c56449f2a5c8324a0c07808e585f5961ea622bf4db
                                          • Instruction Fuzzy Hash: 823181B55093805FE711CB65CC85B96BFF8EF06314F08849AE9848F292D365E909CB62
                                          Function 04D62A56 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 04D62AF1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: d37cd2d88874a2e5fcb3ee9ebe6c3e452dc8cbf62fd81eb4d9f0b15d820c8b0b
                                          • Instruction ID: 1c15300344bd07a9c83708a87035f91fa0fc3540ac5f766be7345b2e81aac8a6
                                          • Opcode Fuzzy Hash: d37cd2d88874a2e5fcb3ee9ebe6c3e452dc8cbf62fd81eb4d9f0b15d820c8b0b
                                          • Instruction Fuzzy Hash: 6E215E72600704AFEB31DE55CC84FA7BBECEF08714F04895AE946C6A51E764E5098AA1
                                          Function 0093AE79 Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0093AF1D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 5b9f1f51d999ef39cb80659e4a91bcda7828958976be23125c486f061a68cc78
                                          • Instruction ID: 15683edd4f2fad016bc5240330ab2677a42a8eee1ee9db98f0d83ab6a528debb
                                          • Opcode Fuzzy Hash: 5b9f1f51d999ef39cb80659e4a91bcda7828958976be23125c486f061a68cc78
                                          • Instruction Fuzzy Hash: C1318FB1504340AFE721CF65CC85F52FBE8EF05710F08849EE9858B652D375E808CB62
                                          Function 0093A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 0093A40C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: ae32e7ce28a4535c532f8dfa7c6126d10cd17d495d9fc73f10fc41569e02608d
                                          • Instruction ID: 3264958ff966a42ac9608f30797367bbbc3ebdada6e6c8b2704255ba583c5d50
                                          • Opcode Fuzzy Hash: ae32e7ce28a4535c532f8dfa7c6126d10cd17d495d9fc73f10fc41569e02608d
                                          • Instruction Fuzzy Hash: 2E316175509780AFE721CF11CC84F92BBFCEF45710F08849AE9858B692D364E949CB62
                                          Function 04D617FA Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          • getaddrinfo.WS2_32(?,00000E24), ref: 04D6189F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: getaddrinfo
                                          • String ID:
                                          • API String ID: 300660673-0
                                          • Opcode ID: 92acd5c924372ad0129ad0f73e03684c21c986d04661240ab4e874e786e9a9fa
                                          • Instruction ID: 545ac4629cd325d29d3b60715b6b2ea72e8613a2b58292153f2ae72935c5ad85
                                          • Opcode Fuzzy Hash: 92acd5c924372ad0129ad0f73e03684c21c986d04661240ab4e874e786e9a9fa
                                          • Instruction Fuzzy Hash: DF21D372500300BFFB209F90CC84FAAF7ACEF04714F04885AFA499A681D775E5098BB5
                                          Function 04D62D98 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetExitCodeProcess.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62E2C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: CodeExitProcess
                                          • String ID:
                                          • API String ID: 3861947596-0
                                          • Opcode ID: 41c2d60c1049dd975e6673cacd0c671b53492d3dcda31b296a5b5f52c63d276b
                                          • Instruction ID: c8f32cbfda90c27b3dc9120f7f1d6b0b783677fb9df42db6184d8226037fcb21
                                          • Opcode Fuzzy Hash: 41c2d60c1049dd975e6673cacd0c671b53492d3dcda31b296a5b5f52c63d276b
                                          • Instruction Fuzzy Hash: 1C21B4B150D3C05FE7138B60DC54B96BFB8EF42224F0884DBE8898F193D269A949C7A1
                                          Function 0093A120 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnumWindows.USER32(?,00000E24,?,?), ref: 0093A1C2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: EnumWindows
                                          • String ID:
                                          • API String ID: 1129996299-0
                                          • Opcode ID: 5085ebd70a63a8000cb58a0d0f4056ede55a7e06a4ea5ba9524f24ed919b7e1c
                                          • Instruction ID: 423ee4ebdb7c7a98bf0fde8a098427bda202880c7c5b281c1f4896c9c5ded1dd
                                          • Opcode Fuzzy Hash: 5085ebd70a63a8000cb58a0d0f4056ede55a7e06a4ea5ba9524f24ed919b7e1c
                                          • Instruction Fuzzy Hash: AD21B77140D3C06FD3128B258C55BA6BFB4EF47620F1985CBD8C4CF593D225A919C7A2
                                          Function 04D62CC9 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: select
                                          • String ID:
                                          • API String ID: 1274211008-0
                                          • Opcode ID: 33057beb59e2fc73c10a78c0716177bb06585d8115a40ddb17a0dc3e995a4b6a
                                          • Instruction ID: efd6311bee9beb5043abe470400278528231f4f3e8e09017ac6e186007ed6937
                                          • Opcode Fuzzy Hash: 33057beb59e2fc73c10a78c0716177bb06585d8115a40ddb17a0dc3e995a4b6a
                                          • Instruction Fuzzy Hash: 1E216D755097849FD722CF25CC44B92BFF8EF06310F0884DAE985CB1A2D235E949CBA1
                                          Function 0093B430 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0093B4BE
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 4ab4c8755e8ed18140de8dabb5ff31d6c3aed39ca8c5c47fc3c7872c6a61b22f
                                          • Instruction ID: 8a4393b42147a71ae53355f445b7054d08f869cda64a6d24308f233d782776d1
                                          • Opcode Fuzzy Hash: 4ab4c8755e8ed18140de8dabb5ff31d6c3aed39ca8c5c47fc3c7872c6a61b22f
                                          • Instruction Fuzzy Hash: E9214B715093C09FD7128B65DC95B92BFB8AF57320F0D84DBD984CB1A3D224D858CB62
                                          Function 0093AF74 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 0093B009
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: dab45508bc9421804c09a74a09367ef7452b739835844779b1c0766128bc7298
                                          • Instruction ID: 769cec7b862ae2b2899270f1c2af43e214c2ddb4d1620854ea58a110caac0a25
                                          • Opcode Fuzzy Hash: dab45508bc9421804c09a74a09367ef7452b739835844779b1c0766128bc7298
                                          • Instruction Fuzzy Hash: 11210AB54097806FE7128B21DC45BA2BFBCEF47724F0881D6E9848B693D364AD09C7B1
                                          Function 04D60A96 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 04D60B22
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: Socket
                                          • String ID:
                                          • API String ID: 38366605-0
                                          • Opcode ID: 753038dcca82fe409d0bd7cfa8b65cb22bd78dfde2bfb6d529c8ac9c9c73d516
                                          • Instruction ID: 280a82f6c6f32dc0fbac3bffbc37db48681f3347d7d3ca31c139492e1cc46b7f
                                          • Opcode Fuzzy Hash: 753038dcca82fe409d0bd7cfa8b65cb22bd78dfde2bfb6d529c8ac9c9c73d516
                                          • Instruction Fuzzy Hash: 22218271409780AFE722CF55DC45F96FFF8EF05214F04849EE9858B652D375A408CB62
                                          Function 04D6110A Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: FileView
                                          • String ID:
                                          • API String ID: 3314676101-0
                                          • Opcode ID: 1dfeec2fe27e7ef13ec3ff90a35be5b2c3963e4a65be0a55fb872ed684f2a3fb
                                          • Instruction ID: 34682091ca395a0b3db7b7efd5ecbf715eae1a4cf8266614995f05798b739914
                                          • Opcode Fuzzy Hash: 1dfeec2fe27e7ef13ec3ff90a35be5b2c3963e4a65be0a55fb872ed684f2a3fb
                                          • Instruction Fuzzy Hash: A6219F71409384AFE722CF55DC44F96FFF8EF09224F04849EE9858B652D369E508CBA2
                                          Function 0093A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 0093A4F8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: e058f364470d04de3cc379618536367ead56fd878ebbe91142d63bd1d2120c26
                                          • Instruction ID: 6c002c49eb58edddbc5314a04f33151e49d87a3bc8e608d903cd122da22c69c1
                                          • Opcode Fuzzy Hash: e058f364470d04de3cc379618536367ead56fd878ebbe91142d63bd1d2120c26
                                          • Instruction Fuzzy Hash: 2E2192765083806FD7228F51DC44F67BFBCEF46610F08849AE985CB652D364E848CBB2
                                          Function 04D60F7A Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                          Download Yara Rule
                                          APIs
                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 04D60FEB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: DescriptorSecurity$ConvertString
                                          • String ID:
                                          • API String ID: 3907675253-0
                                          • Opcode ID: 76429c8d68698f86c8d1f12db4f5a5bfb8a1508bb88149f02311dd756e46283a
                                          • Instruction ID: a74be97dd1d6c48748ecfbb15fb2664f618cfd91eed509f1fa017e435f387457
                                          • Opcode Fuzzy Hash: 76429c8d68698f86c8d1f12db4f5a5bfb8a1508bb88149f02311dd756e46283a
                                          • Instruction Fuzzy Hash: 7821D471600245AFEB20DF65DC44FABFBECEF44714F04845AE945CB641E334E8088AB1
                                          Function 0093AE9E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0093AF1D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: ff022702bb2356cff9e497913aad627bdfc67e23cac285e1b44dba070f205c55
                                          • Instruction ID: f5e205f0d531c52086ab6504d5610efaeb83c8f367e69cd9d81494b0fedd77e7
                                          • Opcode Fuzzy Hash: ff022702bb2356cff9e497913aad627bdfc67e23cac285e1b44dba070f205c55
                                          • Instruction Fuzzy Hash: E4218EB1504240AFEB20CF65CD45B66FBE8EF08724F14886EE9858B651D375E809CB62
                                          Function 04D60E6E Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D60F00
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 0712f07cb4702d256082c293c69705b1c9d8de3df9628ab35f2cf3a9cf558f40
                                          • Instruction ID: 3c7bd35278e72f80912479a44466fb4523b25c049caa365acf98b8051ee1bbd1
                                          • Opcode Fuzzy Hash: 0712f07cb4702d256082c293c69705b1c9d8de3df9628ab35f2cf3a9cf558f40
                                          • Instruction Fuzzy Hash: 9021AF76508340AFD722CF51CC44FA7FBF8EF45610F08849AE9858B692D364E948CBB1
                                          Function 0093AB52 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0093ABD1
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: Open
                                          • String ID:
                                          • API String ID: 71445658-0
                                          • Opcode ID: bb54fd2553316a1aca2513843b66c9dbd49885cb9fbea8e0b6536a1bbb54e0c9
                                          • Instruction ID: 256e6d2f7ea0e0cb6921aa01c7ba85fbad257d57ce7ba60d055835b76aa91ffd
                                          • Opcode Fuzzy Hash: bb54fd2553316a1aca2513843b66c9dbd49885cb9fbea8e0b6536a1bbb54e0c9
                                          • Instruction Fuzzy Hash: DF21A172504204AFE720DF51DC84FABFBFCEF14714F14845AE9858BA52D724E94C8AB6
                                          Function 04D62E8F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessWorkingSetSize.KERNEL32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62F0B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ProcessSizeWorking
                                          • String ID:
                                          • API String ID: 3584180929-0
                                          • Opcode ID: d9abc8a927713ea23ac62f9d411bcec60e7f88d22b8b44737433cf96f982aec6
                                          • Instruction ID: e9036cc13eedd2896e642b49bcaf638bf59639dbfac54d8926a4f86f157f2858
                                          • Opcode Fuzzy Hash: d9abc8a927713ea23ac62f9d411bcec60e7f88d22b8b44737433cf96f982aec6
                                          • Instruction Fuzzy Hash: E22192715093806FD721CF51DC44BA7BFB8EF45224F08849FE949DB692D364A908CBA5
                                          Function 04D62F73 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetProcessWorkingSetSize.KERNEL32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62FEF
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ProcessSizeWorking
                                          • String ID:
                                          • API String ID: 3584180929-0
                                          • Opcode ID: d9abc8a927713ea23ac62f9d411bcec60e7f88d22b8b44737433cf96f982aec6
                                          • Instruction ID: 01c7ea150a68c245dbdacb8cc2cdd0bc0d34b9c386cd0377c7d9a4bf368e06bb
                                          • Opcode Fuzzy Hash: d9abc8a927713ea23ac62f9d411bcec60e7f88d22b8b44737433cf96f982aec6
                                          • Instruction Fuzzy Hash: 182192715093806FEB21CF51DC44BA7FFB8EF45224F08849BE9458B692D365A908CBA5
                                          Function 04D613A1 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                          Download Yara Rule
                                          APIs
                                          • shutdown.WS2_32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D61424
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: shutdown
                                          • String ID:
                                          • API String ID: 2510479042-0
                                          • Opcode ID: 2cc1ed201f981b6f5e3429e21b29a1a5914642a5bfbd76d23755a8bf83edaf83
                                          • Instruction ID: 30900e4f064fbadae13eb2c92fbd7c4d438bef6605cb1b7ce5c6027d52da4ccf
                                          • Opcode Fuzzy Hash: 2cc1ed201f981b6f5e3429e21b29a1a5914642a5bfbd76d23755a8bf83edaf83
                                          • Instruction Fuzzy Hash: 9721C9B1409380AFD712CF51CC44B96FFB8EF46224F0884DBE9849F652D368A548C7B1
                                          Function 0093A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 0093A6B9
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 5a1b606ab31faf84b9d68da392edeba595ca88202a04d4026354a67415707cc1
                                          • Instruction ID: a344e517de0c2fc0cf88549bc68171e502498bfcadbff4ebace6f911c57e12e5
                                          • Opcode Fuzzy Hash: 5a1b606ab31faf84b9d68da392edeba595ca88202a04d4026354a67415707cc1
                                          • Instruction Fuzzy Hash: 8521C2B15042409FE710CF65CC85BA6FBE8EF04324F08886AE9858F741D375E809CA62
                                          Function 04D6082E Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadFile.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D608AD
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: e80457164ed5e824301e939fb4e471022c729f6f4175626528a809fa5e396de8
                                          • Instruction ID: a9f2fd29cd77948ea76bf4f371d032acabd7511a82c05ed3b0adeaf6dbc54c4c
                                          • Opcode Fuzzy Hash: e80457164ed5e824301e939fb4e471022c729f6f4175626528a809fa5e396de8
                                          • Instruction Fuzzy Hash: 4F21A171409380AFDB22CF51DC44F97FFB8EF45620F08849AE9858B652D375A808CBB6
                                          Function 04D62C03 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                          Download Yara Rule
                                          APIs
                                          • ioctlsocket.WS2_32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62C7F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ioctlsocket
                                          • String ID:
                                          • API String ID: 3577187118-0
                                          • Opcode ID: 052cb35ad1be6daa23c8f755111d6785c14a103d3a85c4bad453fa32664fb3eb
                                          • Instruction ID: a799ed58ebe55ab913a9967024350d1166003ee67d642e298a3ebe613a10107b
                                          • Opcode Fuzzy Hash: 052cb35ad1be6daa23c8f755111d6785c14a103d3a85c4bad453fa32664fb3eb
                                          • Instruction Fuzzy Hash: F521A1755093806FD722CF50CC84F96FFB8EF45314F08849AE9459B652D374A908C7A6
                                          Function 0093A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 0093A40C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: c44882b8ebd66e141453e9b93699445fb779192f2ae53bb8396c359ac638be91
                                          • Instruction ID: 80991813cf72bf087e00e0bdce6fb298752a4fe05924619ff0a18fe761d61c38
                                          • Opcode Fuzzy Hash: c44882b8ebd66e141453e9b93699445fb779192f2ae53bb8396c359ac638be91
                                          • Instruction Fuzzy Hash: 572190766046049FE720CF55CC88FA6F7ECEF04710F14845AE9858B651D764E809CAB2
                                          Function 0093AC19 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 0093AC97
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: 01bb5c96175dd5fc1600539fb35a5bda263832c80435a22307ecc53673eaeda2
                                          • Instruction ID: 8dadca44163462b0a31e03c2d36e51ff2f358ee4046df07808e6d3c7bf3053e5
                                          • Opcode Fuzzy Hash: 01bb5c96175dd5fc1600539fb35a5bda263832c80435a22307ecc53673eaeda2
                                          • Instruction Fuzzy Hash: 8421A4755093C45FDB12CF25DC85B92BFE8EF46324F0984DAD8858F263D2749849CB62
                                          Function 04D60AB6 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 04D60B22
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: Socket
                                          • String ID:
                                          • API String ID: 38366605-0
                                          • Opcode ID: 08190d5eccaccb8f73d7e7b140ece7c1fee8062a2afb35bd52bb02fa7c2c9a1f
                                          • Instruction ID: 57f8b35cc6283393b25ecabb1b9c3683ba3968cfcb58dfa76413a91cc72d44e4
                                          • Opcode Fuzzy Hash: 08190d5eccaccb8f73d7e7b140ece7c1fee8062a2afb35bd52bb02fa7c2c9a1f
                                          • Instruction Fuzzy Hash: 2B21D171504200AFEB21CF95DC44FA6FBF8EF04324F04886EE9868A652D376F409CB62
                                          Function 04D619AA Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04D61A26
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: Connect
                                          • String ID:
                                          • API String ID: 3144859779-0
                                          • Opcode ID: 0c42ebe7030df3cbca20727d039b48620f7d2d33cfb035ac6df020fb3badfdcb
                                          • Instruction ID: d04311d162bab018cc880e37c8fc00037254f0932eeaa9c567fc775bf6c1bbb4
                                          • Opcode Fuzzy Hash: 0c42ebe7030df3cbca20727d039b48620f7d2d33cfb035ac6df020fb3badfdcb
                                          • Instruction Fuzzy Hash: EE219F75409380AFDB228F51DC44B62BFF4EF46310F0885DAE9858B263D335E819DB61
                                          Function 04D6112A Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: FileView
                                          • String ID:
                                          • API String ID: 3314676101-0
                                          • Opcode ID: 8f9952dba9065bc72cc5588ac237bbda86c5796d368626064c98c08619bc8ed2
                                          • Instruction ID: 78dd64bdf5e961f860516fa5e69e4f2c91968eea701d743163ff3f5a4f6f1663
                                          • Opcode Fuzzy Hash: 8f9952dba9065bc72cc5588ac237bbda86c5796d368626064c98c08619bc8ed2
                                          • Instruction Fuzzy Hash: C221C371504204AFE721CF55DC45FAAFBF8EF08224F04845DE9858B651D375F509CBA2
                                          Function 0093B741 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32EnumProcesses.KERNEL32(?,?,?,A08380A9,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 0093B7B2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: EnumProcesses
                                          • String ID:
                                          • API String ID: 84517404-0
                                          • Opcode ID: 2854899512a965896232c9a57ca1f6cb78d69aae571c0a27d4642ef37806678c
                                          • Instruction ID: 41cb3fbde73bdd930c64cf32429cf503925df86b938d0a3ff3f19e9ed83a8a2e
                                          • Opcode Fuzzy Hash: 2854899512a965896232c9a57ca1f6cb78d69aae571c0a27d4642ef37806678c
                                          • Instruction Fuzzy Hash: E12150755093809FD712CB65DC54B92BFF8EF46310F0984EAE985CB662D225A908CB61
                                          Function 04D61D42 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNELBASE(?,00000E24), ref: 04D61DCB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 1ae1100d86043f178aaa084a54debe900c4ac9b923898fb65e54e5a008baf7e3
                                          • Instruction ID: 18c382f60d5e90139f92a774a79761c0cd4e4399736ec3e417f0e172045e4ec1
                                          • Opcode Fuzzy Hash: 1ae1100d86043f178aaa084a54debe900c4ac9b923898fb65e54e5a008baf7e3
                                          • Instruction Fuzzy Hash: B4110671004380AFE721CF11CC85FA6FFB8EF45720F08809AF9449B692D374A948CB66
                                          Function 04D60E8E Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D60F00
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: bb3eb83dcc2194e951a35baff1dee2f697428488dc4b387ead4e10ec87ab61d4
                                          • Instruction ID: 8625979af22890bf8a0a32557f72e8ee50f50513cfd9b9bb1dc1995931035bc4
                                          • Opcode Fuzzy Hash: bb3eb83dcc2194e951a35baff1dee2f697428488dc4b387ead4e10ec87ab61d4
                                          • Instruction Fuzzy Hash: 04117F76500604AFEB21CF55DC44FA6F7E8EF44714F08C45AE9468AA51D764E448CAB1
                                          Function 0093A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 0093A4F8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 8e0f30ecef7b778ab042e612ec639aceecd9ab29fe9e27d655d08c187d15e64f
                                          • Instruction ID: c9d1ebcd588fec82fc1898897d502020dbe51f17f07f44fc8613d41813665680
                                          • Opcode Fuzzy Hash: 8e0f30ecef7b778ab042e612ec639aceecd9ab29fe9e27d655d08c187d15e64f
                                          • Instruction Fuzzy Hash: 96118EB6500600AFEB218F51DC45FA6FBECEF44714F14845AED858AA51D764E8488AB2
                                          Function 04D61696 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessTimes.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D616F5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ProcessTimes
                                          • String ID:
                                          • API String ID: 1995159646-0
                                          • Opcode ID: 6167df62bb4f2c81cf97b0115b785a1a4fdef87fae36c4cb646fb75d3e920d6e
                                          • Instruction ID: 342b49802e36912e3275ac02866edb1c5d56034e7a4ec9abb0b96199883904e5
                                          • Opcode Fuzzy Hash: 6167df62bb4f2c81cf97b0115b785a1a4fdef87fae36c4cb646fb75d3e920d6e
                                          • Instruction Fuzzy Hash: 9111E276504200EFEB21CF91DC45FAAFBF8EF44724F18846AE9468B651D374E8088BB1
                                          Function 0093ADB4 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CopyFileW.KERNELBASE(?,?,?), ref: 0093AE1E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: 3383a8f2a47a39d239c8dec75cdfd3daaaf9ee6339bb00fbb6fd399c654dbd85
                                          • Instruction ID: 80070ca4527ec9d535e57fb1f4bcf970f20bef42e21ffcc904d0f777d6cbb6f4
                                          • Opcode Fuzzy Hash: 3383a8f2a47a39d239c8dec75cdfd3daaaf9ee6339bb00fbb6fd399c654dbd85
                                          • Instruction Fuzzy Hash: 551181B15053809FD721CF65DC85B93BFE8EF45720F0884AAE985CB252D234E808CB62
                                          Function 04D62F96 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetProcessWorkingSetSize.KERNEL32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62FEF
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ProcessSizeWorking
                                          • String ID:
                                          • API String ID: 3584180929-0
                                          • Opcode ID: 2c06d0c0004cce42ba904b2a5039642188b7d2817feafcd8dcea0727abdfd53b
                                          • Instruction ID: 10e0cfecb5caa7acbb1c402de4544b8c8dae534f80b93b9dd6e4424e904f4f3a
                                          • Opcode Fuzzy Hash: 2c06d0c0004cce42ba904b2a5039642188b7d2817feafcd8dcea0727abdfd53b
                                          • Instruction Fuzzy Hash: 9011C171604240AFEB21CF55DC84BA6FBE8EF44724F08846AED458B641D775E8088AB1
                                          Function 04D62EB2 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetProcessWorkingSetSize.KERNEL32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62F0B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ProcessSizeWorking
                                          • String ID:
                                          • API String ID: 3584180929-0
                                          • Opcode ID: 2c06d0c0004cce42ba904b2a5039642188b7d2817feafcd8dcea0727abdfd53b
                                          • Instruction ID: 2738951b1994584c21492115b5a868a1752466a9036ba26a48482d214e879809
                                          • Opcode Fuzzy Hash: 2c06d0c0004cce42ba904b2a5039642188b7d2817feafcd8dcea0727abdfd53b
                                          • Instruction Fuzzy Hash: F311C171604240AFEB21DF95DC84BA6FBE8EF44724F0484AFE949CF641D774E8088AB1
                                          Function 04D62DD6 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetExitCodeProcess.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62E2C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: CodeExitProcess
                                          • String ID:
                                          • API String ID: 3861947596-0
                                          • Opcode ID: 6dfe1a808190e3ff712da4e154b08d44e4efe61f799961316d5e20dadb55d0db
                                          • Instruction ID: ebba832f5dfc1393740ea6f2c82eea4372f301fbe9a6b99779aea2c061185127
                                          • Opcode Fuzzy Hash: 6dfe1a808190e3ff712da4e154b08d44e4efe61f799961316d5e20dadb55d0db
                                          • Instruction Fuzzy Hash: D511E371604200AFEB10DF55DC84BA6B7E8EF44724F0484AAED46CB641D774E8088AA1
                                          Function 0093BEB7 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0093BF22
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 36337f4c544cc7f93e8178fe837709cd7d7971615b6ac4dc2814f5449e9b5a2c
                                          • Instruction ID: 3768d6b3dfd5da364eb424fd8dc174cd8bae7ae82dad3f9026f9c62d7b242f5b
                                          • Opcode Fuzzy Hash: 36337f4c544cc7f93e8178fe837709cd7d7971615b6ac4dc2814f5449e9b5a2c
                                          • Instruction Fuzzy Hash: 63118471409780AFDB228F51DC44B62FFF8EF4A710F0884DAED898B562D375A818DB61
                                          Function 04D61C8D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoGetObjectContext.COMBASE(?,?), ref: 04D61CFF
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ContextObject
                                          • String ID:
                                          • API String ID: 3343934925-0
                                          • Opcode ID: 1b8ddb3c3605121218aa5ddb490dca4d6aff2372cb109896eee70850dda555ba
                                          • Instruction ID: ce1653b2b25ef8eb8789cad9868ea25450ff468f0336fe9a27acf415b462a7f2
                                          • Opcode Fuzzy Hash: 1b8ddb3c3605121218aa5ddb490dca4d6aff2372cb109896eee70850dda555ba
                                          • Instruction Fuzzy Hash: 71118E754093849FD7128F25CC45B62FFB4EF47320F0980DED9854F263D269A949DB62
                                          Function 04D6084E Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • ReadFile.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D608AD
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: f8974e49e4ea4476a0e8553db9083d5ec1644c671a0ee731c43d0b7045ea967a
                                          • Instruction ID: 9e6337739fad3a766f965f688cb9f6fb64722434f34b665c5985a71a12e838f2
                                          • Opcode Fuzzy Hash: f8974e49e4ea4476a0e8553db9083d5ec1644c671a0ee731c43d0b7045ea967a
                                          • Instruction Fuzzy Hash: ED11BF72504200AFEB21DF91DC44BA6FBF8EF44724F14845AE9898AA51D375E4088BB1
                                          Function 04D62C26 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                          Download Yara Rule
                                          APIs
                                          • ioctlsocket.WS2_32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D62C7F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ioctlsocket
                                          • String ID:
                                          • API String ID: 3577187118-0
                                          • Opcode ID: bc1caa3a3b1f3703ee2bc48015f0d537875d9da02fb6f8dea02a217281a963f6
                                          • Instruction ID: 343d1ba34913a7c8f5b7f6a6e2867c7179d119156908127a75b5c1db6b5672f5
                                          • Opcode Fuzzy Hash: bc1caa3a3b1f3703ee2bc48015f0d537875d9da02fb6f8dea02a217281a963f6
                                          • Instruction Fuzzy Hash: 4311A075504200AFEB21DF91DC84BA6FBE8EF44724F18C4AAED468B741D775E4088AB6
                                          Function 04D613CE Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          • shutdown.WS2_32(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 04D61424
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: shutdown
                                          • String ID:
                                          • API String ID: 2510479042-0
                                          • Opcode ID: 09845266208e243c6ebdf5602cf690effb583df97ec8d9448e66aba6f778b0ea
                                          • Instruction ID: 645d79c1a0f16b707ebbceac45bf173d67c882eacc1e69ad7d2e8949f668dd01
                                          • Opcode Fuzzy Hash: 09845266208e243c6ebdf5602cf690effb583df97ec8d9448e66aba6f778b0ea
                                          • Instruction Fuzzy Hash: 0D11C275504200AFEB21CF51DC84BAAFBE8EF44624F1484AAED459FA41D374F4088AB1
                                          Function 04D61D62 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • LoadLibraryA.KERNELBASE(?,00000E24), ref: 04D61DCB
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 5f7cde562bf4994759ec9be64160481207448f7564f4c82c98a818dfba84ac3d
                                          • Instruction ID: 32880d89f2d559a4b089978f652ac9e0f35f44cbf7af729fcf895597bf4d11aa
                                          • Opcode Fuzzy Hash: 5f7cde562bf4994759ec9be64160481207448f7564f4c82c98a818dfba84ac3d
                                          • Instruction Fuzzy Hash: 7711E575500200AFE7209F55DC85BAAFBA8DF44724F14C099ED455A781D3B4F948CAA6
                                          Function 0093A2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 0093A330
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 25eed0fc7cb405cb01e6425cb395f0d14c0da41c0e7c951bfbfe9e7618079d7c
                                          • Instruction ID: 9027f0041100665526a91d3da8b8f9eaa3d2e8c5594f6f8537d3b6c77be6846a
                                          • Opcode Fuzzy Hash: 25eed0fc7cb405cb01e6425cb395f0d14c0da41c0e7c951bfbfe9e7618079d7c
                                          • Instruction Fuzzy Hash: 9A118F754093C0AFDB228B15DC54A62BFB8DF47720F0880CBEDC58B263C265A908DB72
                                          Function 04D62D02 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: select
                                          • String ID:
                                          • API String ID: 1274211008-0
                                          • Opcode ID: 0e933fb826ca5ccb29402824eeadadb29ea89db056fdd16b5bb013f30e0fad6e
                                          • Instruction ID: 66b77e8113ba9a1bd7cd15b9351aafaefa3b6cbe6a2a6d6efa629b6c0db90c2c
                                          • Opcode Fuzzy Hash: 0e933fb826ca5ccb29402824eeadadb29ea89db056fdd16b5bb013f30e0fad6e
                                          • Instruction Fuzzy Hash: 79113D756006449FDB20DF55D884B92FBE8EF04710F0884AADD4ACB691D775F448CFA1
                                          Function 0093A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: send
                                          • String ID:
                                          • API String ID: 2809346765-0
                                          • Opcode ID: 370cf6106e55e4376311bb9c289a439dac2117b76e31c846467a5a41a7cb1ce7
                                          • Instruction ID: 11e5da7b1c7304d78c844411f9d3cb91d3034f45fd58e1355a71b912d471f0cf
                                          • Opcode Fuzzy Hash: 370cf6106e55e4376311bb9c289a439dac2117b76e31c846467a5a41a7cb1ce7
                                          • Instruction Fuzzy Hash: 4B118C75409780AFDB22CF55DC44B52FFB4EF46324F08889AED858B662D275A818CB62
                                          Function 0093ADD6 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                          Download Yara Rule
                                          APIs
                                          • CopyFileW.KERNELBASE(?,?,?), ref: 0093AE1E
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CopyFile
                                          • String ID:
                                          • API String ID: 1304948518-0
                                          • Opcode ID: 427c7c30967041140ea838f1fe5f0d1f0548283417cc0d47b252dda8f889c54d
                                          • Instruction ID: 5eeb6e74cf1a75a7cff50fb6b617587d8fc58d5b9eccb9870122bc35097b032c
                                          • Opcode Fuzzy Hash: 427c7c30967041140ea838f1fe5f0d1f0548283417cc0d47b252dda8f889c54d
                                          • Instruction Fuzzy Hash: 681130756002408FDB20CF55DC85756BBE8EB54720F0884AADD89CB651D775E854CEA2
                                          Function 0093B476 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                          Download Yara Rule
                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0093B4BE
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 427c7c30967041140ea838f1fe5f0d1f0548283417cc0d47b252dda8f889c54d
                                          • Instruction ID: 9135fe1e5bb901bc58172ee5926bd3e3af543cf99d54c6ee5b7d5ba0fad09f85
                                          • Opcode Fuzzy Hash: 427c7c30967041140ea838f1fe5f0d1f0548283417cc0d47b252dda8f889c54d
                                          • Instruction Fuzzy Hash: 811182716002408FEB10CF59D885B66FBE8EF44720F0884AADE45CB752D334E804CF61
                                          Function 0093AFB6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetFileType.KERNELBASE(?,00000E24,A08380A9,00000000,00000000,00000000,00000000), ref: 0093B009
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: FileType
                                          • String ID:
                                          • API String ID: 3081899298-0
                                          • Opcode ID: c51cff9d10dad01d0db92a722d50996896ea5ca20d0782336f85dde391105a02
                                          • Instruction ID: 912798d0ba7eb210f4ef893c8e09fa7fb0446ce62dc7d032fa545b153bdb4e05
                                          • Opcode Fuzzy Hash: c51cff9d10dad01d0db92a722d50996896ea5ca20d0782336f85dde391105a02
                                          • Instruction Fuzzy Hash: 0901D275504200AFE720CB51DC84BA7FBECDF44724F14C09AEE099B745D378E9088AB6
                                          Function 0093A9E4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForInputIdle.USER32(?,?), ref: 0093AA3B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: IdleInputWait
                                          • String ID:
                                          • API String ID: 2200289081-0
                                          • Opcode ID: b964581ffd6f1d93ffed7d1226f46524ddf27cdd062c048032812739a788bb2c
                                          • Instruction ID: 57029381fa2f8f47436531ea863ba60f6a22ff00ec3a1a9b777f3b607bb5babb
                                          • Opcode Fuzzy Hash: b964581ffd6f1d93ffed7d1226f46524ddf27cdd062c048032812739a788bb2c
                                          • Instruction Fuzzy Hash: 2211A0714093809FDB118F55DC84B52FFF8EF46320F0884DAED858F262D279A809CB62
                                          Function 04D619DA Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04D61A26
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: Connect
                                          • String ID:
                                          • API String ID: 3144859779-0
                                          • Opcode ID: 61e79cda51f4d1b4689c28aa23a328ab045a2b637feff7c7df634d96d7cd78c7
                                          • Instruction ID: 2ecad6d2609b31c59cf98614cd904a15f7ea2f248e1f7f441f0ab55f67ffe71c
                                          • Opcode Fuzzy Hash: 61e79cda51f4d1b4689c28aa23a328ab045a2b637feff7c7df634d96d7cd78c7
                                          • Instruction Fuzzy Hash: 4A117C35504644DFDB20CF95D844B66FBE4FF08720F0889AADD8A8B622E335E419DB61
                                          Function 0093B772 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                          Download Yara Rule
                                          APIs
                                          • K32EnumProcesses.KERNEL32(?,?,?,A08380A9,00000000,?,?,?,?,?,?,?,?,6CEA3C58), ref: 0093B7B2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: EnumProcesses
                                          • String ID:
                                          • API String ID: 84517404-0
                                          • Opcode ID: d0c2b48e1530dfc41c3f8f745366dfb6ff9f97bd1c6da34fbd0f2e97830d4e5b
                                          • Instruction ID: 4527af78aa84b9df2ca2b0db164be4a3669fa8110c01ed420cbdd35e9e021e76
                                          • Opcode Fuzzy Hash: d0c2b48e1530dfc41c3f8f745366dfb6ff9f97bd1c6da34fbd0f2e97830d4e5b
                                          • Instruction Fuzzy Hash: B311A1756002448FDB10CF65D884B56FBE8EF44720F18C4AADE4A8BB51D335E808CF62
                                          Function 0093AC5A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 0093AC97
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: c997acb71cb18292b22e0e84bff91d768f1b43c627ef636657d72e269d1682cf
                                          • Instruction ID: 93e054e21d2c9b14c57bb24df845531dda243c57c51b22ada964321feda7cc49
                                          • Opcode Fuzzy Hash: c997acb71cb18292b22e0e84bff91d768f1b43c627ef636657d72e269d1682cf
                                          • Instruction Fuzzy Hash: 780192756002448FDB10CF55DC85766FBE8EF44720F08C4AADD85CB742D279E844DEA2
                                          Function 04D61AD6 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 04D61B26
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: InformationVolume
                                          • String ID:
                                          • API String ID: 2039140958-0
                                          • Opcode ID: 55f196631adb59e04f07d9352855807d2701416766047c28944aef8fd2f2153c
                                          • Instruction ID: 86c2153e02fa46d4adb61654c8143b18bd393c387f28663c2c360a4588884427
                                          • Opcode Fuzzy Hash: 55f196631adb59e04f07d9352855807d2701416766047c28944aef8fd2f2153c
                                          • Instruction Fuzzy Hash: AB01B171600200ABD310DF16CC45B66FBE8EB88A20F14815AEC089BB41E731F915CBE5
                                          Function 0093A172 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule
                                          APIs
                                          • EnumWindows.USER32(?,00000E24,?,?), ref: 0093A1C2
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: EnumWindows
                                          • String ID:
                                          • API String ID: 1129996299-0
                                          • Opcode ID: e58ea50ec973f7f8d7e54aab6202d7ab75bcef0db9d3b2a2e094158fedbbf182
                                          • Instruction ID: ccb442439759ab6c849d30c3757e2eadc72a69e9bff0642af683f1be6f2b31f9
                                          • Opcode Fuzzy Hash: e58ea50ec973f7f8d7e54aab6202d7ab75bcef0db9d3b2a2e094158fedbbf182
                                          • Instruction Fuzzy Hash: F901D471600200AFD710DF16CC45B66FBE8FB88A20F14815AEC089BB41E735F915CBE5
                                          Function 0093BEDE Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0093BF22
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 524bf6bea6f25ef9ccfdf845354d5a6d9c60bf00710bdfe42aae940f0f85c50e
                                          • Instruction ID: 1ed3a422d7a98dac37c8321f06477983b83353b4db87652ac6088be490799db0
                                          • Opcode Fuzzy Hash: 524bf6bea6f25ef9ccfdf845354d5a6d9c60bf00710bdfe42aae940f0f85c50e
                                          • Instruction Fuzzy Hash: 67016D32400640DFDB219F95DC44B62FBE4EF48720F08C89AEE894A652D376E418DF62
                                          Function 04D60A1A Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 04D60A6A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: a9d7753a7adde5ddc9a1ec74172040dc87e3c3b56b0fc6dbf644580a0c53ece7
                                          • Instruction ID: d9ad895e59b7ba4126e46da0961b091b16483ef5ce8a38a78efc851bfd03fc07
                                          • Opcode Fuzzy Hash: a9d7753a7adde5ddc9a1ec74172040dc87e3c3b56b0fc6dbf644580a0c53ece7
                                          • Instruction Fuzzy Hash: 3D01A271600600ABD210DF16CC46B66FBE8FB88A20F14815AEC489BB41D771F915CBE6
                                          Function 0093A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: send
                                          • String ID:
                                          • API String ID: 2809346765-0
                                          • Opcode ID: 24cd33f12d798c32898279fe09dac5cd4784647ee13506ed6eda88a76b03877d
                                          • Instruction ID: 890aef711811b8829ef7fcf45679307067c1ca5649baf11758158481438825b8
                                          • Opcode Fuzzy Hash: 24cd33f12d798c32898279fe09dac5cd4784647ee13506ed6eda88a76b03877d
                                          • Instruction Fuzzy Hash: 960188364046409FDB20CF95D884B62FBE4EF44720F0888AADD898B652D379E458CFA2
                                          Function 0093AA06 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                          Download Yara Rule
                                          APIs
                                          • WaitForInputIdle.USER32(?,?), ref: 0093AA3B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: IdleInputWait
                                          • String ID:
                                          • API String ID: 2200289081-0
                                          • Opcode ID: 98f9e0f4ce119f6a871998dc935dc9531f4a6446f9536b56e9e74bff696ca3ba
                                          • Instruction ID: 77eb2c377c3d026c2cff2be1c6854cf9efd8b10fe08a713439452b744d1af520
                                          • Opcode Fuzzy Hash: 98f9e0f4ce119f6a871998dc935dc9531f4a6446f9536b56e9e74bff696ca3ba
                                          • Instruction Fuzzy Hash: 7C018F76504240DFDB10CF95D984766FBE4EF44720F18C8AADD898F252D379E808CEA2
                                          Function 04D61CCA Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                          Download Yara Rule
                                          APIs
                                          • CoGetObjectContext.COMBASE(?,?), ref: 04D61CFF
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137053123.0000000004D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D60000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_4d60000_server.jbxd
                                          Similarity
                                          • API ID: ContextObject
                                          • String ID:
                                          • API String ID: 3343934925-0
                                          • Opcode ID: 186a671acac2b10c384a030f620ca7d58d99b36912136ba130d0fbc2fe1db092
                                          • Instruction ID: 8c12d533c28c59fc148b5cffd4dae3270a8e163dcc4b50cc9f08aa6935bfe155
                                          • Opcode Fuzzy Hash: 186a671acac2b10c384a030f620ca7d58d99b36912136ba130d0fbc2fe1db092
                                          • Instruction Fuzzy Hash: B1F08C35500244DFEB20CF45D884B69FBE4EF44725F08C09ADE8A4B752D379E448CEA2
                                          Function 0093A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                          Download Yara Rule
                                          APIs
                                          • SetErrorMode.KERNELBASE(?), ref: 0093A330
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 47a5a00e35b0d93e2ce6bd650da722bd744c9274ba34dad899e06d4ebd1088c2
                                          • Instruction ID: f115a1d2dc4aa3a172b1f1089e846fdacdba144248ac770079836fce3c2ff234
                                          • Opcode Fuzzy Hash: 47a5a00e35b0d93e2ce6bd650da722bd744c9274ba34dad899e06d4ebd1088c2
                                          • Instruction Fuzzy Hash: BDF08735904240CFEB208F49D888761FBE4EF44720F18C09ADD894F752D2B9E848CEA2
                                          Function 0093A710 Relevance: 1.3, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 0093A780
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: f9397e7ff72a70797efc54df6ea4ca5887eceb49dfcbb5cd19dffed3e5ed2155
                                          • Instruction ID: 3af69dbe3f0d14501d021ddf0d7780d3ffe9b8bd49b6c9b6aa3fd25e59429cf0
                                          • Opcode Fuzzy Hash: f9397e7ff72a70797efc54df6ea4ca5887eceb49dfcbb5cd19dffed3e5ed2155
                                          • Instruction Fuzzy Hash: 5D21E7B55093809FD7118F15DC85752BFB8EF42320F0984EBEC858B253D335A909CBA2
                                          Function 0093B68C Relevance: 1.3, APIs: 1, Instructions: 68COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 0093B6F8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: d8b5f6c728ac2cacb06964774f47a4b5909f4a960f5331cdff8ddfab75499abd
                                          • Instruction ID: 2cf525da6259ce6dadc72f1707511b79337fd8cf795c5609bf14e2432184ec33
                                          • Opcode Fuzzy Hash: d8b5f6c728ac2cacb06964774f47a4b5909f4a960f5331cdff8ddfab75499abd
                                          • Instruction Fuzzy Hash: 1121F0725093C05FDB128B25DC54792BFB4EF43324F0D84DAE8858F663D264A908CBA2
                                          Function 0093AA81 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 0093AAE0
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: e469a1171aa35d8ea6e7a243e21db3b919a85c234814dd23a9b78a894cba45bd
                                          • Instruction ID: 1d7f47bb69764239ecffed69788958575f6e5dce67364e44c1ca54b659f78610
                                          • Opcode Fuzzy Hash: e469a1171aa35d8ea6e7a243e21db3b919a85c234814dd23a9b78a894cba45bd
                                          • Instruction Fuzzy Hash: 48116D715493C0AFDB128B65DC54B92BFB4EF47220F0884DBED848F253D275A948CBA2
                                          Function 0093B6C6 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 0093B6F8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: 6fc75dbc33e74a9d26730c5205cffcf03f1eb1583dc1bb1c52a28ef67d3bf447
                                          • Instruction ID: 98746d8c5f93774c8620ac08e304415038a60d73cbecda2698aabff6909e17ac
                                          • Opcode Fuzzy Hash: 6fc75dbc33e74a9d26730c5205cffcf03f1eb1583dc1bb1c52a28ef67d3bf447
                                          • Instruction Fuzzy Hash: 5601BC759042408FDB108F55D885796BBE8EF80720F08C4AADE4A8FA42D375E848CEA2
                                          Function 0093A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 0093A780
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: 28cdd9f2bdea1a539a900dfd3c9e3c2a4bad8e9b224cafd1ee2a8d6963260146
                                          • Instruction ID: 26f21eabdaa301cec93117189a77f059811865afbb5c8ad3bbbabc1897d96f23
                                          • Opcode Fuzzy Hash: 28cdd9f2bdea1a539a900dfd3c9e3c2a4bad8e9b224cafd1ee2a8d6963260146
                                          • Instruction Fuzzy Hash: A0017C759042408FEB108F55D9857A6FBE4EF44720F18C4ABDD8A8F752D279E848CEA2
                                          Function 0093AAAE Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                          Download Yara Rule
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 0093AAE0
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133257841.000000000093A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_93a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: da271d9eebf3970391342cc35c863adc8abc852de9aae285cce61396028149d8
                                          • Instruction ID: 967d5f0641d97ecac0f64eb10be95f288287652e474202cd33b3e07449a0b7f0
                                          • Opcode Fuzzy Hash: da271d9eebf3970391342cc35c863adc8abc852de9aae285cce61396028149d8
                                          • Instruction Fuzzy Hash: 53014B759042409FDB10CF55D9847A6FBE4EF44720F18C8AADD898F652D379A848CEA2
                                          Function 0517286C Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137499325.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_5170000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b83314ae373ad7625bff32fcc9bbda200f470e24ea14f1bc6674b5289b99cc6b
                                          • Instruction ID: 788f7a30442b5e862848a98ebb6ec24318f39b99f28b16b4ce5fe328a08d9347
                                          • Opcode Fuzzy Hash: b83314ae373ad7625bff32fcc9bbda200f470e24ea14f1bc6674b5289b99cc6b
                                          • Instruction Fuzzy Hash: 1011BAB5908341AFD350CF19D840A5BFBE4FBC8664F14895EF998D7311D235E9088FA2
                                          Function 00B0092C Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133561438.0000000000B00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_b00000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f91ac00606e8c04b656ef6943f38ad318cc3dfb6d99bcfeca9ae36e2d1d37e57
                                          • Instruction ID: d5aec0d0268027e14db2a28b5fc0438d86dc7f3c6a9beb322dcafe97b87933b8
                                          • Opcode Fuzzy Hash: f91ac00606e8c04b656ef6943f38ad318cc3dfb6d99bcfeca9ae36e2d1d37e57
                                          • Instruction Fuzzy Hash: BE11AF30218284DFE715DB58C980B26FBE5EB89718F24C5DDE8894B693C77BD803CA42
                                          Function 0094B9B4 Relevance: .1, Instructions: 52COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133305993.000000000094A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_94a000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3af60134443df01053b32d3b2e3f2557640f29104d026e0390be3666faeb5969
                                          • Instruction ID: 4f5eee2f448ae1532f248b01b2cc5ffc4ecc9d54f563441b98b4560ce8268597
                                          • Opcode Fuzzy Hash: 3af60134443df01053b32d3b2e3f2557640f29104d026e0390be3666faeb5969
                                          • Instruction Fuzzy Hash: 9911BAB5A08301AFD350CF49DC41E5BFBE8EB88660F14891EF99997311D275E9098FA2
                                          Function 00B0091A Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133561438.0000000000B00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_b00000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e1db0ce229e97dc5720f8668017ef5bb4f0bb97d744a5e85cbb07ebaa46fdca
                                          • Instruction ID: 5f98eafea5cb05c0099675b4361bec9223cb7922767c4ecde5ed32868da3de3b
                                          • Opcode Fuzzy Hash: 3e1db0ce229e97dc5720f8668017ef5bb4f0bb97d744a5e85cbb07ebaa46fdca
                                          • Instruction Fuzzy Hash: 4D117035109384CFD712CB10C980B15BFB1EB86714F28C6EED8894B6A3C33AD802CB42
                                          Function 00B005E2 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133561438.0000000000B00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_b00000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 749ceb2607fb2dfbd8e722ccdefb940ac4b1566f14368b3d0ce3f6ca4ee3f4fa
                                          • Instruction ID: dcfd1ef749fa8d3276889649bfee3844e88119c8d61ed6bbe5bd3a146c2a21de
                                          • Opcode Fuzzy Hash: 749ceb2607fb2dfbd8e722ccdefb940ac4b1566f14368b3d0ce3f6ca4ee3f4fa
                                          • Instruction Fuzzy Hash: 2401D6B55097806FD7118F159C41863FFF8DF86220708C49FEC498B612C239B808CBB2
                                          Function 00B009E8 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133561438.0000000000B00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_b00000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3892dbd386058fb4e9b4385dfaca58d4fcf48128a75afda9f01e1b9ff9c535c3
                                          • Instruction ID: a1c81973d819b266f7ddde55777987fc996202fcfe105dfa485c4ebab65d50f4
                                          • Opcode Fuzzy Hash: 3892dbd386058fb4e9b4385dfaca58d4fcf48128a75afda9f01e1b9ff9c535c3
                                          • Instruction Fuzzy Hash: CEF01D35148644DFD705DB44D580B25FBE2EB89718F24C6ADE94917792C337D813DA81
                                          Function 00B00606 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133561438.0000000000B00000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B00000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_b00000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a4ebb9f3ea4407e6aa4e2a621939e2ce8f34336e341b70ac8906511887132af
                                          • Instruction ID: 323fd3d63e63055d4c9f377f313b0641473e37cf4e5b2f1bbcb6a07f3d0a55b2
                                          • Opcode Fuzzy Hash: 3a4ebb9f3ea4407e6aa4e2a621939e2ce8f34336e341b70ac8906511887132af
                                          • Instruction Fuzzy Hash: 38E092BA6006008B9650CF0AED41462F7E8EB84630B18C47FDC0D8B711D239B508CAE6
                                          Function 05172183 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137499325.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_5170000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96ca0f59e8a2da09c6aa8fc448e5f5a9177fe2f42d4b27c88b9afc3632ba7c07
                                          • Instruction ID: ef473f4db8963b0e1a766fd56321228f2abd8b243a07d60b889f6e1aae085d1c
                                          • Opcode Fuzzy Hash: 96ca0f59e8a2da09c6aa8fc448e5f5a9177fe2f42d4b27c88b9afc3632ba7c07
                                          • Instruction Fuzzy Hash: 0DE0D8B65003006BD2209F069C45F53FBD8DB80930F18C45BED091F701D176B514CDE6
                                          Function 051728D7 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4137499325.0000000005170000.00000040.00000800.00020000.00000000.sdmp, Offset: 05170000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_5170000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 181f44896cf75c311e552b0b45acc215e462ed783cb9d2d97198cd58762ee8cd
                                          • Instruction ID: e06b31f5084f33645dbdc9f973b012f80408a312050a151147cc339ad98def11
                                          • Opcode Fuzzy Hash: 181f44896cf75c311e552b0b45acc215e462ed783cb9d2d97198cd58762ee8cd
                                          • Instruction Fuzzy Hash: 5AE0D8B65403006BD2208F069C45F52FBD8DB84931F18C46BED085F741D175B51889E6
                                          Function 0094BA03 Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133305993.000000000094A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_94a000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e1616407abcaf8f8f2f6515bb87f84c8ce7183b1e3d98a507c50834f011fc4d8
                                          • Instruction ID: dfe400ef4079ecc165ba700e2c31be555bb85c78af2a443903b007f1dacda395
                                          • Opcode Fuzzy Hash: e1616407abcaf8f8f2f6515bb87f84c8ce7183b1e3d98a507c50834f011fc4d8
                                          • Instruction Fuzzy Hash: 83E0D8B6540304ABD2208F069C45F62F798DB84931F18C55BED095F701D175B50489F6
                                          Function 009323F4 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133242255.0000000000932000.00000040.00000800.00020000.00000000.sdmp, Offset: 00932000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_932000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 211676c9aa2e0aab9a1a03970f35decff0afc69828b7325aa041f3123faf26b8
                                          • Instruction ID: 9f50c40d3387d2f7a4ca73087b4ae66ab40a1f7a83d522346a0cb7086809b929
                                          • Opcode Fuzzy Hash: 211676c9aa2e0aab9a1a03970f35decff0afc69828b7325aa041f3123faf26b8
                                          • Instruction Fuzzy Hash: F3D05E792096C14FD3169B1CC1A8B9537E8AB51714F4A44FDA8008B773C768E9C1DA00
                                          Function 009323BC Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133242255.0000000000932000.00000040.00000800.00020000.00000000.sdmp, Offset: 00932000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_932000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f1ec5c4159ad9e0ae32fe974968f04491663f7383a5ee8bd45a848018dab567
                                          • Instruction ID: d82d338af66f0e6f65ca0f7afe437abe0c20a54b8827f66e1a96c08188205f04
                                          • Opcode Fuzzy Hash: 9f1ec5c4159ad9e0ae32fe974968f04491663f7383a5ee8bd45a848018dab567
                                          • Instruction Fuzzy Hash: C1D05E352402814BC715EB0CC2D4F5977E8AB40B14F1A44ECAC108F762C7A8E8C1CE00

                                          Non-executed Functions

                                          Function 00932E46 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.4133242255.0000000000932000.00000040.00000800.00020000.00000000.sdmp, Offset: 00932000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_932000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 128d6289a863e1d0fec643af2c22e06923e07e8878c6b2cc8ebc9cef6a25454f
                                          • Instruction ID: 5dac2b200b75494ab1c79b8715d6c66418cd141a9be79bc7effe93526a4af69b
                                          • Opcode Fuzzy Hash: 128d6289a863e1d0fec643af2c22e06923e07e8878c6b2cc8ebc9cef6a25454f
                                          • Instruction Fuzzy Hash: CB316B6001E3C05FD723977448699637FB19E13248B4E89DFC4C4CF5A3D619991EE7A2

                                          Execution Graph

                                          Execution Coverage:10.5%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:12
                                          Total number of Limit Nodes:0
                                          execution_graph 555 a9a361 556 a9a392 RegQueryValueExW 555->556 558 a9a41b 556->558 551 a9a612 553 a9a646 CreateMutexW 551->553 554 a9a6c1 553->554 559 a9a462 561 a9a486 RegSetValueExW 559->561 562 a9a507 561->562 547 a9a646 548 a9a67e CreateMutexW 547->548 550 a9a6c1 548->550

                                          Callgraph

                                          Executed Functions

                                          Function 04960310 Relevance: 7.7, Strings: 6, Instructions: 191COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 4960310-4960334 2 4960336-4960338 0->2 3 496033e-4960346 0->3 2->3 4 496034e-4960391 3->4 5 4960348-496034d 3->5 8 4960393-49603bb 4->8 9 49603d8-49603ff 4->9 14 49603ce 8->14 15 496040a-4960418 9->15 14->9 16 496041f-4960434 15->16 17 496041a 15->17 19 4960436-4960460 16->19 20 496046b-4960523 16->20 17->16 19->20 39 4960525-4960569 20->39 40 4960570-4960587 20->40 39->40 41 4960880 40->41 42 496058d-49605bf 40->42 42->41
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1945131329.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_4960000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [?l^$-[?l^$2Wl$2Wl$2Wl$=[?l^
                                          • API String ID: 0-2835584909
                                          • Opcode ID: cf0162a5e9932091fdf1506aaf9848c5af65ca694f004bb708c331f40c5749a6
                                          • Instruction ID: d8cbf66541e312537067f48730f73416df580f7b977f3b18a4d42c4e7f0c673a
                                          • Opcode Fuzzy Hash: cf0162a5e9932091fdf1506aaf9848c5af65ca694f004bb708c331f40c5749a6
                                          • Instruction Fuzzy Hash: F351E3307402018FDB09EBB99851ABD77E79B86304B648079E406DB7E5DF39DD0B87A2
                                          Function 049603BD Relevance: 7.6, Strings: 6, Instructions: 135COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 53 49603bd-4960418 61 496041f-4960434 53->61 62 496041a 53->62 64 4960436-4960460 61->64 65 496046b-4960523 61->65 62->61 64->65 84 4960525-4960569 65->84 85 4960570-4960587 65->85 84->85 86 4960880 85->86 87 496058d-49605bf 85->87 87->86
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1945131329.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_4960000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [?l^$-[?l^$2Wl$2Wl$2Wl$=[?l^
                                          • API String ID: 0-2835584909
                                          • Opcode ID: f3280347888746ec802248c105862516728066bc971a325310e917ef98b6a96a
                                          • Instruction ID: 72d29f5d38713cf5acfea089178943986e411997438b4f48c4698fcbf38395cd
                                          • Opcode Fuzzy Hash: f3280347888746ec802248c105862516728066bc971a325310e917ef98b6a96a
                                          • Instruction Fuzzy Hash: E541C030B401118FDB09E7B988556BD36E75FC6358B588079E002EBBE5DF39CD0A87A2
                                          Function 00A9A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 98 a9a612-a9a695 102 a9a69a-a9a6a3 98->102 103 a9a697 98->103 104 a9a6a8-a9a6b1 102->104 105 a9a6a5 102->105 103->102 106 a9a6b3-a9a6d7 CreateMutexW 104->106 107 a9a702-a9a707 104->107 105->104 110 a9a709-a9a70e 106->110 111 a9a6d9-a9a6ff 106->111 107->106 110->111
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 00A9A6B9
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944062071.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a9a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 7d55b904dca41f670a82750172d6d936ef81e026050c747921f8dedc163c804f
                                          • Instruction ID: 5b1907f02b3fbd6713a6957e1871559aca637324b81c91f38f1e702b69fdc851
                                          • Opcode Fuzzy Hash: 7d55b904dca41f670a82750172d6d936ef81e026050c747921f8dedc163c804f
                                          • Instruction Fuzzy Hash: 463193B55093805FE712CB65CC85B96FFF8EF06314F08849AE984CF292D365E909C762
                                          Function 00A9A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 114 a9a361-a9a3cf 117 a9a3d1 114->117 118 a9a3d4-a9a3dd 114->118 117->118 119 a9a3df 118->119 120 a9a3e2-a9a3e8 118->120 119->120 121 a9a3ea 120->121 122 a9a3ed-a9a404 120->122 121->122 124 a9a43b-a9a440 122->124 125 a9a406-a9a419 RegQueryValueExW 122->125 124->125 126 a9a41b-a9a438 125->126 127 a9a442-a9a447 125->127 127->126
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,70CFB99D,00000000,00000000,00000000,00000000), ref: 00A9A40C
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944062071.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a9a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 61c1b14d9e0a8a7d0c9c6d7d823753df284aedbaaf6d0969d295a4b36feccdd5
                                          • Instruction ID: 512c91508b2bbad416a4548c3c46617774d9ae2e28bd58d39d07ced2e234c256
                                          • Opcode Fuzzy Hash: 61c1b14d9e0a8a7d0c9c6d7d823753df284aedbaaf6d0969d295a4b36feccdd5
                                          • Instruction Fuzzy Hash: BB318175509780AFD721CF11CC84F93BBF8EF05710F08849AE9858B692D364E909CBA2
                                          Function 00A9A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 131 a9a462-a9a4c3 134 a9a4c8-a9a4d4 131->134 135 a9a4c5 131->135 136 a9a4d9-a9a4f0 134->136 137 a9a4d6 134->137 135->134 139 a9a4f2-a9a505 RegSetValueExW 136->139 140 a9a527-a9a52c 136->140 137->136 141 a9a52e-a9a533 139->141 142 a9a507-a9a524 139->142 140->139 141->142
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,70CFB99D,00000000,00000000,00000000,00000000), ref: 00A9A4F8
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944062071.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a9a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: b7aea75255bca1652473ceb5adaae60b5400c19a9e353ccfe9474d6ba0b5eb12
                                          • Instruction ID: 02f5642ce9242ff6ae36ca877aec008f2359ccad517e320c7fa7068b2e470439
                                          • Opcode Fuzzy Hash: b7aea75255bca1652473ceb5adaae60b5400c19a9e353ccfe9474d6ba0b5eb12
                                          • Instruction Fuzzy Hash: 792181726083806FDB228F51DC44FA7BFF8EF45714F08849AE9858B652D364E948C7B2
                                          Function 00A9A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 146 a9a646-a9a695 149 a9a69a-a9a6a3 146->149 150 a9a697 146->150 151 a9a6a8-a9a6b1 149->151 152 a9a6a5 149->152 150->149 153 a9a6b3-a9a6bb CreateMutexW 151->153 154 a9a702-a9a707 151->154 152->151 156 a9a6c1-a9a6d7 153->156 154->153 157 a9a709-a9a70e 156->157 158 a9a6d9-a9a6ff 156->158 157->158
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 00A9A6B9
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944062071.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a9a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: d0cfdfe268d9e622d1adab04942586214ea4d16a4d619573787b330fc673a3f6
                                          • Instruction ID: 9d0d9c905ceefcb111d26060b5aaa82de25cabc3d1221f2d0c036cbda6dc6ff3
                                          • Opcode Fuzzy Hash: d0cfdfe268d9e622d1adab04942586214ea4d16a4d619573787b330fc673a3f6
                                          • Instruction Fuzzy Hash: 2D21C2716042409FEB10CF65CC85BA6FBE8EF14324F08846EE944CF741D375E809CAA2
                                          Function 00A9A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 161 a9a392-a9a3cf 163 a9a3d1 161->163 164 a9a3d4-a9a3dd 161->164 163->164 165 a9a3df 164->165 166 a9a3e2-a9a3e8 164->166 165->166 167 a9a3ea 166->167 168 a9a3ed-a9a404 166->168 167->168 170 a9a43b-a9a440 168->170 171 a9a406-a9a419 RegQueryValueExW 168->171 170->171 172 a9a41b-a9a438 171->172 173 a9a442-a9a447 171->173 173->172
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,70CFB99D,00000000,00000000,00000000,00000000), ref: 00A9A40C
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944062071.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a9a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 8278af849ea56f98bfded74c77ccda8cfaa2bbe08ab84fe64d082852397e5cef
                                          • Instruction ID: 5fb7e0e2e4c3e7d8f77c2dd17724557f538f78ee4aeb45d3bce589dc77743d9e
                                          • Opcode Fuzzy Hash: 8278af849ea56f98bfded74c77ccda8cfaa2bbe08ab84fe64d082852397e5cef
                                          • Instruction Fuzzy Hash: 74219D76600204AFEB20CF55CC84FA7F7FCEF54710F18845AE9468B651D7A0E909CAB2
                                          Function 00A9A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 177 a9a486-a9a4c3 179 a9a4c8-a9a4d4 177->179 180 a9a4c5 177->180 181 a9a4d9-a9a4f0 179->181 182 a9a4d6 179->182 180->179 184 a9a4f2-a9a505 RegSetValueExW 181->184 185 a9a527-a9a52c 181->185 182->181 186 a9a52e-a9a533 184->186 187 a9a507-a9a524 184->187 185->184 186->187
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,70CFB99D,00000000,00000000,00000000,00000000), ref: 00A9A4F8
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944062071.0000000000A9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A9A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a9a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: d95eb9bc6c3e123a587c3c58ea60c6e9e2059bc2c6ac6f9941575e245d2aedf2
                                          • Instruction ID: 01bd91ceab06dca222905ae04d9ae2c4321c8353095f6054a5ddb7cb005d751c
                                          • Opcode Fuzzy Hash: d95eb9bc6c3e123a587c3c58ea60c6e9e2059bc2c6ac6f9941575e245d2aedf2
                                          • Instruction Fuzzy Hash: AE11D0B2600200AFEB208F51CC84FA7FBFCEF54714F04845AED468AA51D360E808CAB2
                                          Function 04960080 Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 191 4960080-49600ad 194 49600b8-49602f9 191->194
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1945131329.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_4960000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 451fe521a3fe0aaaf3749cc6f82242b56a205a563ecb6cb303ba6f8b4c561ce1
                                          • Instruction ID: 7fce5ba35d50dabca336046c0223faead6a9aacc6722416e413b02c4653d0962
                                          • Opcode Fuzzy Hash: 451fe521a3fe0aaaf3749cc6f82242b56a205a563ecb6cb303ba6f8b4c561ce1
                                          • Instruction Fuzzy Hash: 6D518330246246CFCB04FBB5E59599A77B2BB952097B0C92CD0089B76FDB38594BCB81
                                          Function 04960006 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 232 4960006-4960076
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1945131329.0000000004960000.00000040.00000800.00020000.00000000.sdmp, Offset: 04960000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_4960000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a88ab657a71d3f405d6a5ae9c0775224cbd9cb0ee0968d8c2b05508f060cf106
                                          • Instruction ID: 06f0aa458a763beced0b74d46ebce98b112e141373a11cc5a2abf0a68876398d
                                          • Opcode Fuzzy Hash: a88ab657a71d3f405d6a5ae9c0775224cbd9cb0ee0968d8c2b05508f060cf106
                                          • Instruction Fuzzy Hash: DA01409904F7D24FD70383382CA4992BFB05E4700878B40CBC1D0CB5E3E549491E9762
                                          Function 00B405E0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 233 b405e0-b40603 234 b40606-b40620 233->234 235 b40626-b40643 234->235
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944749543.0000000000B40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_b40000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be767609f162e9c867a0723b7afcd2a9293fc440b6d2ad589aca61cb4ca06038
                                          • Instruction ID: 554ac3e8153e36daf9db8f5484235ee3f55116e0706e960bdc3c866cd0c920c4
                                          • Opcode Fuzzy Hash: be767609f162e9c867a0723b7afcd2a9293fc440b6d2ad589aca61cb4ca06038
                                          • Instruction Fuzzy Hash: 3AF086B65093446FD7118F059D41862FFF8EF86620709C49FEC498BA12D275B909CB72
                                          Function 00B40606 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 236 b40606-b40620 237 b40626-b40643 236->237
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944749543.0000000000B40000.00000040.00000020.00020000.00000000.sdmp, Offset: 00B40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_b40000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ef6b2c5cbce8693fc1c1dcfc5461e6b3e6d293fcb39f42c8448fd831df19e65
                                          • Instruction ID: c730bf80bf36a4b70ca7d0bb2691a9c788061a1d3b561633ea186c9fbcb48d34
                                          • Opcode Fuzzy Hash: 7ef6b2c5cbce8693fc1c1dcfc5461e6b3e6d293fcb39f42c8448fd831df19e65
                                          • Instruction Fuzzy Hash: 9DE092B66006044B9650CF0AED81466F7E8EB84630718C47FDC0D8B711D275B508CAA6
                                          Function 00A923F4 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 238 a923f4-a923ff 239 a92401-a9240e 238->239 240 a92412-a92417 238->240 239->240 241 a92419 240->241 242 a9241a 240->242 243 a92420-a92421 242->243
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944039462.0000000000A92000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A92000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a92000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3aa16e1ee57191618872695db1535c7fc86ff276fe4035eaf0990ed0a4ffda73
                                          • Instruction ID: 153872e9a13dd391f7f5eaf2aa730640ec8112666fa236264c88820f1af41eec
                                          • Opcode Fuzzy Hash: 3aa16e1ee57191618872695db1535c7fc86ff276fe4035eaf0990ed0a4ffda73
                                          • Instruction Fuzzy Hash: 4DD05E793456C15FD7169B1CC1A4B9537E4ABA1718F4A44FDA8008B763C768E9C1D700
                                          Function 00A923BC Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 244 a923bc-a923c3 245 a923c5-a923d2 244->245 246 a923d6-a923db 244->246 245->246 247 a923dd-a923e0 246->247 248 a923e1 246->248 249 a923e7-a923e8 248->249
                                          Memory Dump Source
                                          • Source File: 00000008.00000002.1944039462.0000000000A92000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A92000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_8_2_a92000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53e823472191fe0ce3c79a3f3745b817ccd8d93bd6bbd6de0c9cd72edd74d258
                                          • Instruction ID: 09596b1ea45b30877ca739be2b901773dd7b9da47c65cd70e060a92910e91526
                                          • Opcode Fuzzy Hash: 53e823472191fe0ce3c79a3f3745b817ccd8d93bd6bbd6de0c9cd72edd74d258
                                          • Instruction Fuzzy Hash: ADD05E343002814BDB15DB0CC2D4F5A37E4AB40714F1A44ECAC108F762C7A8E8C1CA00

                                          Execution Graph

                                          Execution Coverage:18.5%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:19
                                          Total number of Limit Nodes:1
                                          execution_graph 554 f5a646 557 f5a67e CreateMutexW 554->557 556 f5a6c1 557->556 570 f5a361 571 f5a392 RegQueryValueExW 570->571 573 f5a41b 571->573 578 f5a710 579 f5a74e CloseHandle 578->579 581 f5a788 579->581 574 f5a462 575 f5a486 RegSetValueExW 574->575 577 f5a507 575->577 582 f5a612 584 f5a646 CreateMutexW 582->584 585 f5a6c1 584->585 566 f5a74e 567 f5a7b9 566->567 568 f5a77a CloseHandle 566->568 567->568 569 f5a788 568->569

                                          Callgraph

                                          Executed Functions

                                          Function 051A0310 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 51a0310-51a0334 2 51a033e-51a0346 0->2 3 51a0336-51a0338 0->3 4 51a0348-51a034d 2->4 5 51a034e-51a0391 2->5 3->2 8 51a03d8-51a0418 5->8 9 51a0393-51a03ce 5->9 16 51a041a 8->16 17 51a041f-51a0434 8->17 9->8 16->17 19 51a046b-51a0523 17->19 20 51a0436-51a0460 17->20 39 51a0570-51a0587 19->39 40 51a0525-51a0569 19->40 20->19 41 51a058d-51a05bf 39->41 42 51a0880 39->42 40->39 41->42
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2028679520.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_51a0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2Wl$2Wl$2Wl
                                          • API String ID: 0-792525741
                                          • Opcode ID: 6b9cd641b5db3dab9c3abddf93ff11b6ee346ae008b9edea36ea5d2e486edfc7
                                          • Instruction ID: e1364ce6ec6df135e62f639caf4c965d6cc2d8bb913d43a8b13bed74bb15d8aa
                                          • Opcode Fuzzy Hash: 6b9cd641b5db3dab9c3abddf93ff11b6ee346ae008b9edea36ea5d2e486edfc7
                                          • Instruction Fuzzy Hash: 965104307042008FDB09DB799815ABD3BE6AF89205B15417DE402EF7E1DF79CD0A97A2
                                          Function 051A03BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 53 51a03bd-51a0418 61 51a041a 53->61 62 51a041f-51a0434 53->62 61->62 64 51a046b-51a0523 62->64 65 51a0436-51a0460 62->65 84 51a0570-51a0587 64->84 85 51a0525-51a0569 64->85 65->64 86 51a058d-51a05bf 84->86 87 51a0880 84->87 85->84 86->87
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2028679520.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_51a0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2Wl$2Wl$2Wl
                                          • API String ID: 0-792525741
                                          • Opcode ID: 699218c39f3d8884f25556d4d9526cc5a24d13aab474752d5f952823560e623e
                                          • Instruction ID: b969c4090a8899cec5fec80d36b9d655ec6bb6f52600369bd716407b9ea46f62
                                          • Opcode Fuzzy Hash: 699218c39f3d8884f25556d4d9526cc5a24d13aab474752d5f952823560e623e
                                          • Instruction Fuzzy Hash: 2541A134B001118FDB49EB7988156BD36E79BC9249718402EE402EF7E1DF79CD0AA7A2
                                          Function 00F5A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 98 f5a612-f5a695 102 f5a697 98->102 103 f5a69a-f5a6a3 98->103 102->103 104 f5a6a5 103->104 105 f5a6a8-f5a6b1 103->105 104->105 106 f5a6b3-f5a6d7 CreateMutexW 105->106 107 f5a702-f5a707 105->107 110 f5a709-f5a70e 106->110 111 f5a6d9-f5a6ff 106->111 107->106 110->111
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 00F5A6B9
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 0257a94a851ff98cc66331962f6aed99f612eafd1200366f9511644daa4e1900
                                          • Instruction ID: 28e94e7dc06a6f41138727cc56371137b45f9cb7a0c8a2fb0a088a2e0142d31e
                                          • Opcode Fuzzy Hash: 0257a94a851ff98cc66331962f6aed99f612eafd1200366f9511644daa4e1900
                                          • Instruction Fuzzy Hash: 5D31A1B15093805FE711CB65DC45B96BFF8EF06310F08849AE984CF292D365E809CB62
                                          Function 00F5A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 114 f5a361-f5a3cf 117 f5a3d4-f5a3dd 114->117 118 f5a3d1 114->118 119 f5a3e2-f5a3e8 117->119 120 f5a3df 117->120 118->117 121 f5a3ed-f5a404 119->121 122 f5a3ea 119->122 120->119 124 f5a406-f5a419 RegQueryValueExW 121->124 125 f5a43b-f5a440 121->125 122->121 126 f5a442-f5a447 124->126 127 f5a41b-f5a438 124->127 125->124 126->127
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,42F75714,00000000,00000000,00000000,00000000), ref: 00F5A40C
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 6274ab22a157acc13b1d76cc8c7a5abd4da10556a664a64f0c780dc0a968f2d1
                                          • Instruction ID: 511322e6a3e8711273451deb78e639ad8a489b2cc139fbeff4c74bc34f6c5dc8
                                          • Opcode Fuzzy Hash: 6274ab22a157acc13b1d76cc8c7a5abd4da10556a664a64f0c780dc0a968f2d1
                                          • Instruction Fuzzy Hash: D931C371508780AFE721CF11CC84F92BBF8EF05324F08859AE945CB692D364E809CB72
                                          Function 00F5A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 131 f5a462-f5a4c3 134 f5a4c5 131->134 135 f5a4c8-f5a4d4 131->135 134->135 136 f5a4d6 135->136 137 f5a4d9-f5a4f0 135->137 136->137 139 f5a527-f5a52c 137->139 140 f5a4f2-f5a505 RegSetValueExW 137->140 139->140 141 f5a507-f5a524 140->141 142 f5a52e-f5a533 140->142 142->141
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,42F75714,00000000,00000000,00000000,00000000), ref: 00F5A4F8
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 4c2ac63826be9615b3e1e459162ec06f55eb2a93737f3d08099aae402e3de21a
                                          • Instruction ID: 6c05754eead4a6075d5f3bb56a98e0167358901710c1fd99af864509391b9fe5
                                          • Opcode Fuzzy Hash: 4c2ac63826be9615b3e1e459162ec06f55eb2a93737f3d08099aae402e3de21a
                                          • Instruction Fuzzy Hash: 0C2181725083846FD7228F51DC44F67BFB8EF45624F08859AE9858B652D364E848C7B1
                                          Function 00F5A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 146 f5a646-f5a695 149 f5a697 146->149 150 f5a69a-f5a6a3 146->150 149->150 151 f5a6a5 150->151 152 f5a6a8-f5a6b1 150->152 151->152 153 f5a6b3-f5a6bb CreateMutexW 152->153 154 f5a702-f5a707 152->154 155 f5a6c1-f5a6d7 153->155 154->153 157 f5a709-f5a70e 155->157 158 f5a6d9-f5a6ff 155->158 157->158
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 00F5A6B9
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 860bbd6d82085ec128cd580854d27ed8b20dcb2ebd277cf4f1f034f1044c5ec3
                                          • Instruction ID: 5ee2bc6eae9b6fbdbcf8476841a02b2ce439b37bbe7ebf792740f53aa6cff154
                                          • Opcode Fuzzy Hash: 860bbd6d82085ec128cd580854d27ed8b20dcb2ebd277cf4f1f034f1044c5ec3
                                          • Instruction Fuzzy Hash: E221BEB15042449FE720CF65DC85BA6FBE8EF04324F08846AEE498F641E775E819CA62
                                          Function 00F5A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 161 f5a392-f5a3cf 163 f5a3d4-f5a3dd 161->163 164 f5a3d1 161->164 165 f5a3e2-f5a3e8 163->165 166 f5a3df 163->166 164->163 167 f5a3ed-f5a404 165->167 168 f5a3ea 165->168 166->165 170 f5a406-f5a419 RegQueryValueExW 167->170 171 f5a43b-f5a440 167->171 168->167 172 f5a442-f5a447 170->172 173 f5a41b-f5a438 170->173 171->170 172->173
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,42F75714,00000000,00000000,00000000,00000000), ref: 00F5A40C
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: 62aa4da57ed35b1fe987844e3c6c36a9c859b93b4a5a05c50455b42be203886f
                                          • Instruction ID: e07a7cec3551d6550eb0be8aef940a8def5464a0a920f0bc1d0c731fd5ebd6db
                                          • Opcode Fuzzy Hash: 62aa4da57ed35b1fe987844e3c6c36a9c859b93b4a5a05c50455b42be203886f
                                          • Instruction Fuzzy Hash: 9021C0725006049FEB20CF51CC84FA2F7ECEF44724F04855AEE458B651D360E819DAB2
                                          Function 00F5A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 177 f5a486-f5a4c3 179 f5a4c5 177->179 180 f5a4c8-f5a4d4 177->180 179->180 181 f5a4d6 180->181 182 f5a4d9-f5a4f0 180->182 181->182 184 f5a527-f5a52c 182->184 185 f5a4f2-f5a505 RegSetValueExW 182->185 184->185 186 f5a507-f5a524 185->186 187 f5a52e-f5a533 185->187 187->186
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,42F75714,00000000,00000000,00000000,00000000), ref: 00F5A4F8
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 6f62038d6046f5e13d406d30442993c31579a52fb5ca7f9bc8b80a37c044e1b0
                                          • Instruction ID: 90c11ec9515636f4626a996427d2b3ce63fc7a475339e19c715ca33d83b34a15
                                          • Opcode Fuzzy Hash: 6f62038d6046f5e13d406d30442993c31579a52fb5ca7f9bc8b80a37c044e1b0
                                          • Instruction Fuzzy Hash: E011D372500204AFEB20CE51DC45FA7FBECEF44724F08855AEE458AB51D370E818DAB2
                                          Function 00F5A710 Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 191 f5a710-f5a778 193 f5a7b9-f5a7be 191->193 194 f5a77a-f5a79a CloseHandle 191->194 193->194 197 f5a7c0-f5a7c5 194->197 198 f5a79c-f5a7b8 194->198 197->198
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 00F5A780
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: d29efdb0ec9bc54400533cfd4722165b35c57754637215a9784b0c9a02de4675
                                          • Instruction ID: 7457aff95ec281fd155ff533d151e5107340f3fb04c4e8c710b18f3bad311a6d
                                          • Opcode Fuzzy Hash: d29efdb0ec9bc54400533cfd4722165b35c57754637215a9784b0c9a02de4675
                                          • Instruction Fuzzy Hash: 6D21D4B54093809FDB128F25DC85752BFB8EF46320F0980DBDD858F253D225A909DB62
                                          Function 00F5A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 200 f5a74e-f5a778 201 f5a7b9-f5a7be 200->201 202 f5a77a-f5a782 CloseHandle 200->202 201->202 203 f5a788-f5a79a 202->203 205 f5a7c0-f5a7c5 203->205 206 f5a79c-f5a7b8 203->206 205->206
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 00F5A780
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027482494.0000000000F5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F5A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f5a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: 451d6ec3f7889c6cda5869d3e3d74c644341809cdd543d5f24077f6d7b3b43bc
                                          • Instruction ID: 86256f3db2e364923d207410abd8b50c7fd9f2f67e504746a3b9535987f31d60
                                          • Opcode Fuzzy Hash: 451d6ec3f7889c6cda5869d3e3d74c644341809cdd543d5f24077f6d7b3b43bc
                                          • Instruction Fuzzy Hash: 7001BC71900244CFEB108F55E8857A6FBA4EF44721F08C4ABDE498F642D375E818DAA2
                                          Function 051A0080 Relevance: .1, Instructions: 129COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 208 51a0080-51a00ad 211 51a00b8-51a02f9 208->211
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2028679520.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_51a0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 373769f3957ce52a49ff32a527da5dfa256748f8be34175497fbe5f0532a3cc0
                                          • Instruction ID: 2528c6f8551660d1dadb1cbd73a91324576d8fdf4bd1aa31c87156586eace9fa
                                          • Opcode Fuzzy Hash: 373769f3957ce52a49ff32a527da5dfa256748f8be34175497fbe5f0532a3cc0
                                          • Instruction Fuzzy Hash: D45181346052428FC704DF76E98598A7BB6EB9920E350857DE008BF766EB3C5D4EDB80
                                          Function 051A0006 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 249 51a0006-51a006b 251 51a0070 call 1440606 249->251 252 51a0070 call 14405e0 249->252 253 51a0070 call 51a03bd 249->253 254 51a0070 call 51a0310 249->254 255 51a0070 call 51a0301 249->255 250 51a0076 251->250 252->250 253->250 254->250 255->250
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2028679520.00000000051A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051A0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_51a0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0143e978bba8a1c6232948b8accb0d6343e992b82cc0611924079a996d4fd8af
                                          • Instruction ID: d022b43f24537635eae584b3e18e8bcac1353c38aa2dc6b35583437b63dfcb0e
                                          • Opcode Fuzzy Hash: 0143e978bba8a1c6232948b8accb0d6343e992b82cc0611924079a996d4fd8af
                                          • Instruction Fuzzy Hash: BE0112A684E3C44FEB534774AD726903FB0AE1725AB0F04C7D4D0CB1A3E558594AE332
                                          Function 014405E0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 256 14405e0-1440620 258 1440626-1440643 256->258
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2028406443.0000000001440000.00000040.00000020.00020000.00000000.sdmp, Offset: 01440000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_1440000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d47433c4ab59e3978fbefe274f3412ee778fa0da7482ac22fdac17d2bd416bc
                                          • Instruction ID: 543d457c6f1604e41c06e024b631f9073c185d03bc9c106da98c943cffd41f3f
                                          • Opcode Fuzzy Hash: 6d47433c4ab59e3978fbefe274f3412ee778fa0da7482ac22fdac17d2bd416bc
                                          • Instruction Fuzzy Hash: 350186B65093846FD712CF06AC55862FFB8EF86620749C49FEC498B612D235B909CBB1
                                          Function 01440606 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 259 1440606-1440620 260 1440626-1440643 259->260
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2028406443.0000000001440000.00000040.00000020.00020000.00000000.sdmp, Offset: 01440000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_1440000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 68b52fe20e0a8084caf84ed37070b039fb2b6f5975d4dd587350d8b95d24c9c2
                                          • Instruction ID: dd28782676225aa509732118dd5e7e1e5b55f830a03f8f6d742a96e5a39b1a85
                                          • Opcode Fuzzy Hash: 68b52fe20e0a8084caf84ed37070b039fb2b6f5975d4dd587350d8b95d24c9c2
                                          • Instruction Fuzzy Hash: DCE092B6A006448B9650CF0AFD81462F7E8EBC4630718C47FDC0D8B711E275B509CAA5
                                          Function 00F523F4 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 261 f523f4-f523ff 262 f52401-f5240e 261->262 263 f52412-f52417 261->263 262->263 264 f52419 263->264 265 f5241a 263->265 266 f52420-f52421 265->266
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027463010.0000000000F52000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F52000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f52000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3000b7f9173f0a1c04802f1e6c44722b94a42680b38cc5973a09d9af23cc7cf
                                          • Instruction ID: a067b84fb805775fc764527277592c00a1fde9bb76fc8c6213a8776a5d19cb30
                                          • Opcode Fuzzy Hash: c3000b7f9173f0a1c04802f1e6c44722b94a42680b38cc5973a09d9af23cc7cf
                                          • Instruction Fuzzy Hash: 7CD05E796057C14FD316DA1CC1A4B9537E4AB52725F4A44FDAC008B763C768E9C6E600
                                          Function 00F523BC Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000009.00000002.2027463010.0000000000F52000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F52000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_9_2_f52000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1bbf4970c6deb9da31ef2549a662351f6375cbc39e30a7237d723b5d0e7a204c
                                          • Instruction ID: 22e2939aefe2e2cd11809f02a6a060e36cc3a092e866c437a90e0371bfa8910b
                                          • Opcode Fuzzy Hash: 1bbf4970c6deb9da31ef2549a662351f6375cbc39e30a7237d723b5d0e7a204c
                                          • Instruction Fuzzy Hash: 19D05E346002814BC715DA0CC2D4F5937E4AB41725F1A45ECAC108F762C7A8E8C5DA00

                                          Execution Graph

                                          Execution Coverage:12%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:19
                                          Total number of Limit Nodes:1
                                          execution_graph 537 c4a646 540 c4a67e CreateMutexW 537->540 539 c4a6c1 540->539 561 c4a710 562 c4a74e CloseHandle 561->562 564 c4a788 562->564 553 c4a361 555 c4a392 RegQueryValueExW 553->555 556 c4a41b 555->556 557 c4a462 558 c4a486 RegSetValueExW 557->558 560 c4a507 558->560 565 c4a612 566 c4a646 CreateMutexW 565->566 568 c4a6c1 566->568 549 c4a74e 550 c4a7b9 549->550 551 c4a77a CloseHandle 549->551 550->551 552 c4a788 551->552

                                          Callgraph

                                          Executed Functions

                                          Function 00FA0310 Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 fa0310-fa0334 2 fa033e-fa0346 0->2 3 fa0336-fa0338 0->3 4 fa0348-fa034d 2->4 5 fa034e-fa0391 2->5 3->2 8 fa03d8-fa03ff 5->8 9 fa0393-fa03bb 5->9 15 fa040a-fa0418 8->15 14 fa03ce 9->14 14->8 16 fa041a 15->16 17 fa041f-fa0434 15->17 16->17 19 fa046b-fa0523 17->19 20 fa0436-fa0460 17->20 39 fa0570-fa0587 19->39 40 fa0525-fa0569 19->40 20->19 41 fa058d-fa05bf 39->41 42 fa0880 39->42 40->39 41->42
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2111424758.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_fa0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [$l^$-[$l^$2Wl$2Wl$2Wl$=[$l^
                                          • API String ID: 0-1977564872
                                          • Opcode ID: 7f7e007bb600c003ff0ebfc26e68111909fbdba96fe64805198a1fe4d42387ca
                                          • Instruction ID: 457d15a23ea24f61b5ab056a58c22037b2021ab1f8b3c19ae21349abe43f5dac
                                          • Opcode Fuzzy Hash: 7f7e007bb600c003ff0ebfc26e68111909fbdba96fe64805198a1fe4d42387ca
                                          • Instruction Fuzzy Hash: F951E3307002008FCB09AB75985177E77E6AF85355B54406AE402EB7E6EF35CD4AD7A2
                                          Function 00FA03BD Relevance: 7.6, Strings: 6, Instructions: 135COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 53 fa03bd-fa0418 61 fa041a 53->61 62 fa041f-fa0434 53->62 61->62 64 fa046b-fa0523 62->64 65 fa0436-fa0460 62->65 84 fa0570-fa0587 64->84 85 fa0525-fa0569 64->85 65->64 86 fa058d-fa05bf 84->86 87 fa0880 84->87 85->84 86->87
                                          Strings
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2111424758.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_fa0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: [$l^$-[$l^$2Wl$2Wl$2Wl$=[$l^
                                          • API String ID: 0-1977564872
                                          • Opcode ID: f2e1a53e78a9997bfb5cfa5451478a41669c251db668be0a712e0da9f6dfa71f
                                          • Instruction ID: 7de0b45528860b4de8513b305cb398544b9184f6f19ad6ed20fa1561fd9f8990
                                          • Opcode Fuzzy Hash: f2e1a53e78a9997bfb5cfa5451478a41669c251db668be0a712e0da9f6dfa71f
                                          • Instruction Fuzzy Hash: B241D434B002104FCB08A77598657BD32E3AFC5359B54402EE402EBBE5EF35CD4AA7A6
                                          Function 00C4A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 98 c4a612-c4a695 102 c4a697 98->102 103 c4a69a-c4a6a3 98->103 102->103 104 c4a6a5 103->104 105 c4a6a8-c4a6b1 103->105 104->105 106 c4a702-c4a707 105->106 107 c4a6b3-c4a6d7 CreateMutexW 105->107 106->107 110 c4a709-c4a70e 107->110 111 c4a6d9-c4a6ff 107->111 110->111
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 00C4A6B9
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 154801b918661102211f681b95665d96e137ce515d1e17f1d429a7058eba17ae
                                          • Instruction ID: f956020fee40331dcde2465043e08722ed8f31db00c7881376d34c6e81a839f7
                                          • Opcode Fuzzy Hash: 154801b918661102211f681b95665d96e137ce515d1e17f1d429a7058eba17ae
                                          • Instruction Fuzzy Hash: B73181B15093806FE712CB65CC45B96BFF8EF06314F08849AE9848F292D365E909CB62
                                          Function 00C4A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 114 c4a361-c4a3cf 117 c4a3d4-c4a3dd 114->117 118 c4a3d1 114->118 119 c4a3e2-c4a3e8 117->119 120 c4a3df 117->120 118->117 121 c4a3ed-c4a404 119->121 122 c4a3ea 119->122 120->119 124 c4a406-c4a419 RegQueryValueExW 121->124 125 c4a43b-c4a440 121->125 122->121 126 c4a442-c4a447 124->126 127 c4a41b-c4a438 124->127 125->124 126->127
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,36BDC1FD,00000000,00000000,00000000,00000000), ref: 00C4A40C
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: fdbffa63af6f80daca92f74a57f9b4f00fe8f12552b4e52cb4f72f701e8c4077
                                          • Instruction ID: bb50c3a3f4cc54def6547ad03e36e7848c43fe5e8a1a304fa6fa4ff611b83b57
                                          • Opcode Fuzzy Hash: fdbffa63af6f80daca92f74a57f9b4f00fe8f12552b4e52cb4f72f701e8c4077
                                          • Instruction Fuzzy Hash: 60316175509784AFD721CF11CC84F96BBF8EF06710F08849AE9458B692D364E949CB62
                                          Function 00C4A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 131 c4a462-c4a4c3 134 c4a4c5 131->134 135 c4a4c8-c4a4d4 131->135 134->135 136 c4a4d6 135->136 137 c4a4d9-c4a4f0 135->137 136->137 139 c4a527-c4a52c 137->139 140 c4a4f2-c4a505 RegSetValueExW 137->140 139->140 141 c4a507-c4a524 140->141 142 c4a52e-c4a533 140->142 142->141
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,36BDC1FD,00000000,00000000,00000000,00000000), ref: 00C4A4F8
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: 5e89f90f9a5fc6354da9d03c9e2ac064799490b9bda130ef414ec4dc3e6b7c83
                                          • Instruction ID: 20a5d450b03e2fa63ddd68f68db577ad3f925d205b0aa6e2a77fa829dc0d5584
                                          • Opcode Fuzzy Hash: 5e89f90f9a5fc6354da9d03c9e2ac064799490b9bda130ef414ec4dc3e6b7c83
                                          • Instruction Fuzzy Hash: 6521B2B21083806FD7228F51CC44F67BFB8EF46210F08849AE985CB652C364E908CB71
                                          Function 00C4A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 146 c4a646-c4a695 149 c4a697 146->149 150 c4a69a-c4a6a3 146->150 149->150 151 c4a6a5 150->151 152 c4a6a8-c4a6b1 150->152 151->152 153 c4a702-c4a707 152->153 154 c4a6b3-c4a6bb CreateMutexW 152->154 153->154 155 c4a6c1-c4a6d7 154->155 157 c4a709-c4a70e 155->157 158 c4a6d9-c4a6ff 155->158 157->158
                                          APIs
                                          • CreateMutexW.KERNELBASE(?,?), ref: 00C4A6B9
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID:
                                          • API String ID: 1964310414-0
                                          • Opcode ID: 5429df4637b07f6a1b073d278194e498773bca5ea27106447c42fa0e01562e7b
                                          • Instruction ID: d143f823dc8239cd07405b05d6ff66c67c6b507805ed8d5324f0ae4d1a88b68e
                                          • Opcode Fuzzy Hash: 5429df4637b07f6a1b073d278194e498773bca5ea27106447c42fa0e01562e7b
                                          • Instruction Fuzzy Hash: 9021C2715042409FE720DF65CC45BA6FBE8EF04324F08846AE9488F741D375E909CA62
                                          Function 00C4A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 161 c4a392-c4a3cf 163 c4a3d4-c4a3dd 161->163 164 c4a3d1 161->164 165 c4a3e2-c4a3e8 163->165 166 c4a3df 163->166 164->163 167 c4a3ed-c4a404 165->167 168 c4a3ea 165->168 166->165 170 c4a406-c4a419 RegQueryValueExW 167->170 171 c4a43b-c4a440 167->171 168->167 172 c4a442-c4a447 170->172 173 c4a41b-c4a438 170->173 171->170 172->173
                                          APIs
                                          • RegQueryValueExW.KERNELBASE(?,00000E24,36BDC1FD,00000000,00000000,00000000,00000000), ref: 00C4A40C
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: QueryValue
                                          • String ID:
                                          • API String ID: 3660427363-0
                                          • Opcode ID: f2951d6ed0d3fdccc3b77a3709f07e5beffe19eaeae4be6481b948ba14e19ef6
                                          • Instruction ID: 86780e5546d5d9476bcb6c2c8cc010b486e0c83bc8543bb9279d723928a83b0f
                                          • Opcode Fuzzy Hash: f2951d6ed0d3fdccc3b77a3709f07e5beffe19eaeae4be6481b948ba14e19ef6
                                          • Instruction Fuzzy Hash: 6E219D76604204AFEB20CF55CC84FA7F7ECEF04710F18845AE9468B651D764E909CAB2
                                          Function 00C4A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 177 c4a486-c4a4c3 179 c4a4c5 177->179 180 c4a4c8-c4a4d4 177->180 179->180 181 c4a4d6 180->181 182 c4a4d9-c4a4f0 180->182 181->182 184 c4a527-c4a52c 182->184 185 c4a4f2-c4a505 RegSetValueExW 182->185 184->185 186 c4a507-c4a524 185->186 187 c4a52e-c4a533 185->187 187->186
                                          APIs
                                          • RegSetValueExW.KERNELBASE(?,00000E24,36BDC1FD,00000000,00000000,00000000,00000000), ref: 00C4A4F8
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: Value
                                          • String ID:
                                          • API String ID: 3702945584-0
                                          • Opcode ID: a9b069b5b05a5e5aee574c34c96d10463db33bd2c99c8a0f9ef8f570f501e124
                                          • Instruction ID: 21869f1a1aa0951468956f06470b0d3fe41971db5d74173b744f91e55bf20f1b
                                          • Opcode Fuzzy Hash: a9b069b5b05a5e5aee574c34c96d10463db33bd2c99c8a0f9ef8f570f501e124
                                          • Instruction Fuzzy Hash: 1C11D0B2500600AFEB218E51CC44FA7FBFCEF04724F04845AED458AA41D770E908CAB2
                                          Function 00C4A710 Relevance: 1.3, APIs: 1, Instructions: 70COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 191 c4a710-c4a778 193 c4a7b9-c4a7be 191->193 194 c4a77a-c4a79a CloseHandle 191->194 193->194 197 c4a7c0-c4a7c5 194->197 198 c4a79c-c4a7b8 194->198 197->198
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 00C4A780
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: 45cf65a0601ddc8ca0b19f1924252f0735c57cdfecccb42ccbfa1369236a1507
                                          • Instruction ID: 4173c6daa12456122b6a96abba111c9ebe5dd33c1e08cc1779ded01eaded5dd1
                                          • Opcode Fuzzy Hash: 45cf65a0601ddc8ca0b19f1924252f0735c57cdfecccb42ccbfa1369236a1507
                                          • Instruction Fuzzy Hash: 4621A1B55093809FDB128F25DC85752BFB8EF02324F0984EBDC858F653D225A909CB62
                                          Function 00C4A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 200 c4a74e-c4a778 201 c4a7b9-c4a7be 200->201 202 c4a77a-c4a782 CloseHandle 200->202 201->202 203 c4a788-c4a79a 202->203 205 c4a7c0-c4a7c5 203->205 206 c4a79c-c4a7b8 203->206 205->206
                                          APIs
                                          • CloseHandle.KERNELBASE(?), ref: 00C4A780
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109995668.0000000000C4A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C4A000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c4a000_server.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID:
                                          • API String ID: 2962429428-0
                                          • Opcode ID: db9e448dc3315a47168198acdbb720d3230ace8eda8e5ebb368002d5bdc71662
                                          • Instruction ID: 97f80486b04106b497da1c9d465faaa74584ac6236005717cfe7ead8952aa8c8
                                          • Opcode Fuzzy Hash: db9e448dc3315a47168198acdbb720d3230ace8eda8e5ebb368002d5bdc71662
                                          • Instruction Fuzzy Hash: 5901DF759042408FEB208F56D8847A6FBE4EF00720F08C4ABDC498F742D375E808CEA2
                                          Function 00C8026D Relevance: .4, Instructions: 441COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 208 c8026d-c805b3 209 c8060c-c80620 208->209 210 c805b6-c805be 208->210 211 c80626-c80643 209->211
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2110149295.0000000000C80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c80000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31204219ac7bdac6718549242a348b73663ec6c31494996b2b68fa6e8b3c7b3f
                                          • Instruction ID: 91af443c8f489d6247ca2592d0029e6afcdfa8e02896a300dae9967d72afe5a0
                                          • Opcode Fuzzy Hash: 31204219ac7bdac6718549242a348b73663ec6c31494996b2b68fa6e8b3c7b3f
                                          • Instruction Fuzzy Hash: C3216BA654F7C04FE7439B35AC64190BFB09E43224B1E80DBC8C9CF5A3D229590ECB62
                                          Function 00FA0006 Relevance: .2, Instructions: 185COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 212 fa0006-fa00ad 215 fa00b8-fa02f9 212->215
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2111424758.0000000000FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FA0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_fa0000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47008f4b82bab1509926d4f3a0fd4eb4d559acf9802f4eb16d02957f2cf70757
                                          • Instruction ID: 6c57fe34427e1497aa55a41a4f7cedf458d6312791a232a5bb4203ae0e5cbc53
                                          • Opcode Fuzzy Hash: 47008f4b82bab1509926d4f3a0fd4eb4d559acf9802f4eb16d02957f2cf70757
                                          • Instruction Fuzzy Hash: 6D716E3410A3C18FC706EB75E8656893BB2EB96208355849BD0449B6BBEB385D4BCB91
                                          Function 00C80606 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 253 c80606-c80620 254 c80626-c80643 253->254
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2110149295.0000000000C80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00C80000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c80000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 48aab219092482ed758baaf2665e9a03a41f2c9b5932bc1683ef435e5ea19a92
                                          • Instruction ID: f966cf9a159aa8e5af79c7ac19829f215cf1b9d14ac8e57856421ca5f0940919
                                          • Opcode Fuzzy Hash: 48aab219092482ed758baaf2665e9a03a41f2c9b5932bc1683ef435e5ea19a92
                                          • Instruction Fuzzy Hash: 75E092B66046544B9650DF0AED41462F7E8EB84630718C47FDC0D8B711D639B908CEA5
                                          Function 00C423F4 Relevance: .0, Instructions: 15COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 255 c423f4-c423ff 256 c42401-c4240e 255->256 257 c42412-c42417 255->257 256->257 258 c42419 257->258 259 c4241a 257->259 260 c42420-c42421 259->260
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109977812.0000000000C42000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C42000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c42000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6dabe738d27f116e91176271f4281a8ac2c6fb0e207e9dafbdf1ccb8790c31c0
                                          • Instruction ID: 8a3bd06847226248c89b627556711b2833dff263fa19f23a634e7397184aed30
                                          • Opcode Fuzzy Hash: 6dabe738d27f116e91176271f4281a8ac2c6fb0e207e9dafbdf1ccb8790c31c0
                                          • Instruction Fuzzy Hash: 94D05E792056C14FD3169A1CC1A9BA537E4BB51714F8A44FDA8008BBA3CB68EAC1E600
                                          Function 00C423BC Relevance: .0, Instructions: 14COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 261 c423bc-c423c3 262 c423c5-c423d2 261->262 263 c423d6-c423db 261->263 262->263 264 c423e1 263->264 265 c423dd-c423e0 263->265 266 c423e7-c423e8 264->266
                                          Memory Dump Source
                                          • Source File: 0000000A.00000002.2109977812.0000000000C42000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C42000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_10_2_c42000_server.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6eca1e8f78b7266ed4f2d92f8964d630b26fa681c49533d2c698e27592eeaeea
                                          • Instruction ID: b13460b4f7c3e24d7fe060dc6e49e18f78660400ddb9a6692ab9a0218849d43c
                                          • Opcode Fuzzy Hash: 6eca1e8f78b7266ed4f2d92f8964d630b26fa681c49533d2c698e27592eeaeea
                                          • Instruction Fuzzy Hash: 45D017342002814BC715DE0CC295F5937E8AB40714F1A44A8B8208B762C7A8E981CA00