Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
njrat.exe

Overview

General Information

Sample name:njrat.exe
Analysis ID:1575625
MD5:4699bec8cd50aa7f2cecf0df8f0c26a0
SHA1:c7c6c85fc26189cf4c68d45b5f8009a7a456497d
SHA256:d6471589756f94a0908a7ec9f0e0e98149882ce6c1cf3da9852dc88fcc3d513d
Tags:exeNjRATuser-lontze7
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops fake system file at system root drive
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to log keystrokes (.Net Source)
Creates an autostart registry key pointing to binary in C:\Windows
Creates autorun.inf (USB autostart)
Creates autostart registry keys with suspicious names
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Protects its processes via BreakOnTermination flag
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • njrat.exe (PID: 4124 cmdline: "C:\Users\user\Desktop\njrat.exe" MD5: 4699BEC8CD50AA7F2CECF0DF8F0C26A0)
    • rundll32.exe (PID: 6172 cmdline: "C:\Windows\rundll32.exe" MD5: 4699BEC8CD50AA7F2CECF0DF8F0C26A0)
      • netsh.exe (PID: 2112 cmdline: netsh firewall add allowedprogram "C:\Windows\rundll32.exe" "rundll32.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 6168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • rundll32.exe (PID: 5096 cmdline: "C:\Windows\rundll32.exe" .. MD5: 4699BEC8CD50AA7F2CECF0DF8F0C26A0)
  • rundll32.exe (PID: 6036 cmdline: "C:\Windows\rundll32.exe" .. MD5: 4699BEC8CD50AA7F2CECF0DF8F0C26A0)
  • rundll32.exe (PID: 5572 cmdline: "C:\Windows\rundll32.exe" .. MD5: 4699BEC8CD50AA7F2CECF0DF8F0C26A0)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat
{"Host": "167.71.56.116", "Port": "22764", "Version": "im523", "Campaign ID": "school", "Install Name": "rundll32.exe", "Install Dir": "WinDir"}
SourceRuleDescriptionAuthorStrings
njrat.exeJoeSecurity_NjratYara detected NjratJoe Security
    njrat.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x64c1:$a1: get_Registry
    • 0x7ee2:$a3: Download ERROR
    • 0x81d4:$a5: netsh firewall delete allowedprogram "
    njrat.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x80ca:$a1: netsh firewall add allowedprogram
    • 0x82c4:$b1: [TAP]
    • 0x826a:$b2: & exit
    • 0x8236:$c1: md.exe /k ping 0 & del
    njrat.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x81d4:$s1: netsh firewall delete allowedprogram
    • 0x80ca:$s2: netsh firewall add allowedprogram
    • 0x8234:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
    • 0x7ebe:$s4: Execute ERROR
    • 0x7f1e:$s4: Execute ERROR
    • 0x7ee2:$s5: Download ERROR
    • 0x827a:$s6: [kl]
    SourceRuleDescriptionAuthorStrings
    C:\rundll32.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\rundll32.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x64c1:$a1: get_Registry
      • 0x7ee2:$a3: Download ERROR
      • 0x81d4:$a5: netsh firewall delete allowedprogram "
      C:\rundll32.exenjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x80ca:$a1: netsh firewall add allowedprogram
      • 0x82c4:$b1: [TAP]
      • 0x826a:$b2: & exit
      • 0x8236:$c1: md.exe /k ping 0 & del
      C:\rundll32.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
      • 0x81d4:$s1: netsh firewall delete allowedprogram
      • 0x80ca:$s2: netsh firewall add allowedprogram
      • 0x8234:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
      • 0x7ebe:$s4: Execute ERROR
      • 0x7f1e:$s4: Execute ERROR
      • 0x7ee2:$s5: Download ERROR
      • 0x827a:$s6: [kl]
      C:\Windows\rundll32.exeJoeSecurity_NjratYara detected NjratJoe Security
        Click to see the 3 entries
        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x62c1:$a1: get_Registry
          • 0x7ce2:$a3: Download ERROR
          • 0x7fd4:$a5: netsh firewall delete allowedprogram "
          00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x7eca:$a1: netsh firewall add allowedprogram
          • 0x80c4:$b1: [TAP]
          • 0x806a:$b2: & exit
          • 0x8036:$c1: md.exe /k ping 0 & del
          Process Memory Space: njrat.exe PID: 4124JoeSecurity_NjratYara detected NjratJoe Security
            SourceRuleDescriptionAuthorStrings
            0.0.njrat.exe.680000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
              0.0.njrat.exe.680000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
              • 0x64c1:$a1: get_Registry
              • 0x7ee2:$a3: Download ERROR
              • 0x81d4:$a5: netsh firewall delete allowedprogram "
              0.0.njrat.exe.680000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
              • 0x80ca:$a1: netsh firewall add allowedprogram
              • 0x82c4:$b1: [TAP]
              • 0x826a:$b2: & exit
              • 0x8236:$c1: md.exe /k ping 0 & del
              0.0.njrat.exe.680000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
              • 0x81d4:$s1: netsh firewall delete allowedprogram
              • 0x80ca:$s2: netsh firewall add allowedprogram
              • 0x8234:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
              • 0x7ebe:$s4: Execute ERROR
              • 0x7f1e:$s4: Execute ERROR
              • 0x7ee2:$s5: Download ERROR
              • 0x827a:$s6: [kl]

              System Summary

              barindex
              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\njrat.exe, ProcessId: 4124, TargetFilename: C:\Windows\rundll32.exe
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\rundll32.exe" , CommandLine: "C:\Windows\rundll32.exe" , CommandLine|base64offset|contains: , Image: C:\Windows\rundll32.exe, NewProcessName: C:\Windows\rundll32.exe, OriginalFileName: C:\Windows\rundll32.exe, ParentCommandLine: "C:\Users\user\Desktop\njrat.exe", ParentImage: C:\Users\user\Desktop\njrat.exe, ParentProcessId: 4124, ParentProcessName: njrat.exe, ProcessCommandLine: "C:\Windows\rundll32.exe" , ProcessId: 6172, ProcessName: rundll32.exe
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Windows\rundll32.exe" .., EventID: 13, EventType: SetValue, Image: C:\Windows\rundll32.exe, ProcessId: 6172, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\872de6721af0b6833a743205be97e089
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Windows\rundll32.exe" .., EventID: 13, EventType: SetValue, Image: C:\Windows\rundll32.exe, ProcessId: 6172, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\872de6721af0b6833a743205be97e089

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\rundll32.exe, ProcessId: 6172, TargetFilename: C:\rundll32.exe
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T07:20:55.395232+010020211761Malware Command and Control Activity Detected192.168.2.1049704167.71.56.11622764TCP
              2024-12-16T07:20:59.530673+010020211761Malware Command and Control Activity Detected192.168.2.1049705167.71.56.11622764TCP
              2024-12-16T07:21:04.436217+010020211761Malware Command and Control Activity Detected192.168.2.1049706167.71.56.11622764TCP
              2024-12-16T07:21:08.728520+010020211761Malware Command and Control Activity Detected192.168.2.1049707167.71.56.11622764TCP
              2024-12-16T07:21:13.025137+010020211761Malware Command and Control Activity Detected192.168.2.1049708167.71.56.11622764TCP
              2024-12-16T07:21:17.338255+010020211761Malware Command and Control Activity Detected192.168.2.1049709167.71.56.11622764TCP
              2024-12-16T07:21:21.650261+010020211761Malware Command and Control Activity Detected192.168.2.1049710167.71.56.11622764TCP
              2024-12-16T07:21:25.948375+010020211761Malware Command and Control Activity Detected192.168.2.1049711167.71.56.11622764TCP
              2024-12-16T07:21:30.245703+010020211761Malware Command and Control Activity Detected192.168.2.1049712167.71.56.11622764TCP
              2024-12-16T07:21:34.541844+010020211761Malware Command and Control Activity Detected192.168.2.1049714167.71.56.11622764TCP
              2024-12-16T07:21:38.838710+010020211761Malware Command and Control Activity Detected192.168.2.1049715167.71.56.11622764TCP
              2024-12-16T07:21:43.147869+010020211761Malware Command and Control Activity Detected192.168.2.1049716167.71.56.11622764TCP
              2024-12-16T07:21:47.448387+010020211761Malware Command and Control Activity Detected192.168.2.1049718167.71.56.11622764TCP
              2024-12-16T07:21:51.744181+010020211761Malware Command and Control Activity Detected192.168.2.1049729167.71.56.11622764TCP
              2024-12-16T07:21:56.040815+010020211761Malware Command and Control Activity Detected192.168.2.1049739167.71.56.11622764TCP
              2024-12-16T07:22:00.338486+010020211761Malware Command and Control Activity Detected192.168.2.1049750167.71.56.11622764TCP
              2024-12-16T07:22:04.650640+010020211761Malware Command and Control Activity Detected192.168.2.1049761167.71.56.11622764TCP
              2024-12-16T07:22:08.807345+010020211761Malware Command and Control Activity Detected192.168.2.1049772167.71.56.11622764TCP
              2024-12-16T07:22:12.853536+010020211761Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:16.776610+010020211761Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:22:20.588199+010020211761Malware Command and Control Activity Detected192.168.2.1049804167.71.56.11622764TCP
              2024-12-16T07:22:24.465152+010020211761Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:22:28.088013+010020211761Malware Command and Control Activity Detected192.168.2.1049822167.71.56.11622764TCP
              2024-12-16T07:22:31.622048+010020211761Malware Command and Control Activity Detected192.168.2.1049832167.71.56.11622764TCP
              2024-12-16T07:22:35.072266+010020211761Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:38.449641+010020211761Malware Command and Control Activity Detected192.168.2.1049850167.71.56.11622764TCP
              2024-12-16T07:22:41.761821+010020211761Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:44.994355+010020211761Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:48.168840+010020211761Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:22:51.275849+010020211761Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:22:54.351618+010020211761Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:22:57.353077+010020211761Malware Command and Control Activity Detected192.168.2.1049896167.71.56.11622764TCP
              2024-12-16T07:23:00.332874+010020211761Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:23:03.275191+010020211761Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:06.154308+010020211761Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:09.043642+010020211761Malware Command and Control Activity Detected192.168.2.1049929167.71.56.11622764TCP
              2024-12-16T07:23:11.853029+010020211761Malware Command and Control Activity Detected192.168.2.1049935167.71.56.11622764TCP
              2024-12-16T07:23:14.618513+010020211761Malware Command and Control Activity Detected192.168.2.1049941167.71.56.11622764TCP
              2024-12-16T07:23:17.352776+010020211761Malware Command and Control Activity Detected192.168.2.1049947167.71.56.11622764TCP
              2024-12-16T07:23:20.072635+010020211761Malware Command and Control Activity Detected192.168.2.1049958167.71.56.11622764TCP
              2024-12-16T07:23:22.754793+010020211761Malware Command and Control Activity Detected192.168.2.1049964167.71.56.11622764TCP
              2024-12-16T07:23:25.402624+010020211761Malware Command and Control Activity Detected192.168.2.1049970167.71.56.11622764TCP
              2024-12-16T07:23:28.040965+010020211761Malware Command and Control Activity Detected192.168.2.1049976167.71.56.11622764TCP
              2024-12-16T07:23:30.637001+010020211761Malware Command and Control Activity Detected192.168.2.1049987167.71.56.11622764TCP
              2024-12-16T07:23:33.213343+010020211761Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:35.812591+010020211761Malware Command and Control Activity Detected192.168.2.1049999167.71.56.11622764TCP
              2024-12-16T07:23:38.369163+010020211761Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:40.900471+010020211761Malware Command and Control Activity Detected192.168.2.1050011167.71.56.11622764TCP
              2024-12-16T07:23:43.415718+010020211761Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:23:45.917651+010020211761Malware Command and Control Activity Detected192.168.2.1050019167.71.56.11622764TCP
              2024-12-16T07:23:48.400289+010020211761Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:50.869178+010020211761Malware Command and Control Activity Detected192.168.2.1050021167.71.56.11622764TCP
              2024-12-16T07:23:53.321874+010020211761Malware Command and Control Activity Detected192.168.2.1050022167.71.56.11622764TCP
              2024-12-16T07:23:55.775081+010020211761Malware Command and Control Activity Detected192.168.2.1050023167.71.56.11622764TCP
              2024-12-16T07:23:58.213224+010020211761Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:24:00.786254+010020211761Malware Command and Control Activity Detected192.168.2.1050025167.71.56.11622764TCP
              2024-12-16T07:24:03.212090+010020211761Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:05.618832+010020211761Malware Command and Control Activity Detected192.168.2.1050027167.71.56.11622764TCP
              2024-12-16T07:24:08.033364+010020211761Malware Command and Control Activity Detected192.168.2.1050028167.71.56.11622764TCP
              2024-12-16T07:24:10.462388+010020211761Malware Command and Control Activity Detected192.168.2.1050029167.71.56.11622764TCP
              2024-12-16T07:24:12.852775+010020211761Malware Command and Control Activity Detected192.168.2.1050030167.71.56.11622764TCP
              2024-12-16T07:24:15.248400+010020211761Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:24:17.622155+010020211761Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:20.010521+010020211761Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:22.370924+010020211761Malware Command and Control Activity Detected192.168.2.1050034167.71.56.11622764TCP
              2024-12-16T07:24:24.756923+010020211761Malware Command and Control Activity Detected192.168.2.1050035167.71.56.11622764TCP
              2024-12-16T07:24:27.103443+010020211761Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:29.462208+010020211761Malware Command and Control Activity Detected192.168.2.1050037167.71.56.11622764TCP
              2024-12-16T07:24:31.806118+010020211761Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:34.153669+010020211761Malware Command and Control Activity Detected192.168.2.1050039167.71.56.11622764TCP
              2024-12-16T07:24:36.495757+010020211761Malware Command and Control Activity Detected192.168.2.1050040167.71.56.11622764TCP
              2024-12-16T07:24:38.837052+010020211761Malware Command and Control Activity Detected192.168.2.1050041167.71.56.11622764TCP
              2024-12-16T07:24:41.165206+010020211761Malware Command and Control Activity Detected192.168.2.1050042167.71.56.11622764TCP
              2024-12-16T07:24:43.645053+010020211761Malware Command and Control Activity Detected192.168.2.1050043167.71.56.11622764TCP
              2024-12-16T07:24:48.836841+010020211761Malware Command and Control Activity Detected192.168.2.1050044167.71.56.11622764TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T07:20:55.395232+010020331321Malware Command and Control Activity Detected192.168.2.1049704167.71.56.11622764TCP
              2024-12-16T07:20:59.530673+010020331321Malware Command and Control Activity Detected192.168.2.1049705167.71.56.11622764TCP
              2024-12-16T07:21:04.436217+010020331321Malware Command and Control Activity Detected192.168.2.1049706167.71.56.11622764TCP
              2024-12-16T07:21:08.728520+010020331321Malware Command and Control Activity Detected192.168.2.1049707167.71.56.11622764TCP
              2024-12-16T07:21:13.025137+010020331321Malware Command and Control Activity Detected192.168.2.1049708167.71.56.11622764TCP
              2024-12-16T07:21:17.338255+010020331321Malware Command and Control Activity Detected192.168.2.1049709167.71.56.11622764TCP
              2024-12-16T07:21:21.650261+010020331321Malware Command and Control Activity Detected192.168.2.1049710167.71.56.11622764TCP
              2024-12-16T07:21:25.948375+010020331321Malware Command and Control Activity Detected192.168.2.1049711167.71.56.11622764TCP
              2024-12-16T07:21:30.245703+010020331321Malware Command and Control Activity Detected192.168.2.1049712167.71.56.11622764TCP
              2024-12-16T07:21:34.541844+010020331321Malware Command and Control Activity Detected192.168.2.1049714167.71.56.11622764TCP
              2024-12-16T07:21:38.838710+010020331321Malware Command and Control Activity Detected192.168.2.1049715167.71.56.11622764TCP
              2024-12-16T07:21:43.147869+010020331321Malware Command and Control Activity Detected192.168.2.1049716167.71.56.11622764TCP
              2024-12-16T07:21:47.448387+010020331321Malware Command and Control Activity Detected192.168.2.1049718167.71.56.11622764TCP
              2024-12-16T07:21:51.744181+010020331321Malware Command and Control Activity Detected192.168.2.1049729167.71.56.11622764TCP
              2024-12-16T07:21:56.040815+010020331321Malware Command and Control Activity Detected192.168.2.1049739167.71.56.11622764TCP
              2024-12-16T07:22:00.338486+010020331321Malware Command and Control Activity Detected192.168.2.1049750167.71.56.11622764TCP
              2024-12-16T07:22:04.650640+010020331321Malware Command and Control Activity Detected192.168.2.1049761167.71.56.11622764TCP
              2024-12-16T07:22:08.807345+010020331321Malware Command and Control Activity Detected192.168.2.1049772167.71.56.11622764TCP
              2024-12-16T07:22:12.853536+010020331321Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:16.776610+010020331321Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:22:20.588199+010020331321Malware Command and Control Activity Detected192.168.2.1049804167.71.56.11622764TCP
              2024-12-16T07:22:24.465152+010020331321Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:22:28.088013+010020331321Malware Command and Control Activity Detected192.168.2.1049822167.71.56.11622764TCP
              2024-12-16T07:22:31.622048+010020331321Malware Command and Control Activity Detected192.168.2.1049832167.71.56.11622764TCP
              2024-12-16T07:22:35.072266+010020331321Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:38.449641+010020331321Malware Command and Control Activity Detected192.168.2.1049850167.71.56.11622764TCP
              2024-12-16T07:22:41.761821+010020331321Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:44.994355+010020331321Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:48.168840+010020331321Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:22:51.275849+010020331321Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:22:54.351618+010020331321Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:22:57.353077+010020331321Malware Command and Control Activity Detected192.168.2.1049896167.71.56.11622764TCP
              2024-12-16T07:23:00.332874+010020331321Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:23:03.275191+010020331321Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:06.154308+010020331321Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:09.043642+010020331321Malware Command and Control Activity Detected192.168.2.1049929167.71.56.11622764TCP
              2024-12-16T07:23:11.853029+010020331321Malware Command and Control Activity Detected192.168.2.1049935167.71.56.11622764TCP
              2024-12-16T07:23:14.618513+010020331321Malware Command and Control Activity Detected192.168.2.1049941167.71.56.11622764TCP
              2024-12-16T07:23:17.352776+010020331321Malware Command and Control Activity Detected192.168.2.1049947167.71.56.11622764TCP
              2024-12-16T07:23:20.072635+010020331321Malware Command and Control Activity Detected192.168.2.1049958167.71.56.11622764TCP
              2024-12-16T07:23:22.754793+010020331321Malware Command and Control Activity Detected192.168.2.1049964167.71.56.11622764TCP
              2024-12-16T07:23:25.402624+010020331321Malware Command and Control Activity Detected192.168.2.1049970167.71.56.11622764TCP
              2024-12-16T07:23:28.040965+010020331321Malware Command and Control Activity Detected192.168.2.1049976167.71.56.11622764TCP
              2024-12-16T07:23:30.637001+010020331321Malware Command and Control Activity Detected192.168.2.1049987167.71.56.11622764TCP
              2024-12-16T07:23:33.213343+010020331321Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:35.812591+010020331321Malware Command and Control Activity Detected192.168.2.1049999167.71.56.11622764TCP
              2024-12-16T07:23:38.369163+010020331321Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:40.900471+010020331321Malware Command and Control Activity Detected192.168.2.1050011167.71.56.11622764TCP
              2024-12-16T07:23:43.415718+010020331321Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:23:45.917651+010020331321Malware Command and Control Activity Detected192.168.2.1050019167.71.56.11622764TCP
              2024-12-16T07:23:48.400289+010020331321Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:50.869178+010020331321Malware Command and Control Activity Detected192.168.2.1050021167.71.56.11622764TCP
              2024-12-16T07:23:53.321874+010020331321Malware Command and Control Activity Detected192.168.2.1050022167.71.56.11622764TCP
              2024-12-16T07:23:55.775081+010020331321Malware Command and Control Activity Detected192.168.2.1050023167.71.56.11622764TCP
              2024-12-16T07:23:58.213224+010020331321Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:24:00.786254+010020331321Malware Command and Control Activity Detected192.168.2.1050025167.71.56.11622764TCP
              2024-12-16T07:24:03.212090+010020331321Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:05.618832+010020331321Malware Command and Control Activity Detected192.168.2.1050027167.71.56.11622764TCP
              2024-12-16T07:24:08.033364+010020331321Malware Command and Control Activity Detected192.168.2.1050028167.71.56.11622764TCP
              2024-12-16T07:24:10.462388+010020331321Malware Command and Control Activity Detected192.168.2.1050029167.71.56.11622764TCP
              2024-12-16T07:24:12.852775+010020331321Malware Command and Control Activity Detected192.168.2.1050030167.71.56.11622764TCP
              2024-12-16T07:24:15.248400+010020331321Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:24:17.622155+010020331321Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:20.010521+010020331321Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:22.370924+010020331321Malware Command and Control Activity Detected192.168.2.1050034167.71.56.11622764TCP
              2024-12-16T07:24:24.756923+010020331321Malware Command and Control Activity Detected192.168.2.1050035167.71.56.11622764TCP
              2024-12-16T07:24:27.103443+010020331321Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:29.462208+010020331321Malware Command and Control Activity Detected192.168.2.1050037167.71.56.11622764TCP
              2024-12-16T07:24:31.806118+010020331321Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:34.153669+010020331321Malware Command and Control Activity Detected192.168.2.1050039167.71.56.11622764TCP
              2024-12-16T07:24:36.495757+010020331321Malware Command and Control Activity Detected192.168.2.1050040167.71.56.11622764TCP
              2024-12-16T07:24:38.837052+010020331321Malware Command and Control Activity Detected192.168.2.1050041167.71.56.11622764TCP
              2024-12-16T07:24:41.165206+010020331321Malware Command and Control Activity Detected192.168.2.1050042167.71.56.11622764TCP
              2024-12-16T07:24:43.645053+010020331321Malware Command and Control Activity Detected192.168.2.1050043167.71.56.11622764TCP
              2024-12-16T07:24:48.836841+010020331321Malware Command and Control Activity Detected192.168.2.1050044167.71.56.11622764TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T07:21:00.886438+010028255641Malware Command and Control Activity Detected192.168.2.1049705167.71.56.11622764TCP
              2024-12-16T07:21:09.026848+010028255641Malware Command and Control Activity Detected192.168.2.1049707167.71.56.11622764TCP
              2024-12-16T07:21:32.401798+010028255641Malware Command and Control Activity Detected192.168.2.1049712167.71.56.11622764TCP
              2024-12-16T07:21:44.995589+010028255641Malware Command and Control Activity Detected192.168.2.1049716167.71.56.11622764TCP
              2024-12-16T07:21:49.261603+010028255641Malware Command and Control Activity Detected192.168.2.1049718167.71.56.11622764TCP
              2024-12-16T07:21:56.371345+010028255641Malware Command and Control Activity Detected192.168.2.1049739167.71.56.11622764TCP
              2024-12-16T07:21:56.495622+010028255641Malware Command and Control Activity Detected192.168.2.1049739167.71.56.11622764TCP
              2024-12-16T07:21:56.806745+010028255641Malware Command and Control Activity Detected192.168.2.1049739167.71.56.11622764TCP
              2024-12-16T07:21:57.646190+010028255641Malware Command and Control Activity Detected192.168.2.1049739167.71.56.11622764TCP
              2024-12-16T07:22:00.897206+010028255641Malware Command and Control Activity Detected192.168.2.1049750167.71.56.11622764TCP
              2024-12-16T07:22:05.609385+010028255641Malware Command and Control Activity Detected192.168.2.1049761167.71.56.11622764TCP
              2024-12-16T07:22:10.731334+010028255641Malware Command and Control Activity Detected192.168.2.1049772167.71.56.11622764TCP
              2024-12-16T07:22:13.701358+010028255641Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:13.821901+010028255641Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:13.942258+010028255641Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:14.182071+010028255641Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:14.302287+010028255641Malware Command and Control Activity Detected192.168.2.1049783167.71.56.11622764TCP
              2024-12-16T07:22:17.739105+010028255641Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:22:18.700098+010028255641Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:22:18.820035+010028255641Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:22:18.940057+010028255641Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:22:21.668936+010028255641Malware Command and Control Activity Detected192.168.2.1049804167.71.56.11622764TCP
              2024-12-16T07:22:22.636613+010028255641Malware Command and Control Activity Detected192.168.2.1049804167.71.56.11622764TCP
              2024-12-16T07:22:24.825929+010028255641Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:22:24.945952+010028255641Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:22:26.507872+010028255641Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:22:26.627650+010028255641Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:22:28.459864+010028255641Malware Command and Control Activity Detected192.168.2.1049822167.71.56.11622764TCP
              2024-12-16T07:22:29.302221+010028255641Malware Command and Control Activity Detected192.168.2.1049822167.71.56.11622764TCP
              2024-12-16T07:22:29.422905+010028255641Malware Command and Control Activity Detected192.168.2.1049822167.71.56.11622764TCP
              2024-12-16T07:22:32.341755+010028255641Malware Command and Control Activity Detected192.168.2.1049832167.71.56.11622764TCP
              2024-12-16T07:22:33.180690+010028255641Malware Command and Control Activity Detected192.168.2.1049832167.71.56.11622764TCP
              2024-12-16T07:22:35.494668+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:36.214300+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:36.334033+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:36.453811+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:36.573689+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:36.749505+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:36.869488+010028255641Malware Command and Control Activity Detected192.168.2.1049839167.71.56.11622764TCP
              2024-12-16T07:22:39.447790+010028255641Malware Command and Control Activity Detected192.168.2.1049850167.71.56.11622764TCP
              2024-12-16T07:22:39.567571+010028255641Malware Command and Control Activity Detected192.168.2.1049850167.71.56.11622764TCP
              2024-12-16T07:22:39.944015+010028255641Malware Command and Control Activity Detected192.168.2.1049850167.71.56.11622764TCP
              2024-12-16T07:22:40.423309+010028255641Malware Command and Control Activity Detected192.168.2.1049850167.71.56.11622764TCP
              2024-12-16T07:22:42.558409+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:42.678199+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:42.889436+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:43.009402+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:43.297478+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:43.418626+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:43.904689+010028255641Malware Command and Control Activity Detected192.168.2.1049856167.71.56.11622764TCP
              2024-12-16T07:22:45.593482+010028255641Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:45.713332+010028255641Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:45.833028+010028255641Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:45.993533+010028255641Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:46.844548+010028255641Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:46.964550+010028255641Malware Command and Control Activity Detected192.168.2.1049867167.71.56.11622764TCP
              2024-12-16T07:22:49.009113+010028255641Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:22:49.609284+010028255641Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:22:49.849466+010028255641Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:22:49.969446+010028255641Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:22:51.516167+010028255641Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:22:51.636147+010028255641Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:22:52.484081+010028255641Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:22:53.425484+010028255641Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:22:55.071841+010028255641Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:22:56.151980+010028255641Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:22:56.271918+010028255641Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:22:56.391792+010028255641Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:22:58.441356+010028255641Malware Command and Control Activity Detected192.168.2.1049896167.71.56.11622764TCP
              2024-12-16T07:22:59.402412+010028255641Malware Command and Control Activity Detected192.168.2.1049896167.71.56.11622764TCP
              2024-12-16T07:23:00.935187+010028255641Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:23:01.175331+010028255641Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:23:01.340483+010028255641Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:23:02.182361+010028255641Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:23:03.514906+010028255641Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:03.875020+010028255641Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:03.995035+010028255641Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:04.837801+010028255641Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:05.317263+010028255641Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:23:06.634363+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:06.874244+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:06.994641+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:07.114992+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:07.354908+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:07.834615+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:07.954532+010028255641Malware Command and Control Activity Detected192.168.2.1049919167.71.56.11622764TCP
              2024-12-16T07:23:09.772849+010028255641Malware Command and Control Activity Detected192.168.2.1049929167.71.56.11622764TCP
              2024-12-16T07:23:12.452503+010028255641Malware Command and Control Activity Detected192.168.2.1049935167.71.56.11622764TCP
              2024-12-16T07:23:12.572359+010028255641Malware Command and Control Activity Detected192.168.2.1049935167.71.56.11622764TCP
              2024-12-16T07:23:13.566176+010028255641Malware Command and Control Activity Detected192.168.2.1049935167.71.56.11622764TCP
              2024-12-16T07:23:13.686250+010028255641Malware Command and Control Activity Detected192.168.2.1049935167.71.56.11622764TCP
              2024-12-16T07:23:14.858119+010028255641Malware Command and Control Activity Detected192.168.2.1049941167.71.56.11622764TCP
              2024-12-16T07:23:15.342029+010028255641Malware Command and Control Activity Detected192.168.2.1049941167.71.56.11622764TCP
              2024-12-16T07:23:16.486441+010028255641Malware Command and Control Activity Detected192.168.2.1049941167.71.56.11622764TCP
              2024-12-16T07:23:16.606548+010028255641Malware Command and Control Activity Detected192.168.2.1049941167.71.56.11622764TCP
              2024-12-16T07:23:17.592759+010028255641Malware Command and Control Activity Detected192.168.2.1049947167.71.56.11622764TCP
              2024-12-16T07:23:18.073612+010028255641Malware Command and Control Activity Detected192.168.2.1049947167.71.56.11622764TCP
              2024-12-16T07:23:18.933831+010028255641Malware Command and Control Activity Detected192.168.2.1049947167.71.56.11622764TCP
              2024-12-16T07:23:20.794248+010028255641Malware Command and Control Activity Detected192.168.2.1049958167.71.56.11622764TCP
              2024-12-16T07:23:23.595590+010028255641Malware Command and Control Activity Detected192.168.2.1049964167.71.56.11622764TCP
              2024-12-16T07:23:24.075950+010028255641Malware Command and Control Activity Detected192.168.2.1049964167.71.56.11622764TCP
              2024-12-16T07:23:24.557204+010028255641Malware Command and Control Activity Detected192.168.2.1049964167.71.56.11622764TCP
              2024-12-16T07:23:25.642753+010028255641Malware Command and Control Activity Detected192.168.2.1049970167.71.56.11622764TCP
              2024-12-16T07:23:26.514981+010028255641Malware Command and Control Activity Detected192.168.2.1049970167.71.56.11622764TCP
              2024-12-16T07:23:27.357398+010028255641Malware Command and Control Activity Detected192.168.2.1049970167.71.56.11622764TCP
              2024-12-16T07:23:29.121619+010028255641Malware Command and Control Activity Detected192.168.2.1049976167.71.56.11622764TCP
              2024-12-16T07:23:31.480718+010028255641Malware Command and Control Activity Detected192.168.2.1049987167.71.56.11622764TCP
              2024-12-16T07:23:31.600953+010028255641Malware Command and Control Activity Detected192.168.2.1049987167.71.56.11622764TCP
              2024-12-16T07:23:32.320468+010028255641Malware Command and Control Activity Detected192.168.2.1049987167.71.56.11622764TCP
              2024-12-16T07:23:34.294856+010028255641Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:34.655345+010028255641Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:35.257162+010028255641Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:36.172358+010028255641Malware Command and Control Activity Detected192.168.2.1049999167.71.56.11622764TCP
              2024-12-16T07:23:37.491833+010028255641Malware Command and Control Activity Detected192.168.2.1049999167.71.56.11622764TCP
              2024-12-16T07:23:38.609795+010028255641Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:38.730089+010028255641Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:38.850114+010028255641Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:39.331961+010028255641Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:40.300352+010028255641Malware Command and Control Activity Detected192.168.2.1050005167.71.56.11622764TCP
              2024-12-16T07:23:41.260021+010028255641Malware Command and Control Activity Detected192.168.2.1050011167.71.56.11622764TCP
              2024-12-16T07:23:41.622084+010028255641Malware Command and Control Activity Detected192.168.2.1050011167.71.56.11622764TCP
              2024-12-16T07:23:42.943995+010028255641Malware Command and Control Activity Detected192.168.2.1050011167.71.56.11622764TCP
              2024-12-16T07:23:43.796704+010028255641Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:23:43.916820+010028255641Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:23:44.339718+010028255641Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:23:44.819908+010028255641Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:23:46.417678+010028255641Malware Command and Control Activity Detected192.168.2.1050019167.71.56.11622764TCP
              2024-12-16T07:23:46.537525+010028255641Malware Command and Control Activity Detected192.168.2.1050019167.71.56.11622764TCP
              2024-12-16T07:23:46.657354+010028255641Malware Command and Control Activity Detected192.168.2.1050019167.71.56.11622764TCP
              2024-12-16T07:23:46.923578+010028255641Malware Command and Control Activity Detected192.168.2.1050019167.71.56.11622764TCP
              2024-12-16T07:23:49.021966+010028255641Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:49.269682+010028255641Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:49.392581+010028255641Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:49.634559+010028255641Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:50.479098+010028255641Malware Command and Control Activity Detected192.168.2.1050020167.71.56.11622764TCP
              2024-12-16T07:23:51.396806+010028255641Malware Command and Control Activity Detected192.168.2.1050021167.71.56.11622764TCP
              2024-12-16T07:23:52.368226+010028255641Malware Command and Control Activity Detected192.168.2.1050021167.71.56.11622764TCP
              2024-12-16T07:23:54.113619+010028255641Malware Command and Control Activity Detected192.168.2.1050022167.71.56.11622764TCP
              2024-12-16T07:23:54.954402+010028255641Malware Command and Control Activity Detected192.168.2.1050022167.71.56.11622764TCP
              2024-12-16T07:23:56.856148+010028255641Malware Command and Control Activity Detected192.168.2.1050023167.71.56.11622764TCP
              2024-12-16T07:23:57.701914+010028255641Malware Command and Control Activity Detected192.168.2.1050023167.71.56.11622764TCP
              2024-12-16T07:23:58.693682+010028255641Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:23:59.654483+010028255641Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:23:59.774338+010028255641Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:23:59.894820+010028255641Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:24:00.014678+010028255641Malware Command and Control Activity Detected192.168.2.1050024167.71.56.11622764TCP
              2024-12-16T07:24:01.984862+010028255641Malware Command and Control Activity Detected192.168.2.1050025167.71.56.11622764TCP
              2024-12-16T07:24:02.584657+010028255641Malware Command and Control Activity Detected192.168.2.1050025167.71.56.11622764TCP
              2024-12-16T07:24:02.707096+010028255641Malware Command and Control Activity Detected192.168.2.1050025167.71.56.11622764TCP
              2024-12-16T07:24:03.452869+010028255641Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:03.572756+010028255641Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:04.046943+010028255641Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:04.411960+010028255641Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:05.260292+010028255641Malware Command and Control Activity Detected192.168.2.1050026167.71.56.11622764TCP
              2024-12-16T07:24:06.098137+010028255641Malware Command and Control Activity Detected192.168.2.1050027167.71.56.11622764TCP
              2024-12-16T07:24:06.936975+010028255641Malware Command and Control Activity Detected192.168.2.1050027167.71.56.11622764TCP
              2024-12-16T07:24:08.698240+010028255641Malware Command and Control Activity Detected192.168.2.1050028167.71.56.11622764TCP
              2024-12-16T07:24:10.703989+010028255641Malware Command and Control Activity Detected192.168.2.1050029167.71.56.11622764TCP
              2024-12-16T07:24:10.824434+010028255641Malware Command and Control Activity Detected192.168.2.1050029167.71.56.11622764TCP
              2024-12-16T07:24:11.386056+010028255641Malware Command and Control Activity Detected192.168.2.1050029167.71.56.11622764TCP
              2024-12-16T07:24:13.580439+010028255641Malware Command and Control Activity Detected192.168.2.1050030167.71.56.11622764TCP
              2024-12-16T07:24:14.642346+010028255641Malware Command and Control Activity Detected192.168.2.1050030167.71.56.11622764TCP
              2024-12-16T07:24:15.120310+010028255641Malware Command and Control Activity Detected192.168.2.1050030167.71.56.11622764TCP
              2024-12-16T07:24:15.487967+010028255641Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:24:15.849016+010028255641Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:24:16.448902+010028255641Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:24:17.288594+010028255641Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:24:18.271743+010028255641Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:18.391590+010028255641Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:18.992454+010028255641Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:19.112699+010028255641Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:19.886395+010028255641Malware Command and Control Activity Detected192.168.2.1050032167.71.56.11622764TCP
              2024-12-16T07:24:20.251247+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:20.443271+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:20.563187+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:21.132991+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:21.252784+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:21.372461+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:21.492272+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:22.246267+010028255641Malware Command and Control Activity Detected192.168.2.1050033167.71.56.11622764TCP
              2024-12-16T07:24:23.090477+010028255641Malware Command and Control Activity Detected192.168.2.1050034167.71.56.11622764TCP
              2024-12-16T07:24:25.236411+010028255641Malware Command and Control Activity Detected192.168.2.1050035167.71.56.11622764TCP
              2024-12-16T07:24:25.447711+010028255641Malware Command and Control Activity Detected192.168.2.1050035167.71.56.11622764TCP
              2024-12-16T07:24:25.732901+010028255641Malware Command and Control Activity Detected192.168.2.1050035167.71.56.11622764TCP
              2024-12-16T07:24:25.852730+010028255641Malware Command and Control Activity Detected192.168.2.1050035167.71.56.11622764TCP
              2024-12-16T07:24:27.365678+010028255641Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:27.846185+010028255641Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:27.993642+010028255641Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:28.323712+010028255641Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:28.460596+010028255641Malware Command and Control Activity Detected192.168.2.1050036167.71.56.11622764TCP
              2024-12-16T07:24:30.544750+010028255641Malware Command and Control Activity Detected192.168.2.1050037167.71.56.11622764TCP
              2024-12-16T07:24:30.664722+010028255641Malware Command and Control Activity Detected192.168.2.1050037167.71.56.11622764TCP
              2024-12-16T07:24:31.092143+010028255641Malware Command and Control Activity Detected192.168.2.1050037167.71.56.11622764TCP
              2024-12-16T07:24:31.682935+010028255641Malware Command and Control Activity Detected192.168.2.1050037167.71.56.11622764TCP
              2024-12-16T07:24:32.046113+010028255641Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:33.275586+010028255641Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:33.395490+010028255641Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:33.818169+010028255641Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:34.026351+010028255641Malware Command and Control Activity Detected192.168.2.1050038167.71.56.11622764TCP
              2024-12-16T07:24:39.316683+010028255641Malware Command and Control Activity Detected192.168.2.1050041167.71.56.11622764TCP
              2024-12-16T07:24:40.106740+010028255641Malware Command and Control Activity Detected192.168.2.1050041167.71.56.11622764TCP
              2024-12-16T07:24:40.226914+010028255641Malware Command and Control Activity Detected192.168.2.1050041167.71.56.11622764TCP
              2024-12-16T07:24:40.559535+010028255641Malware Command and Control Activity Detected192.168.2.1050041167.71.56.11622764TCP
              2024-12-16T07:24:42.128448+010028255641Malware Command and Control Activity Detected192.168.2.1050042167.71.56.11622764TCP
              2024-12-16T07:24:42.248215+010028255641Malware Command and Control Activity Detected192.168.2.1050042167.71.56.11622764TCP
              2024-12-16T07:24:44.207339+010028255641Malware Command and Control Activity Detected192.168.2.1050043167.71.56.11622764TCP
              2024-12-16T07:24:44.327249+010028255641Malware Command and Control Activity Detected192.168.2.1050043167.71.56.11622764TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T07:20:55.515194+010028255631Malware Command and Control Activity Detected192.168.2.1049704167.71.56.11622764TCP
              2024-12-16T07:20:59.650567+010028255631Malware Command and Control Activity Detected192.168.2.1049705167.71.56.11622764TCP
              2024-12-16T07:21:04.556324+010028255631Malware Command and Control Activity Detected192.168.2.1049706167.71.56.11622764TCP
              2024-12-16T07:21:08.848338+010028255631Malware Command and Control Activity Detected192.168.2.1049707167.71.56.11622764TCP
              2024-12-16T07:21:13.147958+010028255631Malware Command and Control Activity Detected192.168.2.1049708167.71.56.11622764TCP
              2024-12-16T07:21:17.458139+010028255631Malware Command and Control Activity Detected192.168.2.1049709167.71.56.11622764TCP
              2024-12-16T07:21:21.770095+010028255631Malware Command and Control Activity Detected192.168.2.1049710167.71.56.11622764TCP
              2024-12-16T07:21:26.068304+010028255631Malware Command and Control Activity Detected192.168.2.1049711167.71.56.11622764TCP
              2024-12-16T07:21:30.365965+010028255631Malware Command and Control Activity Detected192.168.2.1049712167.71.56.11622764TCP
              2024-12-16T07:21:34.664749+010028255631Malware Command and Control Activity Detected192.168.2.1049714167.71.56.11622764TCP
              2024-12-16T07:21:38.958450+010028255631Malware Command and Control Activity Detected192.168.2.1049715167.71.56.11622764TCP
              2024-12-16T07:21:43.267795+010028255631Malware Command and Control Activity Detected192.168.2.1049716167.71.56.11622764TCP
              2024-12-16T07:21:47.568274+010028255631Malware Command and Control Activity Detected192.168.2.1049718167.71.56.11622764TCP
              2024-12-16T07:23:33.333119+010028255631Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:43.535648+010028255631Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:24:48.956801+010028255631Malware Command and Control Activity Detected192.168.2.1050044167.71.56.11622764TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050021167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049804167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049970167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049896167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050030167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049890167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050025167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049772167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050040167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050039167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049947167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049811167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050034167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049822167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050043167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050027167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049929167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049964167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049907167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050011167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049881167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049913167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050031167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049987167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049958167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049794167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050022167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049873167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049761167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1050023167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049750167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049999167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049976167.71.56.11622764TCP
              2024-12-16T07:20:39.042367+010028148601Malware Command and Control Activity Detected192.168.2.1049832167.71.56.11622764TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-16T07:20:55.515194+010028384861Malware Command and Control Activity Detected192.168.2.1049704167.71.56.11622764TCP
              2024-12-16T07:20:59.650567+010028384861Malware Command and Control Activity Detected192.168.2.1049705167.71.56.11622764TCP
              2024-12-16T07:21:04.556324+010028384861Malware Command and Control Activity Detected192.168.2.1049706167.71.56.11622764TCP
              2024-12-16T07:21:08.848338+010028384861Malware Command and Control Activity Detected192.168.2.1049707167.71.56.11622764TCP
              2024-12-16T07:21:13.147958+010028384861Malware Command and Control Activity Detected192.168.2.1049708167.71.56.11622764TCP
              2024-12-16T07:21:17.458139+010028384861Malware Command and Control Activity Detected192.168.2.1049709167.71.56.11622764TCP
              2024-12-16T07:21:21.770095+010028384861Malware Command and Control Activity Detected192.168.2.1049710167.71.56.11622764TCP
              2024-12-16T07:21:26.068304+010028384861Malware Command and Control Activity Detected192.168.2.1049711167.71.56.11622764TCP
              2024-12-16T07:21:30.365965+010028384861Malware Command and Control Activity Detected192.168.2.1049712167.71.56.11622764TCP
              2024-12-16T07:21:34.664749+010028384861Malware Command and Control Activity Detected192.168.2.1049714167.71.56.11622764TCP
              2024-12-16T07:21:38.958450+010028384861Malware Command and Control Activity Detected192.168.2.1049715167.71.56.11622764TCP
              2024-12-16T07:21:43.267795+010028384861Malware Command and Control Activity Detected192.168.2.1049716167.71.56.11622764TCP
              2024-12-16T07:21:47.568274+010028384861Malware Command and Control Activity Detected192.168.2.1049718167.71.56.11622764TCP
              2024-12-16T07:23:33.333119+010028384861Malware Command and Control Activity Detected192.168.2.1049993167.71.56.11622764TCP
              2024-12-16T07:23:43.535648+010028384861Malware Command and Control Activity Detected192.168.2.1050017167.71.56.11622764TCP
              2024-12-16T07:24:48.956801+010028384861Malware Command and Control Activity Detected192.168.2.1050044167.71.56.11622764TCP

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: njrat.exeAvira: detected
              Source: C:\rundll32.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Source: C:\Windows\rundll32.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
              Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Njrat {"Host": "167.71.56.116", "Port": "22764", "Version": "im523", "Campaign ID": "school", "Install Name": "rundll32.exe", "Install Dir": "WinDir"}
              Source: C:\Windows\rundll32.exeReversingLabs: Detection: 94%
              Source: C:\rundll32.exeReversingLabs: Detection: 94%
              Source: njrat.exeReversingLabs: Detection: 94%
              Source: Yara matchFile source: njrat.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: njrat.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: C:\rundll32.exe, type: DROPPED
              Source: Yara matchFile source: C:\Windows\rundll32.exe, type: DROPPED
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: C:\rundll32.exeJoe Sandbox ML: detected
              Source: C:\Windows\rundll32.exeJoe Sandbox ML: detected
              Source: njrat.exeJoe Sandbox ML: detected
              Source: njrat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Users\user\Desktop\njrat.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: njrat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Spreading

              barindex
              Source: C:\Windows\rundll32.exeFile created: C:\autorun.infJump to behavior
              Source: njrat.exe, 00000000.00000002.1628891032.0000000002C81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
              Source: njrat.exe, 00000000.00000002.1628891032.0000000002C81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
              Source: njrat.exe, 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
              Source: njrat.exe, 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003203000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003203000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
              Source: njrat.exeBinary or memory string: autorun.inf
              Source: njrat.exeBinary or memory string: [autorun]
              Source: autorun.inf.2.drBinary or memory string: [autorun]
              Source: rundll32.exe.2.drBinary or memory string: autorun.inf
              Source: rundll32.exe.2.drBinary or memory string: [autorun]
              Source: rundll32.exe.0.drBinary or memory string: autorun.inf
              Source: rundll32.exe.0.drBinary or memory string: [autorun]

              Networking

              barindex
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49709 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49716 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49716 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49714 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49712 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49709 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49714 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49705 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49708 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49715 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49708 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49715 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49709 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49709 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49712 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49705 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49714 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49715 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49706 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49706 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49715 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49704 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49704 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49714 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49712 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49708 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49712 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49706 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49708 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49707 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49729 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49705 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49705 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49706 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49712 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49704 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49716 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49704 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49705 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49729 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49711 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49711 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49711 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49716 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49716 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49750 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49711 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49750 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49750 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49761 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49761 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49739 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49794 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49794 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49783 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49783 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49761 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49739 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49739 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49794 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49783 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49839 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49839 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49832 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49832 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49811 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49850 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49850 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49811 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49811 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49804 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49832 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49718 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49850 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49707 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49804 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49839 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49718 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49867 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49804 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49896 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49896 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49896 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49867 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49890 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49890 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49867 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49890 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49707 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49718 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49718 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49710 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49718 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49907 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49707 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49907 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49707 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49856 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49710 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49856 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49710 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49710 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49941 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49772 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49873 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49907 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49941 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49873 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49856 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49873 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49822 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49822 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49772 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49941 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49822 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49964 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49970 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49964 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49970 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49970 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49935 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49935 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49935 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49993 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49993 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49881 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49881 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49913 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49999 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49772 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49999 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49976 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49976 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49999 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49947 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49993 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49881 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49913 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49993 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49913 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49976 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49993 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50023 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50019 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50025 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50025 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50024 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49919 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50024 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49919 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50022 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50025 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50022 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49947 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50017 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50022 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49964 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50017 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50024 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:50017 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50026 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50019 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50027 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:50017 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49919 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50026 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50017 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50019 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50026 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50033 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50034 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50031 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50033 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50027 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50020 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50020 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50030 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50033 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50028 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50030 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50020 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50031 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50027 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50031 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50035 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50035 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50023 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50023 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50038 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50038 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50028 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50038 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50028 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49947 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50032 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50032 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50044 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50035 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50030 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50032 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50034 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50043 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50042 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50042 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49958 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50043 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50042 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50034 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50011 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50040 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50040 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50044 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49958 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49929 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50011 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49929 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50043 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50011 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49958 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49929 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50037 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50037 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:50044 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:50044 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50041 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50041 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50036 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50036 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50037 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50029 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50029 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50041 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50029 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50036 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49987 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49987 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49987 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50005 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50005 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50005 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50021 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50021 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:50021 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:50039 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:50039 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50021 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49804 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49970 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49896 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50030 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49890 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50025 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49772 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50040 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50039 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49947 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49811 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50034 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49822 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50043 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50027 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49929 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49964 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49907 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50011 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49881 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49913 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50031 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49987 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49993 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49958 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49794 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50022 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49873 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49761 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:50023 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49750 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49999 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49976 -> 167.71.56.116:22764
              Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.10:49832 -> 167.71.56.116:22764
              Source: C:\Windows\rundll32.exeNetwork Connect: 167.71.56.116 22764Jump to behavior
              Source: Malware configuration extractorIPs: 167.71.56.116
              Source: global trafficTCP traffic: 192.168.2.10:49704 -> 167.71.56.116:22764
              Source: Joe Sandbox ViewIP Address: 167.71.56.116 167.71.56.116
              Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
              Source: njrat.exe, rundll32.exe.2.dr, rundll32.exe.0.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Source: njrat.exe, kl.cs.Net Code: VKCodeToUnicode
              Source: rundll32.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode
              Source: rundll32.exe.2.dr, kl.cs.Net Code: VKCodeToUnicode

              E-Banking Fraud

              barindex
              Source: Yara matchFile source: njrat.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: njrat.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: C:\rundll32.exe, type: DROPPED
              Source: Yara matchFile source: C:\Windows\rundll32.exe, type: DROPPED

              Operating System Destruction

              barindex
              Source: C:\Windows\rundll32.exeProcess information set: 01 00 00 00 Jump to behavior

              System Summary

              barindex
              Source: njrat.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: njrat.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: njrat.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\rundll32.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\rundll32.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\rundll32.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\Windows\rundll32.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
              Source: C:\Windows\rundll32.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
              Source: C:\Windows\rundll32.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
              Source: C:\Windows\rundll32.exeProcess Stats: CPU usage > 49%
              Source: C:\Windows\rundll32.exeCode function: 2_2_0117BEF2 NtSetInformationProcess,2_2_0117BEF2
              Source: C:\Windows\rundll32.exeCode function: 2_2_0117BED0 NtSetInformationProcess,2_2_0117BED0
              Source: C:\Windows\rundll32.exeCode function: 2_2_02BB01C2 NtQuerySystemInformation,2_2_02BB01C2
              Source: C:\Windows\rundll32.exeCode function: 2_2_02BB0187 NtQuerySystemInformation,2_2_02BB0187
              Source: C:\Users\user\Desktop\njrat.exeFile created: C:\Windows\rundll32.exeJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeFile created: C:\Windows\rundll32.exe\:Zone.Identifier:$DATAJump to behavior
              Source: njrat.exe, 00000000.00000002.1627803724.0000000000BFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs njrat.exe
              Source: njrat.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: njrat.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: njrat.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: njrat.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\rundll32.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\rundll32.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\rundll32.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: C:\Windows\rundll32.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
              Source: C:\Windows\rundll32.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
              Source: C:\Windows\rundll32.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
              Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winEXE@9/8@0/1
              Source: C:\Windows\rundll32.exeCode function: 2_2_0117BBA2 AdjustTokenPrivileges,2_2_0117BBA2
              Source: C:\Windows\rundll32.exeCode function: 2_2_0117BB6B AdjustTokenPrivileges,2_2_0117BB6B
              Source: C:\Users\user\Desktop\njrat.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\njrat.exe.logJump to behavior
              Source: C:\Windows\rundll32.exeMutant created: NULL
              Source: C:\Windows\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\872de6721af0b6833a743205be97e089
              Source: C:\Windows\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6168:120:WilError_03
              Source: njrat.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: njrat.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              Source: C:\Users\user\Desktop\njrat.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe"
              Source: njrat.exeReversingLabs: Detection: 94%
              Source: C:\Users\user\Desktop\njrat.exeFile read: C:\Users\user\Desktop\njrat.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\njrat.exe "C:\Users\user\Desktop\njrat.exe"
              Source: C:\Users\user\Desktop\njrat.exeProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe"
              Source: C:\Windows\rundll32.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\rundll32.exe" "rundll32.exe" ENABLE
              Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe" ..
              Source: unknownProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe" ..
              Source: unknownProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe" ..
              Source: C:\Users\user\Desktop\njrat.exeProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe" Jump to behavior
              Source: C:\Windows\rundll32.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\rundll32.exe" "rundll32.exe" ENABLEJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
              Source: C:\Windows\rundll32.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
              Source: njrat.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: C:\Users\user\Desktop\njrat.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
              Source: njrat.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

              Data Obfuscation

              barindex
              Source: njrat.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: rundll32.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: rundll32.exe.2.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
              Source: C:\Users\user\Desktop\njrat.exeCode function: 0_2_00FF0FE0 push ecx; iretd 0_2_00FF0FE4

              Persistence and Installation Behavior

              barindex
              Source: C:\Users\user\Desktop\njrat.exeExecutable created and started: C:\Windows\rundll32.exeJump to behavior
              Source: C:\Windows\rundll32.exeFile created: C:\rundll32.exeJump to dropped file
              Source: C:\Users\user\Desktop\njrat.exeFile created: C:\Windows\rundll32.exeJump to dropped file
              Source: C:\Users\user\Desktop\njrat.exeFile created: C:\Windows\rundll32.exeJump to dropped file

              Boot Survival

              barindex
              Source: C:\Windows\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089Jump to behavior
              Source: C:\Windows\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089Jump to behavior
              Source: C:\Windows\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089Jump to behavior
              Source: C:\Windows\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089Jump to behavior
              Source: C:\Windows\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089Jump to behavior
              Source: C:\Windows\rundll32.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089Jump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\rundll32.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\njrat.exeMemory allocated: 1010000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeMemory allocated: 4C80000 memory commit | memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\njrat.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\rundll32.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\rundll32.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\rundll32.exeWindow / User API: threadDelayed 3220Jump to behavior
              Source: C:\Windows\rundll32.exeWindow / User API: threadDelayed 777Jump to behavior
              Source: C:\Windows\rundll32.exeWindow / User API: threadDelayed 4360Jump to behavior
              Source: C:\Windows\rundll32.exeWindow / User API: foregroundWindowGot 440Jump to behavior
              Source: C:\Windows\rundll32.exeWindow / User API: foregroundWindowGot 1266Jump to behavior
              Source: C:\Users\user\Desktop\njrat.exe TID: 5024Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\rundll32.exe TID: 6816Thread sleep time: -777000s >= -30000sJump to behavior
              Source: C:\Windows\rundll32.exe TID: 6816Thread sleep time: -4360000s >= -30000sJump to behavior
              Source: C:\Windows\rundll32.exe TID: 5576Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\rundll32.exe TID: 6368Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\rundll32.exe TID: 3648Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\njrat.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\rundll32.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\rundll32.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\rundll32.exeThread delayed: delay time: 922337203685477
              Source: rundll32.exe, 00000002.00000002.4024884411.00000000010DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: rundll32.exe, 00000002.00000002.4024884411.00000000010DC000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1698395183.0000000000A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\njrat.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Windows\rundll32.exeNetwork Connect: 167.71.56.116 22764Jump to behavior
              Source: njrat.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
              Source: njrat.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
              Source: njrat.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
              Source: C:\Users\user\Desktop\njrat.exeProcess created: C:\Windows\rundll32.exe "C:\Windows\rundll32.exe" Jump to behavior
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerx<
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.dl(Xr
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003517000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003203000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.dl4o
              Source: rundll32.exe, 00000002.00000002.4027999538.00000000035B3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerx<
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003517000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003203000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9dl
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003517000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003203000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.dl
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000002.00000002.4027999538.0000000003203000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager
              Source: rundll32.exe, 00000002.00000002.4027999538.0000000003367000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.dld
              Source: rundll32.exe, 00000002.00000002.4024218280.000000000108C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rh Program Manager<
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Lowering of HIPS / PFW / Operating System Security Settings

              barindex
              Source: C:\Windows\rundll32.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\rundll32.exe" "rundll32.exe" ENABLE
              Source: C:\Windows\rundll32.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Windows\rundll32.exe" "rundll32.exe" ENABLE

              Stealing of Sensitive Information

              barindex
              Source: Yara matchFile source: njrat.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: njrat.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: C:\rundll32.exe, type: DROPPED
              Source: Yara matchFile source: C:\Windows\rundll32.exe, type: DROPPED

              Remote Access Functionality

              barindex
              Source: Yara matchFile source: njrat.exe, type: SAMPLE
              Source: Yara matchFile source: 0.0.njrat.exe.680000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: njrat.exe PID: 4124, type: MEMORYSTR
              Source: Yara matchFile source: C:\rundll32.exe, type: DROPPED
              Source: Yara matchFile source: C:\Windows\rundll32.exe, type: DROPPED
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure11
              Replication Through Removable Media
              1
              Native API
              21
              Registry Run Keys / Startup Folder
              1
              Access Token Manipulation
              121
              Masquerading
              1
              Input Capture
              11
              Security Software Discovery
              Remote Services1
              Input Capture
              1
              Non-Standard Port
              Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job1
              DLL Side-Loading
              112
              Process Injection
              21
              Disable or Modify Tools
              LSASS Memory1
              Process Discovery
              Remote Desktop ProtocolData from Removable Media1
              Application Layer Protocol
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)21
              Registry Run Keys / Startup Folder
              31
              Virtualization/Sandbox Evasion
              Security Account Manager31
              Virtualization/Sandbox Evasion
              SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              DLL Side-Loading
              1
              Access Token Manipulation
              NTDS1
              Application Window Discovery
              Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script112
              Process Injection
              LSA Secrets1
              Peripheral Device Discovery
              SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Obfuscated Files or Information
              Cached Domain Credentials1
              File and Directory Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              Rundll32
              DCSync12
              System Information Discovery
              Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Software Packing
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
              DLL Side-Loading
              /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 1575625 Sample: njrat.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 41 Suricata IDS alerts for network traffic 2->41 43 Found malware configuration 2->43 45 Malicious sample detected (through community Yara rule) 2->45 47 15 other signatures 2->47 8 njrat.exe 1 6 2->8         started        12 rundll32.exe 3 2->12         started        14 rundll32.exe 2->14         started        16 rundll32.exe 2->16         started        process3 file4 33 C:\Windows\rundll32.exe, PE32 8->33 dropped 35 C:\Windows\rundll32.exe:Zone.Identifier, ASCII 8->35 dropped 37 C:\Users\user\AppData\Local\...\njrat.exe.log, ASCII 8->37 dropped 57 Drops executables to the windows directory (C:\Windows) and starts them 8->57 18 rundll32.exe 2 9 8->18         started        signatures5 process6 dnsIp7 39 167.71.56.116, 22764, 49704, 49705 DIGITALOCEAN-ASNUS United States 18->39 27 C:\rundll32.exe, PE32 18->27 dropped 29 C:\rundll32.exe:Zone.Identifier, ASCII 18->29 dropped 31 C:\autorun.inf, Microsoft 18->31 dropped 49 Antivirus detection for dropped file 18->49 51 System process connects to network (likely due to code injection or exploit) 18->51 53 Multi AV Scanner detection for dropped file 18->53 55 7 other signatures 18->55 23 netsh.exe 2 18->23         started        file8 signatures9 process10 process11 25 conhost.exe 23->25         started       

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              njrat.exe95%ReversingLabsByteCode-MSIL.Backdoor.njRAT
              njrat.exe100%AviraTR/ATRAPS.Gen
              njrat.exe100%Joe Sandbox ML
              SourceDetectionScannerLabelLink
              C:\rundll32.exe100%AviraTR/ATRAPS.Gen
              C:\Windows\rundll32.exe100%AviraTR/ATRAPS.Gen
              C:\rundll32.exe100%Joe Sandbox ML
              C:\Windows\rundll32.exe100%Joe Sandbox ML
              C:\Windows\rundll32.exe95%ReversingLabsByteCode-MSIL.Backdoor.njRAT
              C:\rundll32.exe95%ReversingLabsByteCode-MSIL.Backdoor.njRAT
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              No contacted domains info
              NameSourceMaliciousAntivirus DetectionReputation
              https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0njrat.exe, rundll32.exe.2.dr, rundll32.exe.0.drfalse
                high
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                167.71.56.116
                unknownUnited States
                14061DIGITALOCEAN-ASNUStrue
                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1575625
                Start date and time:2024-12-16 07:19:15 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 8m 18s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:12
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:njrat.exe
                Detection:MAL
                Classification:mal100.spre.troj.spyw.evad.winEXE@9/8@0/1
                EGA Information:
                • Successful, ratio: 100%
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 175
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .exe
                • Override analysis time to 240000 for current running targets taking high CPU consumption
                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.63
                • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.
                • VT rate limit hit for: njrat.exe
                TimeTypeDescription
                01:21:24API Interceptor310373x Sleep call for process: rundll32.exe modified
                07:20:51AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089 "C:\Windows\rundll32.exe" ..
                07:20:59AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089 "C:\Windows\rundll32.exe" ..
                07:21:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 872de6721af0b6833a743205be97e089 "C:\Windows\rundll32.exe" ..
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                167.71.56.116lz3EbiqoK4.exeGet hashmaliciousQuasarBrowse
                  lz3EbiqoK4.exeGet hashmaliciousQuasarBrowse
                    SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exeGet hashmaliciousXWormBrowse
                      SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exeGet hashmaliciousXWormBrowse
                        X.exeGet hashmaliciousXWormBrowse
                          SecuriteInfo.com.Trojan.MulDrop23.34226.5725.23706.exeGet hashmaliciousXWormBrowse
                            WinScanGuard_v.2.1.batGet hashmaliciousQuasarBrowse
                              Shadow-Stealer.batGet hashmaliciousQuasarBrowse
                                OvA6x5v34G.exeGet hashmaliciousAsyncRATBrowse
                                  zUYpYikG7T.exeGet hashmaliciousnjRatBrowse
                                    No context
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    DIGITALOCEAN-ASNUShttp://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                    • 167.99.100.230
                                    1.elfGet hashmaliciousUnknownBrowse
                                    • 157.230.180.170
                                    arm6.elfGet hashmaliciousUnknownBrowse
                                    • 159.203.164.19
                                    m68k.elfGet hashmaliciousUnknownBrowse
                                    • 159.89.214.105
                                    armv5l.elfGet hashmaliciousMiraiBrowse
                                    • 167.175.208.40
                                    https://fsharetv.ioGet hashmaliciousUnknownBrowse
                                    • 104.248.224.96
                                    main_x86_64.elfGet hashmaliciousMiraiBrowse
                                    • 134.122.52.106
                                    main_x86.elfGet hashmaliciousMiraiBrowse
                                    • 134.122.52.106
                                    rebirth.arm5.elfGet hashmaliciousMirai, OkiruBrowse
                                    • 167.174.212.248
                                    FEDEX234598765.htmlGet hashmaliciousWinSearchAbuseBrowse
                                    • 68.183.112.81
                                    No context
                                    No context
                                    Process:C:\Users\user\Desktop\njrat.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:modified
                                    Size (bytes):525
                                    Entropy (8bit):5.259753436570609
                                    Encrypted:false
                                    SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                    MD5:260E01CC001F9C4643CA7A62F395D747
                                    SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                    SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                    SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                    Malicious:true
                                    Reputation:moderate, very likely benign file
                                    Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                    Process:C:\Windows\rundll32.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):525
                                    Entropy (8bit):5.259753436570609
                                    Encrypted:false
                                    SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                    MD5:260E01CC001F9C4643CA7A62F395D747
                                    SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                    SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                    SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                    Malicious:false
                                    Reputation:moderate, very likely benign file
                                    Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                    Process:C:\Users\user\Desktop\njrat.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):37888
                                    Entropy (8bit):5.574096498834187
                                    Encrypted:false
                                    SSDEEP:768:HXGD2mUbCv/cPDYjM/cA8rM+rMRa8NuEx2t:H2DSbW0rEMUAP+gRJNbx
                                    MD5:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    SHA1:C7C6C85FC26189CF4C68D45B5F8009A7A456497D
                                    SHA-256:D6471589756F94A0908A7EC9F0E0E98149882CE6C1CF3DA9852DC88FCC3D513D
                                    SHA-512:5701A107E8AF1C89574274C8B585DDD87AE88332284FC18090BBCCCF5D11B65486CCF70450D4451FEC7C75474A62518DD3C5E2BEDDA98487085276AC51D7AC0E
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Windows\rundll32.exe, Author: Joe Security
                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Windows\rundll32.exe, Author: unknown
                                    • Rule: njrat1, Description: Identify njRat, Source: C:\Windows\rundll32.exe, Author: Brian Wallace @botnet_hunter
                                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Windows\rundll32.exe, Author: ditekSHen
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 95%
                                    Reputation:low
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t~.`................................. ........@.. ....................................@.................................T...W.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                    Process:C:\Users\user\Desktop\njrat.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0
                                    Process:C:\Windows\rundll32.exe
                                    File Type:Microsoft Windows Autorun file
                                    Category:dropped
                                    Size (bytes):51
                                    Entropy (8bit):4.379951872150053
                                    Encrypted:false
                                    SSDEEP:3:It1KV2MSL4A30x:e1K4kd
                                    MD5:76CD2CF9A91B0F8E9C64EEEB5B96F6B5
                                    SHA1:1AA533AD7D138C037D26EF86EAAB78CAC8A2C45B
                                    SHA-256:BEDB23DE84D310F7550A126DCC8C613718743F78D7EC908C999216417CA41642
                                    SHA-512:FE9594CE5DAD0EC3AA38BF2DA71233C645B9800057EF7E8C7A6B8F92BF8FB78742813334D241AE4C914FC27419E1020E2ECEF63FF860E9F7DE1CE2FAA7511C79
                                    Malicious:true
                                    Preview:[autorun]..open=C:\rundll32.exe..shellexecute=C:\..
                                    Process:C:\Windows\rundll32.exe
                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Category:dropped
                                    Size (bytes):37888
                                    Entropy (8bit):5.574096498834187
                                    Encrypted:false
                                    SSDEEP:768:HXGD2mUbCv/cPDYjM/cA8rM+rMRa8NuEx2t:H2DSbW0rEMUAP+gRJNbx
                                    MD5:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    SHA1:C7C6C85FC26189CF4C68D45B5F8009A7A456497D
                                    SHA-256:D6471589756F94A0908A7EC9F0E0E98149882CE6C1CF3DA9852DC88FCC3D513D
                                    SHA-512:5701A107E8AF1C89574274C8B585DDD87AE88332284FC18090BBCCCF5D11B65486CCF70450D4451FEC7C75474A62518DD3C5E2BEDDA98487085276AC51D7AC0E
                                    Malicious:true
                                    Yara Hits:
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\rundll32.exe, Author: Joe Security
                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\rundll32.exe, Author: unknown
                                    • Rule: njrat1, Description: Identify njRat, Source: C:\rundll32.exe, Author: Brian Wallace @botnet_hunter
                                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\rundll32.exe, Author: ditekSHen
                                    Antivirus:
                                    • Antivirus: Avira, Detection: 100%
                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                    • Antivirus: ReversingLabs, Detection: 95%
                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t~.`................................. ........@.. ....................................@.................................T...W.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                    Process:C:\Windows\rundll32.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):26
                                    Entropy (8bit):3.95006375643621
                                    Encrypted:false
                                    SSDEEP:3:ggPYV:rPYV
                                    MD5:187F488E27DB4AF347237FE461A079AD
                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                    Malicious:true
                                    Preview:[ZoneTransfer]....ZoneId=0
                                    Process:C:\Windows\SysWOW64\netsh.exe
                                    File Type:ASCII text, with CRLF line terminators
                                    Category:dropped
                                    Size (bytes):313
                                    Entropy (8bit):4.971939296804078
                                    Encrypted:false
                                    SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                    MD5:689E2126A85BF55121488295EE068FA1
                                    SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                    SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                    SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                    Malicious:false
                                    Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....
                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                    Entropy (8bit):5.574096498834187
                                    TrID:
                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                    • Windows Screen Saver (13104/52) 0.07%
                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                    File name:njrat.exe
                                    File size:37'888 bytes
                                    MD5:4699bec8cd50aa7f2cecf0df8f0c26a0
                                    SHA1:c7c6c85fc26189cf4c68d45b5f8009a7a456497d
                                    SHA256:d6471589756f94a0908a7ec9f0e0e98149882ce6c1cf3da9852dc88fcc3d513d
                                    SHA512:5701a107e8af1c89574274c8b585ddd87ae88332284fc18090bbcccf5d11b65486ccf70450d4451fec7c75474a62518dd3c5e2bedda98487085276ac51d7ac0e
                                    SSDEEP:768:HXGD2mUbCv/cPDYjM/cA8rM+rMRa8NuEx2t:H2DSbW0rEMUAP+gRJNbx
                                    TLSH:68033B4D7FE18168D5FD067B05B2D41207BAE04B6E23D91E8EF1649A37636C18B50EF2
                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t~.`................................. ........@.. ....................................@................................
                                    Icon Hash:90cececece8e8eb0
                                    Entrypoint:0x40abae
                                    Entrypoint Section:.text
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x609A7E74 [Tue May 11 12:54:12 2021 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:4
                                    OS Version Minor:0
                                    File Version Major:4
                                    File Version Minor:0
                                    Subsystem Version Major:4
                                    Subsystem Version Minor:0
                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                    Instruction
                                    jmp dword ptr [00402000h]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xab540x57.text
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x240.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    .text0x20000x8bb40x8c002365695a090ee63e6f0a6d671a879c74False0.46353236607142856data5.605750029883583IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                    .rsrc0xc0000x2400x400f7ce2f7b506ce16c06c85a549ef2cd98False0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                    .reloc0xe0000xc0x20014e8c9d445c6e20e65bc602fcc627817False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_MANIFEST0xc0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598
                                    DLLImport
                                    mscoree.dll_CorExeMain
                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050021167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049804167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049970167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049896167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050030167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050025167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049772167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050040167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050039167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049947167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050034167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049822167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050043167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050027167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049929167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049964167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050011167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049987167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049958167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050022167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049761167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1050023167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049750167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049999167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049976167.71.56.11622764TCP
                                    2024-12-16T07:20:39.042367+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.1049832167.71.56.11622764TCP
                                    2024-12-16T07:20:55.395232+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049704167.71.56.11622764TCP
                                    2024-12-16T07:20:55.395232+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049704167.71.56.11622764TCP
                                    2024-12-16T07:20:55.515194+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049704167.71.56.11622764TCP
                                    2024-12-16T07:20:55.515194+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049704167.71.56.11622764TCP
                                    2024-12-16T07:20:59.530673+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049705167.71.56.11622764TCP
                                    2024-12-16T07:20:59.530673+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049705167.71.56.11622764TCP
                                    2024-12-16T07:20:59.650567+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049705167.71.56.11622764TCP
                                    2024-12-16T07:20:59.650567+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049705167.71.56.11622764TCP
                                    2024-12-16T07:21:00.886438+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049705167.71.56.11622764TCP
                                    2024-12-16T07:21:04.436217+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049706167.71.56.11622764TCP
                                    2024-12-16T07:21:04.436217+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049706167.71.56.11622764TCP
                                    2024-12-16T07:21:04.556324+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049706167.71.56.11622764TCP
                                    2024-12-16T07:21:04.556324+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049706167.71.56.11622764TCP
                                    2024-12-16T07:21:08.728520+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049707167.71.56.11622764TCP
                                    2024-12-16T07:21:08.728520+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049707167.71.56.11622764TCP
                                    2024-12-16T07:21:08.848338+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049707167.71.56.11622764TCP
                                    2024-12-16T07:21:08.848338+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049707167.71.56.11622764TCP
                                    2024-12-16T07:21:09.026848+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049707167.71.56.11622764TCP
                                    2024-12-16T07:21:13.025137+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049708167.71.56.11622764TCP
                                    2024-12-16T07:21:13.025137+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049708167.71.56.11622764TCP
                                    2024-12-16T07:21:13.147958+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049708167.71.56.11622764TCP
                                    2024-12-16T07:21:13.147958+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049708167.71.56.11622764TCP
                                    2024-12-16T07:21:17.338255+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049709167.71.56.11622764TCP
                                    2024-12-16T07:21:17.338255+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049709167.71.56.11622764TCP
                                    2024-12-16T07:21:17.458139+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049709167.71.56.11622764TCP
                                    2024-12-16T07:21:17.458139+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049709167.71.56.11622764TCP
                                    2024-12-16T07:21:21.650261+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049710167.71.56.11622764TCP
                                    2024-12-16T07:21:21.650261+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049710167.71.56.11622764TCP
                                    2024-12-16T07:21:21.770095+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049710167.71.56.11622764TCP
                                    2024-12-16T07:21:21.770095+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049710167.71.56.11622764TCP
                                    2024-12-16T07:21:25.948375+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049711167.71.56.11622764TCP
                                    2024-12-16T07:21:25.948375+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049711167.71.56.11622764TCP
                                    2024-12-16T07:21:26.068304+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049711167.71.56.11622764TCP
                                    2024-12-16T07:21:26.068304+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049711167.71.56.11622764TCP
                                    2024-12-16T07:21:30.245703+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049712167.71.56.11622764TCP
                                    2024-12-16T07:21:30.245703+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049712167.71.56.11622764TCP
                                    2024-12-16T07:21:30.365965+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049712167.71.56.11622764TCP
                                    2024-12-16T07:21:30.365965+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049712167.71.56.11622764TCP
                                    2024-12-16T07:21:32.401798+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049712167.71.56.11622764TCP
                                    2024-12-16T07:21:34.541844+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049714167.71.56.11622764TCP
                                    2024-12-16T07:21:34.541844+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049714167.71.56.11622764TCP
                                    2024-12-16T07:21:34.664749+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049714167.71.56.11622764TCP
                                    2024-12-16T07:21:34.664749+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049714167.71.56.11622764TCP
                                    2024-12-16T07:21:38.838710+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049715167.71.56.11622764TCP
                                    2024-12-16T07:21:38.838710+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049715167.71.56.11622764TCP
                                    2024-12-16T07:21:38.958450+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049715167.71.56.11622764TCP
                                    2024-12-16T07:21:38.958450+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049715167.71.56.11622764TCP
                                    2024-12-16T07:21:43.147869+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049716167.71.56.11622764TCP
                                    2024-12-16T07:21:43.147869+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049716167.71.56.11622764TCP
                                    2024-12-16T07:21:43.267795+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049716167.71.56.11622764TCP
                                    2024-12-16T07:21:43.267795+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049716167.71.56.11622764TCP
                                    2024-12-16T07:21:44.995589+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049716167.71.56.11622764TCP
                                    2024-12-16T07:21:47.448387+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049718167.71.56.11622764TCP
                                    2024-12-16T07:21:47.448387+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049718167.71.56.11622764TCP
                                    2024-12-16T07:21:47.568274+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049718167.71.56.11622764TCP
                                    2024-12-16T07:21:47.568274+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049718167.71.56.11622764TCP
                                    2024-12-16T07:21:49.261603+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049718167.71.56.11622764TCP
                                    2024-12-16T07:21:51.744181+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049729167.71.56.11622764TCP
                                    2024-12-16T07:21:51.744181+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049729167.71.56.11622764TCP
                                    2024-12-16T07:21:56.040815+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049739167.71.56.11622764TCP
                                    2024-12-16T07:21:56.040815+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049739167.71.56.11622764TCP
                                    2024-12-16T07:21:56.371345+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049739167.71.56.11622764TCP
                                    2024-12-16T07:21:56.495622+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049739167.71.56.11622764TCP
                                    2024-12-16T07:21:56.806745+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049739167.71.56.11622764TCP
                                    2024-12-16T07:21:57.646190+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049739167.71.56.11622764TCP
                                    2024-12-16T07:22:00.338486+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049750167.71.56.11622764TCP
                                    2024-12-16T07:22:00.338486+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049750167.71.56.11622764TCP
                                    2024-12-16T07:22:00.897206+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049750167.71.56.11622764TCP
                                    2024-12-16T07:22:04.650640+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049761167.71.56.11622764TCP
                                    2024-12-16T07:22:04.650640+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049761167.71.56.11622764TCP
                                    2024-12-16T07:22:05.609385+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049761167.71.56.11622764TCP
                                    2024-12-16T07:22:08.807345+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049772167.71.56.11622764TCP
                                    2024-12-16T07:22:08.807345+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049772167.71.56.11622764TCP
                                    2024-12-16T07:22:10.731334+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049772167.71.56.11622764TCP
                                    2024-12-16T07:22:12.853536+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:12.853536+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:13.701358+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:13.821901+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:13.942258+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:14.182071+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:14.302287+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049783167.71.56.11622764TCP
                                    2024-12-16T07:22:16.776610+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:22:16.776610+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:22:17.739105+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:22:18.700098+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:22:18.820035+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:22:18.940057+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049794167.71.56.11622764TCP
                                    2024-12-16T07:22:20.588199+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049804167.71.56.11622764TCP
                                    2024-12-16T07:22:20.588199+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049804167.71.56.11622764TCP
                                    2024-12-16T07:22:21.668936+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049804167.71.56.11622764TCP
                                    2024-12-16T07:22:22.636613+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049804167.71.56.11622764TCP
                                    2024-12-16T07:22:24.465152+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:22:24.465152+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:22:24.825929+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:22:24.945952+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:22:26.507872+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:22:26.627650+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049811167.71.56.11622764TCP
                                    2024-12-16T07:22:28.088013+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049822167.71.56.11622764TCP
                                    2024-12-16T07:22:28.088013+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049822167.71.56.11622764TCP
                                    2024-12-16T07:22:28.459864+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049822167.71.56.11622764TCP
                                    2024-12-16T07:22:29.302221+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049822167.71.56.11622764TCP
                                    2024-12-16T07:22:29.422905+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049822167.71.56.11622764TCP
                                    2024-12-16T07:22:31.622048+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049832167.71.56.11622764TCP
                                    2024-12-16T07:22:31.622048+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049832167.71.56.11622764TCP
                                    2024-12-16T07:22:32.341755+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049832167.71.56.11622764TCP
                                    2024-12-16T07:22:33.180690+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049832167.71.56.11622764TCP
                                    2024-12-16T07:22:35.072266+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:35.072266+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:35.494668+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:36.214300+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:36.334033+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:36.453811+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:36.573689+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:36.749505+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:36.869488+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049839167.71.56.11622764TCP
                                    2024-12-16T07:22:38.449641+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049850167.71.56.11622764TCP
                                    2024-12-16T07:22:38.449641+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049850167.71.56.11622764TCP
                                    2024-12-16T07:22:39.447790+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049850167.71.56.11622764TCP
                                    2024-12-16T07:22:39.567571+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049850167.71.56.11622764TCP
                                    2024-12-16T07:22:39.944015+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049850167.71.56.11622764TCP
                                    2024-12-16T07:22:40.423309+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049850167.71.56.11622764TCP
                                    2024-12-16T07:22:41.761821+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:41.761821+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:42.558409+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:42.678199+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:42.889436+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:43.009402+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:43.297478+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:43.418626+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:43.904689+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049856167.71.56.11622764TCP
                                    2024-12-16T07:22:44.994355+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:44.994355+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:45.593482+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:45.713332+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:45.833028+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:45.993533+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:46.844548+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:46.964550+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049867167.71.56.11622764TCP
                                    2024-12-16T07:22:48.168840+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:22:48.168840+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:22:49.009113+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:22:49.609284+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:22:49.849466+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:22:49.969446+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049873167.71.56.11622764TCP
                                    2024-12-16T07:22:51.275849+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:22:51.275849+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:22:51.516167+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:22:51.636147+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:22:52.484081+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:22:53.425484+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049881167.71.56.11622764TCP
                                    2024-12-16T07:22:54.351618+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:22:54.351618+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:22:55.071841+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:22:56.151980+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:22:56.271918+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:22:56.391792+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049890167.71.56.11622764TCP
                                    2024-12-16T07:22:57.353077+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049896167.71.56.11622764TCP
                                    2024-12-16T07:22:57.353077+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049896167.71.56.11622764TCP
                                    2024-12-16T07:22:58.441356+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049896167.71.56.11622764TCP
                                    2024-12-16T07:22:59.402412+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049896167.71.56.11622764TCP
                                    2024-12-16T07:23:00.332874+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:23:00.332874+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:23:00.935187+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:23:01.175331+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:23:01.340483+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:23:02.182361+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049907167.71.56.11622764TCP
                                    2024-12-16T07:23:03.275191+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:03.275191+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:03.514906+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:03.875020+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:03.995035+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:04.837801+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:05.317263+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049913167.71.56.11622764TCP
                                    2024-12-16T07:23:06.154308+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:06.154308+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:06.634363+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:06.874244+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:06.994641+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:07.114992+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:07.354908+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:07.834615+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:07.954532+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049919167.71.56.11622764TCP
                                    2024-12-16T07:23:09.043642+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049929167.71.56.11622764TCP
                                    2024-12-16T07:23:09.043642+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049929167.71.56.11622764TCP
                                    2024-12-16T07:23:09.772849+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049929167.71.56.11622764TCP
                                    2024-12-16T07:23:11.853029+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049935167.71.56.11622764TCP
                                    2024-12-16T07:23:11.853029+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049935167.71.56.11622764TCP
                                    2024-12-16T07:23:12.452503+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049935167.71.56.11622764TCP
                                    2024-12-16T07:23:12.572359+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049935167.71.56.11622764TCP
                                    2024-12-16T07:23:13.566176+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049935167.71.56.11622764TCP
                                    2024-12-16T07:23:13.686250+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049935167.71.56.11622764TCP
                                    2024-12-16T07:23:14.618513+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049941167.71.56.11622764TCP
                                    2024-12-16T07:23:14.618513+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049941167.71.56.11622764TCP
                                    2024-12-16T07:23:14.858119+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049941167.71.56.11622764TCP
                                    2024-12-16T07:23:15.342029+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049941167.71.56.11622764TCP
                                    2024-12-16T07:23:16.486441+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049941167.71.56.11622764TCP
                                    2024-12-16T07:23:16.606548+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049941167.71.56.11622764TCP
                                    2024-12-16T07:23:17.352776+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049947167.71.56.11622764TCP
                                    2024-12-16T07:23:17.352776+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049947167.71.56.11622764TCP
                                    2024-12-16T07:23:17.592759+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049947167.71.56.11622764TCP
                                    2024-12-16T07:23:18.073612+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049947167.71.56.11622764TCP
                                    2024-12-16T07:23:18.933831+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049947167.71.56.11622764TCP
                                    2024-12-16T07:23:20.072635+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049958167.71.56.11622764TCP
                                    2024-12-16T07:23:20.072635+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049958167.71.56.11622764TCP
                                    2024-12-16T07:23:20.794248+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049958167.71.56.11622764TCP
                                    2024-12-16T07:23:22.754793+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049964167.71.56.11622764TCP
                                    2024-12-16T07:23:22.754793+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049964167.71.56.11622764TCP
                                    2024-12-16T07:23:23.595590+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049964167.71.56.11622764TCP
                                    2024-12-16T07:23:24.075950+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049964167.71.56.11622764TCP
                                    2024-12-16T07:23:24.557204+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049964167.71.56.11622764TCP
                                    2024-12-16T07:23:25.402624+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049970167.71.56.11622764TCP
                                    2024-12-16T07:23:25.402624+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049970167.71.56.11622764TCP
                                    2024-12-16T07:23:25.642753+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049970167.71.56.11622764TCP
                                    2024-12-16T07:23:26.514981+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049970167.71.56.11622764TCP
                                    2024-12-16T07:23:27.357398+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049970167.71.56.11622764TCP
                                    2024-12-16T07:23:28.040965+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049976167.71.56.11622764TCP
                                    2024-12-16T07:23:28.040965+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049976167.71.56.11622764TCP
                                    2024-12-16T07:23:29.121619+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049976167.71.56.11622764TCP
                                    2024-12-16T07:23:30.637001+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049987167.71.56.11622764TCP
                                    2024-12-16T07:23:30.637001+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049987167.71.56.11622764TCP
                                    2024-12-16T07:23:31.480718+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049987167.71.56.11622764TCP
                                    2024-12-16T07:23:31.600953+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049987167.71.56.11622764TCP
                                    2024-12-16T07:23:32.320468+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049987167.71.56.11622764TCP
                                    2024-12-16T07:23:33.213343+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:33.213343+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:33.333119+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:33.333119+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:34.294856+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:34.655345+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:35.257162+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049993167.71.56.11622764TCP
                                    2024-12-16T07:23:35.812591+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1049999167.71.56.11622764TCP
                                    2024-12-16T07:23:35.812591+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1049999167.71.56.11622764TCP
                                    2024-12-16T07:23:36.172358+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049999167.71.56.11622764TCP
                                    2024-12-16T07:23:37.491833+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1049999167.71.56.11622764TCP
                                    2024-12-16T07:23:38.369163+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:38.369163+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:38.609795+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:38.730089+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:38.850114+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:39.331961+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:40.300352+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050005167.71.56.11622764TCP
                                    2024-12-16T07:23:40.900471+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050011167.71.56.11622764TCP
                                    2024-12-16T07:23:40.900471+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050011167.71.56.11622764TCP
                                    2024-12-16T07:23:41.260021+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050011167.71.56.11622764TCP
                                    2024-12-16T07:23:41.622084+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050011167.71.56.11622764TCP
                                    2024-12-16T07:23:42.943995+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050011167.71.56.11622764TCP
                                    2024-12-16T07:23:43.415718+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:43.415718+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:43.535648+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:43.535648+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:43.796704+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:43.916820+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:44.339718+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:44.819908+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050017167.71.56.11622764TCP
                                    2024-12-16T07:23:45.917651+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050019167.71.56.11622764TCP
                                    2024-12-16T07:23:45.917651+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050019167.71.56.11622764TCP
                                    2024-12-16T07:23:46.417678+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050019167.71.56.11622764TCP
                                    2024-12-16T07:23:46.537525+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050019167.71.56.11622764TCP
                                    2024-12-16T07:23:46.657354+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050019167.71.56.11622764TCP
                                    2024-12-16T07:23:46.923578+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050019167.71.56.11622764TCP
                                    2024-12-16T07:23:48.400289+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:48.400289+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:49.021966+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:49.269682+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:49.392581+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:49.634559+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:50.479098+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050020167.71.56.11622764TCP
                                    2024-12-16T07:23:50.869178+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050021167.71.56.11622764TCP
                                    2024-12-16T07:23:50.869178+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050021167.71.56.11622764TCP
                                    2024-12-16T07:23:51.396806+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050021167.71.56.11622764TCP
                                    2024-12-16T07:23:52.368226+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050021167.71.56.11622764TCP
                                    2024-12-16T07:23:53.321874+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050022167.71.56.11622764TCP
                                    2024-12-16T07:23:53.321874+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050022167.71.56.11622764TCP
                                    2024-12-16T07:23:54.113619+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050022167.71.56.11622764TCP
                                    2024-12-16T07:23:54.954402+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050022167.71.56.11622764TCP
                                    2024-12-16T07:23:55.775081+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050023167.71.56.11622764TCP
                                    2024-12-16T07:23:55.775081+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050023167.71.56.11622764TCP
                                    2024-12-16T07:23:56.856148+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050023167.71.56.11622764TCP
                                    2024-12-16T07:23:57.701914+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050023167.71.56.11622764TCP
                                    2024-12-16T07:23:58.213224+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:23:58.213224+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:23:58.693682+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:23:59.654483+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:23:59.774338+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:23:59.894820+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:24:00.014678+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050024167.71.56.11622764TCP
                                    2024-12-16T07:24:00.786254+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050025167.71.56.11622764TCP
                                    2024-12-16T07:24:00.786254+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050025167.71.56.11622764TCP
                                    2024-12-16T07:24:01.984862+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050025167.71.56.11622764TCP
                                    2024-12-16T07:24:02.584657+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050025167.71.56.11622764TCP
                                    2024-12-16T07:24:02.707096+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050025167.71.56.11622764TCP
                                    2024-12-16T07:24:03.212090+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:03.212090+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:03.452869+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:03.572756+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:04.046943+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:04.411960+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:05.260292+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050026167.71.56.11622764TCP
                                    2024-12-16T07:24:05.618832+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050027167.71.56.11622764TCP
                                    2024-12-16T07:24:05.618832+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050027167.71.56.11622764TCP
                                    2024-12-16T07:24:06.098137+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050027167.71.56.11622764TCP
                                    2024-12-16T07:24:06.936975+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050027167.71.56.11622764TCP
                                    2024-12-16T07:24:08.033364+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050028167.71.56.11622764TCP
                                    2024-12-16T07:24:08.033364+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050028167.71.56.11622764TCP
                                    2024-12-16T07:24:08.698240+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050028167.71.56.11622764TCP
                                    2024-12-16T07:24:10.462388+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050029167.71.56.11622764TCP
                                    2024-12-16T07:24:10.462388+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050029167.71.56.11622764TCP
                                    2024-12-16T07:24:10.703989+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050029167.71.56.11622764TCP
                                    2024-12-16T07:24:10.824434+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050029167.71.56.11622764TCP
                                    2024-12-16T07:24:11.386056+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050029167.71.56.11622764TCP
                                    2024-12-16T07:24:12.852775+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050030167.71.56.11622764TCP
                                    2024-12-16T07:24:12.852775+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050030167.71.56.11622764TCP
                                    2024-12-16T07:24:13.580439+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050030167.71.56.11622764TCP
                                    2024-12-16T07:24:14.642346+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050030167.71.56.11622764TCP
                                    2024-12-16T07:24:15.120310+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050030167.71.56.11622764TCP
                                    2024-12-16T07:24:15.248400+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:24:15.248400+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:24:15.487967+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:24:15.849016+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:24:16.448902+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:24:17.288594+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050031167.71.56.11622764TCP
                                    2024-12-16T07:24:17.622155+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:17.622155+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:18.271743+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:18.391590+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:18.992454+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:19.112699+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:19.886395+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050032167.71.56.11622764TCP
                                    2024-12-16T07:24:20.010521+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:20.010521+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:20.251247+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:20.443271+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:20.563187+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:21.132991+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:21.252784+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:21.372461+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:21.492272+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:22.246267+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050033167.71.56.11622764TCP
                                    2024-12-16T07:24:22.370924+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050034167.71.56.11622764TCP
                                    2024-12-16T07:24:22.370924+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050034167.71.56.11622764TCP
                                    2024-12-16T07:24:23.090477+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050034167.71.56.11622764TCP
                                    2024-12-16T07:24:24.756923+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050035167.71.56.11622764TCP
                                    2024-12-16T07:24:24.756923+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050035167.71.56.11622764TCP
                                    2024-12-16T07:24:25.236411+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050035167.71.56.11622764TCP
                                    2024-12-16T07:24:25.447711+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050035167.71.56.11622764TCP
                                    2024-12-16T07:24:25.732901+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050035167.71.56.11622764TCP
                                    2024-12-16T07:24:25.852730+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050035167.71.56.11622764TCP
                                    2024-12-16T07:24:27.103443+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:27.103443+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:27.365678+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:27.846185+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:27.993642+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:28.323712+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:28.460596+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050036167.71.56.11622764TCP
                                    2024-12-16T07:24:29.462208+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050037167.71.56.11622764TCP
                                    2024-12-16T07:24:29.462208+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050037167.71.56.11622764TCP
                                    2024-12-16T07:24:30.544750+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050037167.71.56.11622764TCP
                                    2024-12-16T07:24:30.664722+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050037167.71.56.11622764TCP
                                    2024-12-16T07:24:31.092143+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050037167.71.56.11622764TCP
                                    2024-12-16T07:24:31.682935+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050037167.71.56.11622764TCP
                                    2024-12-16T07:24:31.806118+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:31.806118+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:32.046113+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:33.275586+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:33.395490+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:33.818169+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:34.026351+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050038167.71.56.11622764TCP
                                    2024-12-16T07:24:34.153669+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050039167.71.56.11622764TCP
                                    2024-12-16T07:24:34.153669+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050039167.71.56.11622764TCP
                                    2024-12-16T07:24:36.495757+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050040167.71.56.11622764TCP
                                    2024-12-16T07:24:36.495757+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050040167.71.56.11622764TCP
                                    2024-12-16T07:24:38.837052+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050041167.71.56.11622764TCP
                                    2024-12-16T07:24:38.837052+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050041167.71.56.11622764TCP
                                    2024-12-16T07:24:39.316683+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050041167.71.56.11622764TCP
                                    2024-12-16T07:24:40.106740+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050041167.71.56.11622764TCP
                                    2024-12-16T07:24:40.226914+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050041167.71.56.11622764TCP
                                    2024-12-16T07:24:40.559535+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050041167.71.56.11622764TCP
                                    2024-12-16T07:24:41.165206+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050042167.71.56.11622764TCP
                                    2024-12-16T07:24:41.165206+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050042167.71.56.11622764TCP
                                    2024-12-16T07:24:42.128448+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050042167.71.56.11622764TCP
                                    2024-12-16T07:24:42.248215+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050042167.71.56.11622764TCP
                                    2024-12-16T07:24:43.645053+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050043167.71.56.11622764TCP
                                    2024-12-16T07:24:43.645053+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050043167.71.56.11622764TCP
                                    2024-12-16T07:24:44.207339+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050043167.71.56.11622764TCP
                                    2024-12-16T07:24:44.327249+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.1050043167.71.56.11622764TCP
                                    2024-12-16T07:24:48.836841+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.1050044167.71.56.11622764TCP
                                    2024-12-16T07:24:48.836841+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.1050044167.71.56.11622764TCP
                                    2024-12-16T07:24:48.956801+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.1050044167.71.56.11622764TCP
                                    2024-12-16T07:24:48.956801+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.1050044167.71.56.11622764TCP
                                    TimestampSource PortDest PortSource IPDest IP
                                    Dec 16, 2024 07:20:55.106241941 CET4970422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:55.226144075 CET2276449704167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:55.226476908 CET4970422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:55.395231962 CET4970422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:55.515079975 CET2276449704167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:55.515193939 CET4970422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:55.635507107 CET2276449704167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:57.396070004 CET2276449704167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:57.396222115 CET4970422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:59.406264067 CET4970422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:59.407114029 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:59.526479959 CET2276449704167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:59.526880026 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:59.526978016 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:59.530673027 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:59.650427103 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:20:59.650567055 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:20:59.770345926 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:00.886437893 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:01.006422043 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:01.692608118 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:01.695272923 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:03.698580027 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:03.699357033 CET4970622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:04.010889053 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:04.433037043 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:04.433080912 CET2276449706167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:04.433213949 CET4970622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:04.433872938 CET2276449705167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:04.433923960 CET4970522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:04.436217070 CET4970622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:04.556246042 CET2276449706167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:04.556324005 CET4970622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:04.676064014 CET2276449706167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:06.599356890 CET2276449706167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:06.599492073 CET4970622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:08.604739904 CET4970622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:08.605496883 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:08.724412918 CET2276449706167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:08.725217104 CET2276449707167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:08.725284100 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:08.728519917 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:08.848198891 CET2276449707167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:08.848337889 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:08.968223095 CET2276449707167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:09.026848078 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:09.146545887 CET2276449707167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:10.897335052 CET2276449707167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:10.897399902 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:12.901849985 CET4970722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:12.902345896 CET4970822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:13.021595955 CET2276449707167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:13.022015095 CET2276449708167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:13.022126913 CET4970822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:13.025136948 CET4970822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:13.145152092 CET2276449708167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:13.147958040 CET4970822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:13.267751932 CET2276449708167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:15.196213007 CET2276449708167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:15.196281910 CET4970822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:17.214358091 CET4970822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:17.215065002 CET4970922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:17.334184885 CET2276449708167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:17.334930897 CET2276449709167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:17.335031033 CET4970922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:17.338254929 CET4970922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:17.458003998 CET2276449709167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:17.458138943 CET4970922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:17.578020096 CET2276449709167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:19.525410891 CET2276449709167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:19.525528908 CET4970922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:21.526804924 CET4970922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:21.527558088 CET4971022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:21.646567106 CET2276449709167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:21.647413015 CET2276449710167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:21.647499084 CET4971022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:21.650260925 CET4971022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:21.769959927 CET2276449710167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:21.770095110 CET4971022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:21.889827013 CET2276449710167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:23.822242022 CET2276449710167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:23.822314978 CET4971022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:25.823628902 CET4971022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:25.824372053 CET4971122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:25.943546057 CET2276449710167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:25.944154978 CET2276449711167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:25.944283009 CET4971122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:25.948374987 CET4971122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:26.068142891 CET2276449711167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:26.068304062 CET4971122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:26.188014984 CET2276449711167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:28.118130922 CET2276449711167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:28.118220091 CET4971122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:30.120354891 CET4971122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:30.121433020 CET4971222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:30.240062952 CET2276449711167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:30.241141081 CET2276449712167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:30.241339922 CET4971222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:30.245702982 CET4971222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:30.365781069 CET2276449712167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:30.365964890 CET4971222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:30.485789061 CET2276449712167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:32.401798010 CET4971222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:32.410419941 CET2276449712167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:32.410532951 CET4971222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:32.521567106 CET2276449712167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:32.530316114 CET2276449712167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:34.417908907 CET4971422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:34.538013935 CET2276449714167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:34.538189888 CET4971422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:34.541843891 CET4971422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:34.661611080 CET2276449714167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:34.664748907 CET4971422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:34.784619093 CET2276449714167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:36.707137108 CET2276449714167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:36.707205057 CET4971422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:38.714277983 CET4971422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:38.715332985 CET4971522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:38.834013939 CET2276449714167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:38.835180998 CET2276449715167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:38.835341930 CET4971522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:38.838710070 CET4971522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:38.958400011 CET2276449715167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:38.958450079 CET4971522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:39.078195095 CET2276449715167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:41.003844023 CET2276449715167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:41.004020929 CET4971522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:43.012226105 CET4971522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:43.024502039 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:43.132075071 CET2276449715167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:43.144325018 CET2276449716167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:43.144422054 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:43.147869110 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:43.267668009 CET2276449716167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:43.267795086 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:43.387701035 CET2276449716167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:44.995589018 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:45.115371943 CET2276449716167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:45.316971064 CET2276449716167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:45.317092896 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:47.323548079 CET4971622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:47.324498892 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:47.443260908 CET2276449716167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:47.444113016 CET2276449718167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:47.444214106 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:47.448386908 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:47.568208933 CET2276449718167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:47.568274021 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:47.688205004 CET2276449718167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:49.261603117 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:49.381262064 CET2276449718167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:49.612060070 CET2276449718167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:49.612237930 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:51.620472908 CET4971822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:51.621494055 CET4972922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:51.740483046 CET2276449718167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:51.741265059 CET2276449729167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:51.741336107 CET4972922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:51.744180918 CET4972922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:51.863974094 CET2276449729167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:51.864089012 CET4972922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:51.984642029 CET2276449729167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:53.910190105 CET2276449729167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:53.912712097 CET4972922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:55.917603970 CET4972922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:55.918410063 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.037257910 CET2276449729167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.038057089 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.038156033 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.040815115 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.160480976 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.160631895 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.280383110 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.371345043 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.490987062 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.495621920 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.615253925 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.806745052 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:56.926441908 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:56.926589966 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.046339989 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.046453953 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.166178942 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.166379929 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.286252975 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.286361933 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.406128883 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.406199932 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.526120901 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.526246071 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.646115065 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.646189928 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.766036034 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.766148090 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:57.885838032 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:57.886010885 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:58.005790949 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:58.005880117 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:58.125646114 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:58.127773046 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:58.207197905 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:58.207915068 CET4973922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:21:58.247500896 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:21:58.327620029 CET2276449739167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:00.215042114 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:00.334883928 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:00.334984064 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:00.338485956 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:00.458589077 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:00.458652020 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:00.578561068 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:00.897206068 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.017013073 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.020860910 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.140657902 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.144709110 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.264486074 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.264626980 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.384345055 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.384422064 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.504157066 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.504277945 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.624000072 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.624679089 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.744400978 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.746742010 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.866477966 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.866751909 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:01.987647057 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:01.987729073 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:02.107501984 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:02.107637882 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:02.227464914 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:02.227540970 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:02.347306967 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:02.347439051 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:02.467232943 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:02.467365026 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:02.516184092 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:02.516307116 CET4975022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:02.587059021 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:02.636135101 CET2276449750167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:04.527455091 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:04.647290945 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:04.647435904 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:04.650640011 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:04.770447016 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:04.770544052 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:04.890325069 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:04.890409946 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.010102034 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.010159969 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.130001068 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.130134106 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.249802113 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.249969006 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.369654894 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.369767904 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.489449978 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.489615917 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.609322071 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.609385014 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.729130030 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.729224920 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.849478960 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.849605083 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:05.969595909 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:05.969732046 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.120821953 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.120944023 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.361015081 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.361080885 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.480767012 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.480896950 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.600655079 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.600780964 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.720474005 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.720614910 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.814954042 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.815026045 CET4976122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:06.841217041 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:06.935300112 CET2276449761167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:08.684351921 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:08.804111958 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:08.804425955 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:08.807344913 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:08.927083969 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:08.927400112 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.047194004 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.048576117 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.168562889 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.168663979 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.289113045 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.289254904 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.409471035 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.409656048 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.529444933 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.529649019 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.649586916 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.650013924 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.769985914 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.770163059 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:09.890069008 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:09.890450954 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.010253906 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.010468960 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.130297899 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.130548000 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.250360012 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.250544071 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.370331049 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.370408058 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.490191936 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.490573883 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.610287905 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.611304045 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.731167078 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.731333971 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.851203918 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.851293087 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.971246958 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.971342087 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:10.973223925 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:10.973309994 CET4977222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:11.091204882 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:11.094060898 CET2276449772167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:12.730878115 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:12.850615025 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:12.850720882 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:12.853535891 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:12.973273039 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:12.976731062 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.096561909 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.099746943 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.219496012 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.219562054 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.339270115 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.339376926 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.459101915 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.460789919 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.580595970 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.581268072 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.701016903 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.701358080 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.821073055 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.821901083 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:13.941644907 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:13.942257881 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.061986923 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.062067986 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.181822062 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.182070971 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.302062988 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.302287102 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.421926975 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.422137976 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.541920900 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.542088032 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.662126064 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.662559986 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.782927036 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.783114910 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:14.903242111 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:14.903336048 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:15.018207073 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:15.018774033 CET4978322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:15.023057938 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:15.138530970 CET2276449783167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:16.652826071 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:16.772618055 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:16.772742987 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:16.776609898 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:16.896347046 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:16.896467924 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.016294956 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.016434908 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.137176037 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.137300014 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.258054018 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.258194923 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.379488945 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.379622936 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.499339104 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.499423027 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.619141102 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.619321108 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.739044905 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.739104986 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.858788013 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.858913898 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:17.978661060 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:17.978775024 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.098747015 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.098824024 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.218529940 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.218692064 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.339262009 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.339373112 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.460186958 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.460516930 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.580218077 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.580329895 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.700033903 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.700098038 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.819967985 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.820034981 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.939970970 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.940057039 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:18.941688061 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:18.941759109 CET4979422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:19.059762955 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:19.061470985 CET2276449794167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:20.465147972 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:20.584904909 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:20.585092068 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:20.588198900 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:20.708389997 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:20.708545923 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:20.828246117 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:20.828372002 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:20.948196888 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:20.948338985 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.068072081 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.068279028 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.187994003 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.188345909 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.308300018 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.308669090 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.429111958 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.429164886 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.548887014 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.548993111 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.668760061 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.668936014 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.788674116 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.788753986 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:21.908497095 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:21.908657074 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.028354883 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.028620958 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.148955107 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.149147034 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.269041061 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.269443989 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.389247894 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.389442921 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.509299994 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.509491920 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.629424095 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.636612892 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.752660036 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.752784014 CET4980422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:22.756357908 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:22.872591972 CET2276449804167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:24.183893919 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:24.462167978 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:24.462253094 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:24.465152025 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:24.584878922 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:24.584944010 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:24.706095934 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:24.706161022 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:24.825848103 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:24.825928926 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:24.945708990 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:24.945951939 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.065699100 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.065772057 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.185471058 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.185590982 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.305311918 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.305442095 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.425137043 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.425203085 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.545007944 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.545161963 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.664971113 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.665196896 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.784897089 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.784972906 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:25.904798031 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:25.904963970 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.024708986 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.024893045 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.144629002 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.144860029 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.264692068 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.264801025 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.387727022 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.387811899 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.507803917 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.507872105 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.627556086 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.627650023 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.631489038 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.631568909 CET4981122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:26.747353077 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:26.751564980 CET2276449811167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:27.964876890 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.084738016 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.084943056 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.088012934 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.207864046 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.208019972 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.327934027 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.328006983 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.447781086 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.459863901 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.579689026 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.579852104 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.700311899 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.700442076 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.822227955 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.822753906 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:28.942657948 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:28.942723036 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.062424898 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.062551975 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.182298899 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.182437897 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.302160025 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.302221060 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.422851086 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.422904968 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.542618036 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.542684078 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.662401915 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.662558079 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.782336950 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.782473087 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:29.902291059 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:29.902429104 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:30.022217989 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:30.022362947 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:30.142167091 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:30.142246962 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:30.254869938 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:30.254947901 CET4982222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:30.262084961 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:30.374821901 CET2276449822167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:31.496067047 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:31.615878105 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:31.616051912 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:31.622047901 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:31.741765976 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:31.741936922 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:31.861709118 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:31.861814022 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:31.981623888 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:31.981702089 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.101571083 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.101706028 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.221771955 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.221864939 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.341648102 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.341754913 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.461468935 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.461530924 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.581310987 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.581373930 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.701102018 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.701237917 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.820904016 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.821089983 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:32.940876961 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:32.941021919 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.060765028 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.060839891 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.180627108 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.180690050 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.300432920 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.300564051 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.420414925 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.420571089 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.540353060 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.540474892 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.660391092 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.660522938 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.780546904 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.780616045 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.787632942 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.787699938 CET4983222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:33.900656939 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:33.907506943 CET2276449832167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:34.949374914 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.069128036 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.069210052 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.072266102 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.192001104 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.192071915 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.311749935 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.311877966 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.431535006 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.494668007 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.614423990 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.614554882 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.734508038 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.734680891 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.854444981 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.854840994 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:35.974502087 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:35.974632025 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.094343901 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.094491959 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.214242935 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.214299917 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.333982944 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.334033012 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.453727961 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.453810930 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.573631048 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.573688984 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.693566084 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.749505043 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.869343042 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:36.869488001 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:36.989211082 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:37.239299059 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:37.239399910 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.324476004 CET4983922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.325944901 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.444139004 CET2276449839167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:38.445658922 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:38.445775032 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.449640989 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.569319963 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:38.569472075 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.689368963 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:38.692622900 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.812355995 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:38.812622070 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:38.932352066 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:38.932698011 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:39.052402020 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:39.052476883 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:39.172220945 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:39.172374010 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:39.292032957 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:39.292114019 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:39.411835909 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:39.447789907 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:39.567461014 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:39.567570925 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:39.687261105 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:39.944015026 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.063842058 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.063918114 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.183634996 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.183777094 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.303488970 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.303570986 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.423199892 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.423309088 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.543028116 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.543103933 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.616959095 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.617050886 CET4985022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:40.662909031 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:40.736830950 CET2276449850167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:41.637156963 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:41.757958889 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:41.758972883 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:41.761821032 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:41.881521940 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:41.884627104 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.004966974 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.006277084 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.127026081 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.127116919 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.246834040 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.246973991 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.366606951 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.366796017 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.488524914 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.558408976 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.678138018 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.678199053 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:42.798079014 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:42.889436007 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.009330988 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.009402037 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.129136086 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.297477961 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.417171955 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.418626070 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.538383007 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.539730072 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.659557104 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.664611101 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.784420967 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.784621954 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.904452085 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.904689074 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:43.928893089 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:43.929184914 CET4985622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:44.024916887 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:44.048952103 CET2276449856167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:44.872093916 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:44.991785049 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:44.991981983 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:44.994354963 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.114023924 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.114144087 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.233813047 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.233992100 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.353653908 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.353847027 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.473555088 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.473681927 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.593368053 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.593482018 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.713247061 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.713331938 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.832969904 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.833028078 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:45.952836990 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:45.993532896 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.113511086 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.114835024 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.234684944 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.235461950 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.355113983 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.355180979 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.474837065 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.479523897 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.599220991 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.603127003 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.723361969 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.723454952 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.843106031 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.844547987 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:46.964279890 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:46.964550018 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:47.084275961 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:47.084444046 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:47.161776066 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:47.161907911 CET4986722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:47.204273939 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:47.281593084 CET2276449867167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.046308041 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.166044950 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.166176081 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.168839931 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.288856030 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.289056063 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.408823013 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.409128904 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.528974056 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.529124022 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.648859024 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.648955107 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.769053936 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.769323111 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:48.889036894 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:48.889103889 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.009036064 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.009113073 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.129055977 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.129221916 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.248974085 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.249284029 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.369002104 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.369157076 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.489021063 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.489113092 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.609128952 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.609283924 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.729540110 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.729626894 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.849389076 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.849466085 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:49.969309092 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:49.969445944 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:50.089380026 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:50.089514017 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:50.209325075 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:50.209462881 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:50.329457998 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:50.329535961 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:50.335422039 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:50.335541010 CET4987322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:50.449593067 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:50.455466032 CET2276449873167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.152501106 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.272232056 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.272455931 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.275849104 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.395674944 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.396173954 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.516060114 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.516166925 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.635910988 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.636147022 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.755877018 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.756062984 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.876799107 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.876903057 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:51.996756077 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:51.997484922 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:52.121084929 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:52.121253967 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:52.242695093 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:52.242877007 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:52.363523006 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:52.363770962 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:52.483520985 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:52.484081030 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:52.603885889 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:52.604243994 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:52.808871984 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:52.809164047 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:53.048744917 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:53.049675941 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:53.169691086 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:53.169837952 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:53.289908886 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:53.291342020 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:53.411140919 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:53.425483942 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:53.445465088 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:53.445615053 CET4988122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:53.546273947 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:53.566267967 CET2276449881167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.218041897 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.337835073 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.337912083 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.351618052 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.471342087 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.471479893 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.591207981 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.591283083 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.711692095 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.711858988 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.831742048 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.831916094 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:54.951750994 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:54.951849937 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.071700096 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.071841002 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.191692114 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.191962957 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.312074900 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.312311888 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.432243109 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.432467937 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.552205086 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.552412033 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.672226906 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.672405958 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.792133093 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.792241096 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:55.912125111 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:55.912203074 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:56.032080889 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:56.032185078 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:56.151915073 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:56.151979923 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:56.271768093 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:56.271918058 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:56.391674995 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:56.391792059 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:56.507967949 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:56.508116007 CET4989022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:56.511519909 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:56.627824068 CET2276449890167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.230479002 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.350199938 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.350629091 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.353076935 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.472707033 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.472884893 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.592504025 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.596615076 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.716418982 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.716552973 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.836276054 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.840661049 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:57.960539103 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:57.960684061 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.080590010 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.080949068 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.200858116 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.201373100 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.321279049 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.321357965 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.441284895 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.441355944 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.561147928 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.561487913 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.681564093 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.682815075 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.802490950 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.802663088 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:58.922409058 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:58.922486067 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.042220116 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.042390108 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.162183046 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.162414074 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.282372952 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.282450914 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.402297020 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.402411938 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.522903919 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.523123026 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.523669004 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.523768902 CET4989622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:22:59.642806053 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:22:59.643398046 CET2276449896167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.208178043 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.327955008 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.328233957 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.332874060 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.452563047 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.452713966 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.572397947 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.575160027 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.694940090 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.695070028 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.814974070 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.815135002 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:00.934947014 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:00.935187101 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.054994106 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.055222034 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.175112009 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.175331116 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.295589924 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.340482950 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.460155964 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.460311890 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.580059052 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.580470085 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.700206995 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.700467110 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.820187092 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.820316076 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:01.941682100 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:01.941775084 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:02.061566114 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:02.061703920 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:02.182303905 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:02.182360888 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:02.302042007 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:02.302156925 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:02.422049046 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:02.422120094 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:02.492520094 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:02.492693901 CET4990722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:02.541836977 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:02.612319946 CET2276449907167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.152425051 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.272171021 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.272249937 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.275191069 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.395015001 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.395128012 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.514823914 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.514905930 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.634599924 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.634691954 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.754436016 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.754884005 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.874955893 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.875020027 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:03.994764090 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:03.995034933 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.114716053 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.116583109 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.236341953 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.236624956 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.356436014 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.358623981 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.478385925 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.478606939 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.598295927 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.598382950 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.717991114 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.718075991 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.837733030 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.837800980 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:04.957546949 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:04.957623959 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:05.077375889 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:05.077534914 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:05.197233915 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:05.197381973 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:05.317200899 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:05.317262888 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:05.437130928 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:05.437366009 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:05.445727110 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:05.445854902 CET4991322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:05.557342052 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:05.565561056 CET2276449913167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.031830072 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.151624918 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.151796103 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.154308081 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.274149895 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.274290085 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.394292116 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.394495010 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.514373064 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.514435053 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.634258032 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.634362936 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.754242897 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.754309893 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.874160051 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.874243975 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:06.994576931 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:06.994641066 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.114881992 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.114991903 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.234874010 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.234932899 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.354757071 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.354907990 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.474534035 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.474672079 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.594500065 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.594713926 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.714711905 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.714807034 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.834541082 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.834614992 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:07.954476118 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:07.954531908 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:08.074301958 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:08.074456930 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:08.194382906 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:08.194535971 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:08.314308882 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:08.314398050 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:08.318762064 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:08.318903923 CET4991922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:08.434114933 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:08.438641071 CET2276449919167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:08.871121883 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.040834904 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.040913105 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.043642044 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.280277967 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.280359983 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.400554895 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.400717020 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.520565033 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.520704985 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.640477896 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.640558004 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.760396004 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.772849083 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:09.894293070 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:09.894439936 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.015366077 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.015526056 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.135366917 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.135785103 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.255426884 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.255660057 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.375358105 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.375463009 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.495213985 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.495331049 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.616482019 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.618297100 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.738121033 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.738254070 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.858386993 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.858495951 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:10.978239059 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:10.978318930 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:11.098062038 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:11.098162889 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:11.215743065 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:11.215862989 CET4992922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:11.217891932 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:11.335573912 CET2276449929167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:11.730391979 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:11.850155115 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:11.850317001 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:11.853029013 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:11.972671986 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:11.972784042 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.092515945 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.092773914 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.212569952 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.212666035 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.332518101 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.332655907 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.452426910 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.452502966 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.572233915 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.572359085 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.692202091 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.692329884 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.812105894 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.812191010 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:12.932044983 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:12.932121038 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:13.051860094 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:13.051920891 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:13.171775103 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:13.171899080 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:13.292895079 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:13.292988062 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:13.412985086 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:13.566175938 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:13.686126947 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:13.686249971 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:13.806078911 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.013077974 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.013210058 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.495165110 CET4993522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.496078014 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.614886045 CET2276449935167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.615813971 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.615881920 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.618513107 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.738255024 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.738317966 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.858068943 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.858119011 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:14.977891922 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:14.978009939 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.097801924 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.098110914 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.217768908 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.219310999 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.341504097 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.342029095 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.462783098 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.463387966 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.584943056 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.588535070 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.708278894 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.708570004 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.828509092 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.832549095 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:15.953380108 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:15.956561089 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:16.076343060 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:16.076401949 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:16.197151899 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:16.197221994 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:16.317123890 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:16.486440897 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:16.606380939 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:16.606548071 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:16.726671934 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:16.776505947 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:16.776623964 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.229509115 CET4994122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.230459929 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.349312067 CET2276449941167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.350282907 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.350379944 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.352776051 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.472702026 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.472826958 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.592628002 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.592758894 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.712496042 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.712626934 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.832376957 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.832487106 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:17.953531981 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:17.953607082 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.073518991 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.073611975 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.193464041 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.193559885 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.313393116 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.313510895 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.433378935 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.435189009 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.555011034 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.558585882 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.678317070 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.678739071 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.798583031 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.799335957 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:18.919241905 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:18.933830976 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:19.053658009 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.054636955 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:19.174475908 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.174690962 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:19.294424057 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.294536114 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:19.414352894 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.414468050 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:19.529119968 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.529315948 CET4994722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:19.534338951 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.649923086 CET2276449947167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:19.950016022 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.070072889 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.070287943 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.072634935 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.192349911 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.192430973 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.312143087 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.312300920 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.432056904 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.432197094 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.552423954 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.552556992 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.672308922 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.672446012 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.794179916 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.794248104 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:20.915200949 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:20.915344000 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.035365105 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.035496950 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.360987902 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.362551928 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.482364893 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.482597113 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.603140116 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.604635000 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.724510908 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.725383043 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.845062017 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.845170975 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:21.964832067 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:21.967459917 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.087388992 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.091171026 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.210896015 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.210966110 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.230196953 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.230283976 CET4995822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.330734015 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.350001097 CET2276449958167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.632138968 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.751885891 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.751983881 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.754792929 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.874538898 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.874665976 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:22.995331049 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:22.995430946 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.116260052 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.116386890 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.236074924 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.236224890 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.355921984 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.356004953 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.475744963 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.475846052 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.595527887 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.595590115 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.715393066 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.715527058 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.835374117 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.835525036 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:23.955413103 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:23.955492973 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.075797081 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.075949907 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.195969105 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.196038961 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.316567898 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.316708088 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.437151909 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.437261105 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.557148933 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.557204008 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.678112030 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.678333998 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.798314095 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.798441887 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.917943954 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:24.918052912 CET4996422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:24.918116093 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.037956953 CET2276449964167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.279336929 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:25.399303913 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.399435997 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:25.402623892 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:25.522485971 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.522708893 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:25.642582893 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.642752886 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:25.762615919 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.762679100 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:25.882580996 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:25.882715940 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.002454042 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.002757072 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.122437000 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.122680902 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.242377996 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.242680073 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.362365961 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.362453938 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.482208967 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.514981031 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.636461973 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.636660099 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.757508039 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.757641077 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.877434015 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.877655983 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:26.997452021 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:26.997632980 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:27.117515087 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.117674112 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:27.237512112 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.237585068 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:27.357316017 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.357398033 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:27.477643013 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.477791071 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:27.576071024 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.576189041 CET4997022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:27.597604990 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.695909977 CET2276449970167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:27.917826891 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.038398027 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.038503885 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.040965080 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.160995960 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.161128044 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.281034946 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.281116009 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.401217937 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.401535034 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.521622896 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.521714926 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.641477108 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.641587973 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.761406898 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.761516094 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:28.881372929 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:28.881612062 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.001382113 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.001595974 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.121529102 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.121618986 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.241477966 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.241553068 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.361267090 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.361407042 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.481261015 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.481334925 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.601078033 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.601205111 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.720937014 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.721020937 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.842127085 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.842259884 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:29.961920023 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:29.962172031 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.082266092 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.082376003 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.198286057 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.198376894 CET4997622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.202117920 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.318103075 CET2276449976167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.514553070 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.634296894 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.634372950 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.637001038 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.759387970 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.759490013 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.879275084 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.879345894 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:30.999015093 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:30.999099970 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.118855953 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.119059086 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.239367008 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.239609957 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.360677958 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.360910892 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.480654955 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.480717897 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.600878000 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.600953102 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.720743895 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.720911026 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.840665102 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.840833902 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:31.960586071 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:31.960675955 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.080485106 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.080591917 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.200423956 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.200520992 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.320336103 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.320467949 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.440346956 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.440417051 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.560163021 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.560300112 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.680063009 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.680150032 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.792615891 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:32.792728901 CET4998722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:32.911145926 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.031132936 CET2276449987167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.091027975 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.210819960 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.211225033 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.213342905 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.333050966 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.333118916 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.453197956 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.453358889 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.573075056 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.573229074 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.694122076 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.694250107 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.814348936 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.814503908 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:33.934282064 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:33.934597969 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.054377079 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.054481983 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.174799919 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.174952030 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.294696093 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.294856071 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.414746046 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.415205002 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.534977913 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.535341024 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.655206919 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.655344963 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.775432110 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.775609016 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:34.895436049 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:34.895617962 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.015921116 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.016067028 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.136230946 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.136310101 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.256496906 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.257162094 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.377013922 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.377334118 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.403795958 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.404004097 CET4999322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.497072935 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.523891926 CET2276449993167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.688698053 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.809331894 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.809485912 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.812591076 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:35.932250023 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:35.932476044 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.052165985 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.052462101 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.172223091 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.172358036 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.292218924 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.292423010 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.412436962 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.412532091 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.532351971 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.532450914 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.652245998 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.652407885 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.772278070 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.772413015 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:36.892245054 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:36.892398119 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.012094021 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.012183905 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.131922007 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.132019997 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.251831055 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.251990080 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.371651888 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.371839046 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.491691113 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.491832972 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.611633062 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.611826897 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.731828928 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.732022047 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.852092028 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.852416039 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.972166061 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.972349882 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:37.982224941 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:37.982492924 CET4999922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.092475891 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.102196932 CET2276449999167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.246309042 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.366744995 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.366822004 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.369163036 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.488899946 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.488965034 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.609735012 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.609795094 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.729685068 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.730088949 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.849977016 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.850114107 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:38.969927073 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:38.970031023 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.089816093 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.089886904 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.209722042 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.211283922 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.331103086 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.331960917 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.452174902 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.452487946 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.573519945 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.576520920 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.696369886 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.696439981 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.816111088 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.816260099 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:39.936001062 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:39.936501980 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.056200981 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.060559034 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.180524111 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.180581093 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.300297022 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.300352097 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.420145988 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.420262098 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.526890993 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.526994944 CET5000522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.539961100 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.646708012 CET2276450005167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.777549028 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.897497892 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:40.897614002 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:40.900470972 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.020298004 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.020426989 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.140173912 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.140244961 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.259953022 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.260020971 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.379962921 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.380106926 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.501075029 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.501163960 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.622023106 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.622083902 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.742275000 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.742428064 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.862142086 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.862277985 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:41.982093096 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:41.982182026 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.102443933 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.102524996 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.223221064 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.223334074 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.343261003 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.343384981 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.463232040 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.463370085 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.583292961 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.583426952 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.703346968 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.703476906 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.823236942 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.823309898 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:42.943907022 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:42.943994999 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.059849977 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.059917927 CET5001122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.063741922 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.180855989 CET2276450011167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.293364048 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.413326025 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.413408041 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.415718079 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.535532951 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.535648108 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.655572891 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.655667067 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.775500059 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.796704054 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:43.916557074 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:43.916820049 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:44.036992073 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:44.339718103 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:44.459490061 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:44.459559917 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:44.579864025 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:44.579996109 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:44.699820042 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:44.699968100 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:44.819854021 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:44.819907904 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:44.940102100 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:44.940176964 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.060048103 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.060168982 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.179910898 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.182523966 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.302320957 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.303050041 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.422888041 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.426521063 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.546314955 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.546895027 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.573926926 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.574757099 CET5001722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.666673899 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.694736958 CET2276450017167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.792813063 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.912678003 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:45.915131092 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:45.917650938 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.037961006 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.038948059 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.159755945 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.159827948 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.279925108 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.280039072 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.399934053 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.417678118 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.537427902 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.537524939 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.657269955 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.657354116 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:46.777446032 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:46.923578024 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.043490887 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.043608904 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.166057110 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.166127920 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.285892010 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.285959005 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.406449080 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.406573057 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.526242971 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.526308060 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.646035910 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.646162033 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.765981913 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.766057014 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:47.885797977 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:47.885911942 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.005630016 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.005759954 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.074171066 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.074290991 CET5001922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.125511885 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.194200993 CET2276450019167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.277539968 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.397383928 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.397538900 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.400289059 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.520155907 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.522644997 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.642498970 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.646553993 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.766680002 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.766829014 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:48.886703014 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:48.887813091 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.007680893 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.021965981 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.141763926 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.142283916 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.262073040 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.269681931 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.389496088 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.392580986 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.512433052 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.512517929 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.632355928 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.634558916 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.754316092 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.754549980 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.874310017 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.875802040 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:49.995568037 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:49.998696089 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.118498087 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.118921041 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.238815069 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.238955975 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.359002113 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.359091043 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.478993893 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.479098082 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.558482885 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.558650970 CET5002022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.598867893 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.678411007 CET2276450020167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.745944023 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.865854979 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.866100073 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.869178057 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:50.989047050 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:50.989217043 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.109244108 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.109361887 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.229274988 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.229381084 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.349221945 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.396806002 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.516612053 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.516937971 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.637023926 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.637200117 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.757039070 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.757214069 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.877032042 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.877192974 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:51.997028112 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:51.997148037 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.117079020 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.117139101 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.236917973 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.237051964 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.356827974 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.368226051 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.488147974 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.488279104 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.608254910 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.608407021 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.728138924 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.729628086 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.849559069 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.849872112 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:52.969696045 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:52.969867945 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.027978897 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.028043032 CET5002122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.089653015 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.147793055 CET2276450021167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.199307919 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.319220066 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.319343090 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.321873903 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.441596985 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.441701889 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.561510086 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.561676025 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.681674004 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.681979895 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.801939011 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.802057981 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:53.921957016 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:53.922039032 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.041845083 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.113619089 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.233614922 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.233774900 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.353689909 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.353943110 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.473799944 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.473948956 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.594006062 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.594118118 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.713958025 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.714399099 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.834255934 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.834513903 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:54.954294920 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:54.954401970 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.074184895 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.074280024 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.194117069 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.194211006 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.314057112 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.314407110 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.435229063 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.435328960 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.481215000 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.481374025 CET5002222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.555241108 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.601186037 CET2276450022167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.652707100 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.772497892 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.772669077 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.775080919 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:55.894828081 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:55.894890070 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.014657021 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.014780998 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.134951115 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.135229111 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.255004883 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.255170107 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.374913931 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.375003099 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.494759083 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.494893074 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.614650965 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.614789963 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.734606981 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.734733105 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.855407000 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.856148005 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:56.976226091 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:56.976386070 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.096575022 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.096662998 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.219391108 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.220376968 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.340271950 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.340379953 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.460906029 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.461222887 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.581773996 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.581990957 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.701822042 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.701914072 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.821830034 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.823333979 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.934201956 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:57.934336901 CET5002322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:57.943166971 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.054173946 CET2276450023167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.089876890 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.209747076 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.209911108 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.213223934 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.332988977 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.333146095 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.453883886 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.453960896 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.573731899 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.573875904 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.693599939 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.693681955 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.813541889 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.813740015 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:58.933465958 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:58.933545113 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.053431034 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.053517103 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.173445940 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.173595905 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.293505907 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.293726921 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.414448977 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.414599895 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.534382105 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.534488916 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.654419899 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.654483080 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.774275064 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.774338007 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:23:59.894752979 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:23:59.894819975 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.014583111 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.014678001 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.135107994 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.135227919 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.255085945 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.255160093 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.505064011 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.505135059 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.505209923 CET5002422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.629772902 CET2276450024167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.653310061 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.773133039 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.773231983 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.786253929 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:00.906336069 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:00.906423092 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.026201963 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.026273966 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.146073103 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.146186113 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.265944004 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.266083956 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.385806084 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.385924101 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.505626917 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.505753994 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.625478029 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.625545025 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.745227098 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.745357990 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.865042925 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.865108967 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:01.984802961 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:01.984862089 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.104968071 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.105061054 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.224809885 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.224948883 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.344768047 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.344876051 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.464643955 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.464768887 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.584594011 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.584656954 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.706990004 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.707096100 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.826946020 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.827014923 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.946760893 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.946904898 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:02.950373888 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:02.950493097 CET5002522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.066580057 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:03.070204973 CET2276450025167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:03.089839935 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.209649086 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:03.209786892 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.212090015 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.331806898 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:03.331935883 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.452748060 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:03.452868938 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.572681904 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:03.572756052 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:03.692565918 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.046942949 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.166724920 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.166865110 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.286587954 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.286750078 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.406461000 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.411959887 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.531732082 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.531811953 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.651825905 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.651915073 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.771750927 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.772562981 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:04.892297029 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:04.894912004 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.014624119 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.019193888 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.138942003 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.140500069 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.260229111 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.260292053 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.373764992 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.373919010 CET5002622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.380038977 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.493693113 CET2276450026167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.496457100 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.616266012 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.616430044 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.618832111 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.738606930 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.738733053 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.858494997 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.858557940 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:05.978203058 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:05.978274107 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.097981930 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.098136902 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.217797995 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.217924118 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.337624073 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.337768078 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.457506895 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.457578897 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.577323914 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.577483892 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.697268009 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.697401047 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.817118883 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.817199945 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:06.936916113 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:06.936975002 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.056695938 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.056765079 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.176500082 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.176642895 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.296344042 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.296436071 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.416203022 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.416328907 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.535995960 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.536088943 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.656059027 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.656128883 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.775830984 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.775897026 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.778283119 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.778345108 CET5002722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:07.896676064 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.898799896 CET2276450027167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:07.910840988 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:08.030623913 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:08.030774117 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:08.033364058 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:08.153166056 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:08.153296947 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:08.273143053 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:08.698240042 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:08.818217039 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:08.818276882 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:08.938266993 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:08.938352108 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:09.058115005 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:09.058245897 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:09.463769913 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:09.625585079 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:09.625679970 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:09.625756979 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:09.745592117 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:09.745747089 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:09.865598917 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:09.865690947 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:09.985373974 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:09.985537052 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.105515003 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.105598927 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.225459099 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.226129055 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.231580019 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.232275963 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.339340925 CET5002822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.340076923 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.345782995 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.352129936 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.459078074 CET2276450028167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.459777117 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.459871054 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.462388039 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.582072020 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.582743883 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.702538967 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.703989029 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.823993921 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:10.824434042 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:10.944159031 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:11.386055946 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:11.505930901 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:11.506072044 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:11.625864983 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:11.625926971 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:11.745800972 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:11.745929956 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:11.865737915 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:11.865818977 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:11.985666990 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:11.985753059 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.105973959 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.106132030 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.226205111 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.228511095 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.348347902 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.352495909 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.472583055 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.476497889 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.596494913 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.597018957 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.624383926 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.624490976 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.718044043 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.729475021 CET5002922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.730400085 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.744348049 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.849298954 CET2276450029167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.850301027 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.850385904 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.852775097 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:12.972661018 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:12.976481915 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:13.096417904 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:13.100493908 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:13.220416069 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:13.220535994 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:13.340289116 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:13.340378046 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:13.460383892 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:13.460480928 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:13.580363035 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:13.580439091 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:13.921917915 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:13.922029018 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.042231083 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.042371988 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.162147999 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.162300110 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.282433033 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.282593012 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.402461052 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.402607918 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.522368908 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.522430897 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.642270088 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.642345905 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.763602972 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.763727903 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:14.883549929 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:14.883690119 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.003499031 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.003618956 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.014694929 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.014832020 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.120310068 CET5003022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.121001005 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.123420000 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.134556055 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.240144014 CET2276450030167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.240751028 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.240828991 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.248399973 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.368091106 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.368165016 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.487912893 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.487967014 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.608979940 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.609131098 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.728955030 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.729108095 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.848953009 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.849015951 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:15.968802929 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:15.968916893 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.088877916 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.088999987 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.208904982 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.209070921 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.328860998 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.328938007 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.448836088 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.448901892 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.568597078 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.568759918 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.688657999 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.688813925 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.808659077 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.808779955 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:16.928615093 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:16.928744078 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.048515081 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.048595905 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.168381929 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.168462992 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.288527966 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.288594007 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.405714035 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.405862093 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.408364058 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.495814085 CET5003122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.499452114 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.525644064 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.616152048 CET2276450031167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.619235039 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.619337082 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.622154951 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.742036104 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:17.742137909 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:17.862054110 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.271743059 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:18.391529083 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.391590118 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:18.511442900 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.511559963 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:18.631341934 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.631474018 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:18.751225948 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.751355886 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:18.872070074 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.872236013 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:18.992347956 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:18.992454052 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.112593889 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.112699032 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.232701063 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.236468077 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.356503963 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.360486031 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.480278969 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.480451107 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.600307941 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.600471973 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.720230103 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.720328093 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.795978069 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.796075106 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.840049028 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:19.886394978 CET5003222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.887319088 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:19.915802956 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.006167889 CET2276450032167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.007010937 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.007113934 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:20.010520935 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:20.130285978 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.131345034 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:20.251162052 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.251246929 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:20.371040106 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.443270922 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:20.563033104 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:20.563186884 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:20.683036089 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.132991076 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.252732992 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.252784014 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.372399092 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.372461081 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.492110014 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.492271900 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.612047911 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.612153053 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.731884956 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.731960058 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.851735115 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.851912975 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:21.971708059 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:21.971862078 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.091655970 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.091742992 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.171325922 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.171458960 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.211448908 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.246267080 CET5003322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.248514891 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.291304111 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.366060019 CET2276450033167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.368300915 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.368407965 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.370923996 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.490758896 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.490899086 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.610766888 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.610918045 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.730783939 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.730921984 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.850666046 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.850737095 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:22.970536947 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:22.970675945 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.090415955 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.090476990 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.210808039 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.210992098 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.331548929 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.331626892 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.451391935 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.451450109 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.571111917 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.571257114 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.691001892 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.691148996 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.810833931 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.810990095 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:23.930927992 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:23.931067944 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.134037018 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.134092093 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.375540972 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.375719070 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.495542049 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.495626926 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.546574116 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.546694040 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.615577936 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.620989084 CET5003422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.621733904 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.666465044 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.740719080 CET2276450034167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.741692066 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.741785049 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.756922960 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.876739979 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.876800060 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:24.996593952 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:24.996670008 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:25.116411924 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:25.116533041 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:25.236277103 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:25.236411095 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:25.356252909 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:25.447710991 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:25.567709923 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:25.732901096 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:25.852669001 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:25.852730036 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:25.972512960 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:25.972693920 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.092447042 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.092514038 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.213215113 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.213284016 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.332990885 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.333045959 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.452719927 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.452887058 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.572571039 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.572647095 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.692321062 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.692452908 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.812347889 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.812463045 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.903516054 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.903664112 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.932365894 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:26.979799032 CET5003522764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:26.980573893 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.023678064 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.100575924 CET2276450035167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.100744963 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.100914955 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.103442907 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.223175049 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.223258972 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.343066931 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.365678072 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.486135006 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.486238003 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.606203079 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.606328011 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.726114988 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.726246119 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.846066952 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.846184969 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:27.965970039 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:27.993642092 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:28.113357067 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:28.323712111 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:28.443613052 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:28.460596085 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:28.580454111 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:28.580511093 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:28.706072092 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:28.706204891 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:28.825973034 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:28.826039076 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:28.946005106 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:28.946072102 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.065772057 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.065887928 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.185559988 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.185673952 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.263175964 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.264573097 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.305538893 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.338941097 CET5003622764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.339657068 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.384449959 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.458740950 CET2276450036167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.459419012 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.459595919 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.462208033 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.581948042 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.583753109 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.703542948 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.704463959 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.824213028 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.824459076 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:29.944274902 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:29.944468021 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.064214945 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:30.064462900 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.184292078 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:30.184393883 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.304143906 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:30.304214954 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.424132109 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:30.424304962 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.544121027 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:30.544749975 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.664572954 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:30.664721966 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:30.784710884 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.092143059 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.211838007 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.211904049 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.331582069 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.331664085 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.451472998 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.451652050 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.571609020 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.571695089 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.624022961 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.624087095 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.682934999 CET5003722764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.683805943 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.691612005 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.743882895 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.802591085 CET2276450037167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.803472042 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.803558111 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.806118011 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:31.926152945 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:31.926280022 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.046046972 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.046113014 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.166220903 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.166356087 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.286274910 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.286426067 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.406269073 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.406344891 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.526158094 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.526304007 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.646089077 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.646230936 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.766005039 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.766177893 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:32.885894060 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:32.886055946 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.005705118 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.005776882 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.125543118 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.125682116 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.245625019 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.275585890 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.395324945 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.395489931 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.515165091 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.818169117 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.938077927 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.938358068 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:33.966588974 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:33.966795921 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.026350975 CET5003822764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.027050018 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.058176994 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.086709976 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.146105051 CET2276450038167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.146863937 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.146943092 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.153669119 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.273367882 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.273427963 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.393346071 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.393400908 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.513189077 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.513267040 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.632997990 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.633122921 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.753376007 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.753462076 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.873202085 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.873289108 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:34.993041039 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:34.993192911 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.112988949 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.113106966 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.232919931 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.233063936 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.352932930 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.353059053 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.472971916 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.473037958 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.592902899 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.592968941 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.712755919 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.712847948 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.832720995 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.835019112 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:35.954807997 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:35.956468105 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.076323986 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.079433918 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.199276924 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.202524900 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.312463999 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.312551975 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.322244883 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.370193005 CET5003922764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.370955944 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.432404995 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.490248919 CET2276450039167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.490737915 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.490835905 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.495757103 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.615899086 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.616044998 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.735774994 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.735857964 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.855659008 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.855741024 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:36.975550890 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:36.975678921 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.095520020 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.095639944 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.215447903 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.215573072 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.335484028 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.335634947 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.456932068 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.457000971 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.576898098 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.577060938 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.696856022 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.696983099 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.816762924 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.816903114 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:37.936705112 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:37.936855078 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.056668997 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.056741953 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.176497936 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.176614046 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.296350956 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.296520948 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.416213989 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.416412115 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.536258936 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.536432028 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.655267954 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.655348063 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.656171083 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.713947058 CET5004022764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.714826107 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.775018930 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.833712101 CET2276450040167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.834486961 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.834636927 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.837052107 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:38.956794977 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:38.956984043 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.076850891 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.076978922 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.196722031 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.196770906 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.316576004 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.316683054 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.436525106 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.436731100 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.556499004 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.557121992 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.676914930 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.677054882 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.796905041 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.797044992 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:39.916913986 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:39.916996002 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.036776066 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.106739998 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.226706028 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.226913929 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.346688032 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.559535027 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.679274082 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.679336071 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.799544096 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.799936056 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.919651985 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.919812918 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:40.997545004 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:40.997917891 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.039485931 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.042359114 CET5004122764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.043186903 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.117768049 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.162175894 CET2276450041167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.162815094 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.162911892 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.165205956 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.285069942 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.286767960 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.406490088 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.408452034 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.528228998 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.528431892 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.648163080 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.648448944 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.768188953 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.768263102 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:41.888030052 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:41.888411045 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:42.008141041 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:42.008423090 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:42.128113031 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:42.128448009 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:42.248131037 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:42.248214960 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:42.367896080 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:43.327702045 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:43.327802896 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:43.520811081 CET5004222764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:43.521848917 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:43.640593052 CET2276450042167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:43.641546011 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:43.641632080 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:43.645052910 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:43.764859915 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:43.765057087 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:43.884907007 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.207339048 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:44.327124119 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.327249050 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:44.447076082 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.447305918 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:44.567128897 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.567344904 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:44.687144995 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.687300920 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:44.807014942 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.807085991 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:44.926924944 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:44.927336931 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.047065020 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.047272921 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.166965961 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.167274952 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.287000895 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.287156105 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.407085896 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.407257080 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.528177023 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.528250933 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.647986889 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.648319006 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.768203974 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.768321991 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.812653065 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.812963009 CET5004322764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:45.887955904 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:45.932646990 CET2276450043167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:48.715164900 CET5004422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:48.834881067 CET2276450044167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:48.835125923 CET5004422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:48.836841106 CET5004422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:48.956732988 CET2276450044167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:48.956800938 CET5004422764192.168.2.10167.71.56.116
                                    Dec 16, 2024 07:24:49.076550007 CET2276450044167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:50.999625921 CET2276450044167.71.56.116192.168.2.10
                                    Dec 16, 2024 07:24:50.999738932 CET5004422764192.168.2.10167.71.56.116

                                    Click to jump to process

                                    Click to jump to process

                                    Click to dive into process behavior distribution

                                    Click to jump to process

                                    Target ID:0
                                    Start time:01:20:38
                                    Start date:16/12/2024
                                    Path:C:\Users\user\Desktop\njrat.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\njrat.exe"
                                    Imagebase:0x680000
                                    File size:37'888 bytes
                                    MD5 hash:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                    • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1562511686.0000000000682000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
                                    Reputation:low
                                    Has exited:true

                                    Target ID:2
                                    Start time:01:20:44
                                    Start date:16/12/2024
                                    Path:C:\Windows\rundll32.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\rundll32.exe"
                                    Imagebase:0xab0000
                                    File size:37'888 bytes
                                    MD5 hash:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Yara matches:
                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Windows\rundll32.exe, Author: Joe Security
                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Windows\rundll32.exe, Author: unknown
                                    • Rule: njrat1, Description: Identify njRat, Source: C:\Windows\rundll32.exe, Author: Brian Wallace @botnet_hunter
                                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Windows\rundll32.exe, Author: ditekSHen
                                    Antivirus matches:
                                    • Detection: 100%, Avira
                                    • Detection: 100%, Joe Sandbox ML
                                    • Detection: 95%, ReversingLabs
                                    Reputation:low
                                    Has exited:false

                                    Target ID:4
                                    Start time:01:20:50
                                    Start date:16/12/2024
                                    Path:C:\Windows\SysWOW64\netsh.exe
                                    Wow64 process (32bit):true
                                    Commandline:netsh firewall add allowedprogram "C:\Windows\rundll32.exe" "rundll32.exe" ENABLE
                                    Imagebase:0x1160000
                                    File size:82'432 bytes
                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Target ID:5
                                    Start time:01:20:51
                                    Start date:16/12/2024
                                    Path:C:\Windows\System32\conhost.exe
                                    Wow64 process (32bit):false
                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                    Imagebase:0x7ff620390000
                                    File size:862'208 bytes
                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:high
                                    Has exited:true

                                    Target ID:6
                                    Start time:01:20:59
                                    Start date:16/12/2024
                                    Path:C:\Windows\rundll32.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\rundll32.exe" ..
                                    Imagebase:0x9e0000
                                    File size:37'888 bytes
                                    MD5 hash:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    Target ID:7
                                    Start time:01:21:07
                                    Start date:16/12/2024
                                    Path:C:\Windows\rundll32.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\rundll32.exe" ..
                                    Imagebase:0x3d0000
                                    File size:37'888 bytes
                                    MD5 hash:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    Target ID:10
                                    Start time:01:21:16
                                    Start date:16/12/2024
                                    Path:C:\Windows\rundll32.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Windows\rundll32.exe" ..
                                    Imagebase:0x220000
                                    File size:37'888 bytes
                                    MD5 hash:4699BEC8CD50AA7F2CECF0DF8F0C26A0
                                    Has elevated privileges:false
                                    Has administrator privileges:false
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:8.7%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:37
                                      Total number of Limit Nodes:1
                                      execution_graph 1739 f6a2d2 1740 f6a2d6 SetErrorMode 1739->1740 1742 f6a33f 1740->1742 1751 f6a612 1754 f6a646 CreateMutexW 1751->1754 1753 f6a6c1 1754->1753 1707 f6a2fe 1708 f6a353 1707->1708 1709 f6a32a SetErrorMode 1707->1709 1708->1709 1710 f6a33f 1709->1710 1711 f6aa3e 1713 f6aa67 CopyFileW 1711->1713 1714 f6aa8e 1713->1714 1715 f6a646 1718 f6a67e CreateMutexW 1715->1718 1717 f6a6c1 1718->1717 1719 f6a8c6 1720 f6a8ef SetFileAttributesW 1719->1720 1722 f6a90b 1720->1722 1723 f6ac46 1724 f6ac6c ShellExecuteExW 1723->1724 1726 f6ac88 1724->1726 1755 f6aa07 1756 f6aa3e CopyFileW 1755->1756 1758 f6aa8e 1756->1758 1743 f6a8a4 1745 f6a8c6 SetFileAttributesW 1743->1745 1746 f6a90b 1745->1746 1747 f6ac24 1749 f6ac46 ShellExecuteExW 1747->1749 1750 f6ac88 1749->1750 1731 f6a462 1732 f6a486 RegSetValueExW 1731->1732 1734 f6a507 1732->1734 1735 f6a361 1737 f6a392 RegQueryValueExW 1735->1737 1738 f6a41b 1737->1738

                                      Callgraph

                                      • Executed
                                      • Not Executed
                                      • Opacity -> Relevance
                                      • Disassembly available
                                      callgraph 0 Function_00FF067F 1 Function_00F623F4 2 Function_00F6A1F4 3 Function_00F6AB74 4 Function_00F62675 5 Function_00F6A172 6 Function_00F621F0 7 Function_00F6A2FE 8 Function_00F6A97E 9 Function_00FF0074 10 Function_00F6ACFA 11 Function_00F6A078 12 Function_04E20773 13 Function_00F62264 14 Function_00F62364 15 Function_00F6A462 16 Function_00FF066A 17 Function_00F6A361 18 Function_00F6AAE1 19 Function_00F6A56E 20 Function_00FF0FE0 21 Function_00FF05DF 22 Function_04E20D40 23 Function_00F6A2D2 24 Function_00F6A952 25 Function_00F620D0 26 Function_04E205C5 27 Function_00F62651 28 Function_00F6A25E 29 Function_00F6A45C 30 Function_00FF05D5 31 Function_00F62458 32 Function_00F6A646 33 Function_00F6A8C6 34 Function_00F6AC46 35 Function_00F6A7C7 36 Function_00F6ACC7 37 Function_00F62044 38 Function_04E20857 39 Function_00F6A540 40 Function_04E20E55 41 Function_00FF0648 41->16 42 Function_00F6A74E 43 Function_00F6AACF 44 Function_04E20F58 45 Function_00FF0040 46 Function_00FF0740 47 Function_04E20C22 48 Function_00F622B4 49 Function_00FF05BD 50 Function_00F62430 51 Function_00F6AA3E 52 Function_04E20BA8 53 Function_00F623BC 54 Function_00F6213C 55 Function_00F6A23C 56 Function_00F6A8A4 57 Function_00F6AC24 58 Function_04E20634 59 Function_00F6A120 60 Function_00F6A02E 61 Function_04E20938 61->21 87 Function_00FF0606 61->87 62 Function_04E203BD 62->21 62->61 62->87 63 Function_04E20B03 64 Function_04E20080 65 Function_00F62194 66 Function_04E20301 67 Function_00F6A392 68 Function_00F6A612 69 Function_04E20007 70 Function_00F62310 71 Function_00F6A710 72 Function_04E20F05 73 Function_00F6AC11 74 Function_00F6AB9E 75 Function_00F6A81E 76 Function_04E20889 76->21 76->87 77 Function_00F6A09A 78 Function_00F62098 79 Function_04E20C8D 80 Function_00FF0710 81 Function_00F6A486 82 Function_00F6AB06 83 Function_00F6AA07 84 Function_04E20310 84->21 84->61 84->87 85 Function_00F62005 86 Function_00F6A005 88 Function_04E20D98 89 Function_00FF0000

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 4e20310-4e20334 2 4e20336-4e20338 0->2 3 4e2033e-4e20346 0->3 2->3 4 4e20348-4e2034d 3->4 5 4e2034e-4e2035a 3->5 7 4e20360 5->7 8 4e2035c 5->8 9 4e20362 7->9 8->9 10 4e2035e 8->10 11 4e20364-4e20366 9->11 12 4e20368-4e20391 9->12 10->7 10->11 11->12 14 4e20393-4e203bb 12->14 15 4e203d8-4e20418 12->15 20 4e203ce 14->20 22 4e2041a 15->22 23 4e2041f 15->23 20->15 22->23 59 4e2041f call ff05df 23->59 60 4e2041f call ff0606 23->60 61 4e2041f call 4e20938 23->61 24 4e20425-4e20434 25 4e20436-4e20460 24->25 26 4e2046b-4e20523 24->26 25->26 45 4e20570-4e20587 26->45 46 4e20525-4e20569 26->46 47 4e20880 45->47 48 4e2058d-4e205bf 45->48 46->45 48->47 59->24 60->24 61->24
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1629046371.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4e20000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2dl$2dl$2dl
                                      • API String ID: 0-339448731
                                      • Opcode ID: b2b3735a3bb13d7f46d6f47c39a805e5c3aa9ff663eafed5067db4c8e615b38a
                                      • Instruction ID: 467268d010c7255e233a929082d2e089d254cf7e26a6db758b42eb75fc05c3f7
                                      • Opcode Fuzzy Hash: b2b3735a3bb13d7f46d6f47c39a805e5c3aa9ff663eafed5067db4c8e615b38a
                                      • Instruction Fuzzy Hash: 076134307002149BC708EB7998106BE77E6AFC5308B48807AE106DB7E6DF35DD46E7A6

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 62 4e203bd-4e20418 70 4e2041a 62->70 71 4e2041f 62->71 70->71 107 4e2041f call ff05df 71->107 108 4e2041f call ff0606 71->108 109 4e2041f call 4e20938 71->109 72 4e20425-4e20434 73 4e20436-4e20460 72->73 74 4e2046b-4e20523 72->74 73->74 93 4e20570-4e20587 74->93 94 4e20525-4e20569 74->94 95 4e20880 93->95 96 4e2058d-4e205bf 93->96 94->93 96->95 107->72 108->72 109->72
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1629046371.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4e20000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2dl$2dl$2dl
                                      • API String ID: 0-339448731
                                      • Opcode ID: ecef52dd106624cdd8adbc993c2ad287a9989141161378b36fca82ff6d0bd40e
                                      • Instruction ID: 3c7586422fc29baff7a138cf2e7045cbd006ccf76d49c60f9994dcd13901bac1
                                      • Opcode Fuzzy Hash: ecef52dd106624cdd8adbc993c2ad287a9989141161378b36fca82ff6d0bd40e
                                      • Instruction Fuzzy Hash: 8F41F8307005248BCB58BB799C102FD72D75FC5248B48802AE006DB7E6DF39CE0AA7A7

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 110 4e20938-4e20942 111 4e20944-4e20947 110->111 112 4e20948-4e20993 110->112 111->112 115 4e20999-4e20a22 112->115 116 4e20a2e-4e20a30 112->116 265 4e20a24 call ff05df 115->265 266 4e20a24 call ff0606 115->266 117 4e20a37-4e20a3c 116->117 118 4e20a42-4e20a7a 117->118 119 4e20b1e-4e20bc2 117->119 136 4e20aa1-4e20afc 118->136 137 4e20a7c-4e20a9a 118->137 157 4e20bc8-4e20c8b 119->157 158 4e20c9e-4e20ca7 119->158 175 4e20b01 136->175 137->136 156 4e20a2a-4e20a2c 156->116 159 4e20a32 156->159 157->158 161 4e20d51-4e20d5a 158->161 162 4e20cad-4e20d3e 158->162 159->117 163 4e20d7a-4e20d83 161->163 164 4e20d5c-4e20d73 161->164 162->161 166 4e20d85-4e20d96 163->166 167 4e20da9-4e20db2 163->167 164->163 166->167 170 4e20f33-4e20f3a 167->170 171 4e20db8-4e20e06 167->171 193 4e20f1c-4e20f2d 171->193 175->119 193->170 195 4e20e0b-4e20e14 193->195 196 4e20f40-4e20fd1 195->196 197 4e20e1a-4e20f1a 195->197 227 4e20fd7-4e20fe8 196->227 228 4e210ca 196->228 197->193 247 4e20f3b 197->247 234 4e20fea-4e2100b 227->234 230 4e210cc-4e210d3 228->230 242 4e21012-4e21048 234->242 243 4e2100d 234->243 252 4e2104a 242->252 253 4e2104f-4e21077 242->253 243->242 247->196 252->253 257 4e21079-4e2107b 253->257 258 4e2107d-4e210a1 253->258 257->230 261 4e210a3-4e210a8 258->261 262 4e210aa-4e210b4 258->262 261->230 263 4e210b6-4e210b8 262->263 264 4e210ba-4e210c4 262->264 263->230 264->228 264->234 265->156 266->156
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1629046371.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4e20000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l$\Odl
                                      • API String ID: 0-1237378895
                                      • Opcode ID: 2538442ce7626065762154dcef35d538f510ac65e3f394e52a14bac970d52785
                                      • Instruction ID: 2ba6ffd191afde0e2f00811c0306a0a12c0dd524186d9d1e2e780fe6b54de85a
                                      • Opcode Fuzzy Hash: 2538442ce7626065762154dcef35d538f510ac65e3f394e52a14bac970d52785
                                      • Instruction Fuzzy Hash: 81029B30700220CFDB19EB78D854BAE77E2AF89308B144479D40ADB7A9EF35AD46DB51

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 267 f6a612-f6a695 271 f6a697 267->271 272 f6a69a-f6a6a3 267->272 271->272 273 f6a6a5 272->273 274 f6a6a8-f6a6b1 272->274 273->274 275 f6a702-f6a707 274->275 276 f6a6b3-f6a6d7 CreateMutexW 274->276 275->276 279 f6a709-f6a70e 276->279 280 f6a6d9-f6a6ff 276->280 279->280
                                      APIs
                                      • CreateMutexW.KERNELBASE(?,?), ref: 00F6A6B9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: 5dcfc11a2fe29d47bed952002b5ccf50ad693c4609e5d47daab04a0cfc0b2439
                                      • Instruction ID: 35e47b40385d11a3f82142dc8a05b5a4c3e37f6855b3e99419afe23157228a3a
                                      • Opcode Fuzzy Hash: 5dcfc11a2fe29d47bed952002b5ccf50ad693c4609e5d47daab04a0cfc0b2439
                                      • Instruction Fuzzy Hash: F43181B5509380AFE712CB25DC45B96BFF8EF06314F08849AE944CB292D375E909CB72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 283 f6a361-f6a3cf 286 f6a3d4-f6a3dd 283->286 287 f6a3d1 283->287 288 f6a3e2-f6a3e8 286->288 289 f6a3df 286->289 287->286 290 f6a3ed-f6a404 288->290 291 f6a3ea 288->291 289->288 293 f6a406-f6a419 RegQueryValueExW 290->293 294 f6a43b-f6a440 290->294 291->290 295 f6a442-f6a447 293->295 296 f6a41b-f6a438 293->296 294->293 295->296
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,81CA0975,00000000,00000000,00000000,00000000), ref: 00F6A40C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: dbfc8b4c896c67fbf528e43dc5b60344dc3b21c810e4fb8cd8dd12fde95d0f14
                                      • Instruction ID: fb0b770c92c184a2de58a1502da83f0a241fef9b0526347a5775e25e1ffdda93
                                      • Opcode Fuzzy Hash: dbfc8b4c896c67fbf528e43dc5b60344dc3b21c810e4fb8cd8dd12fde95d0f14
                                      • Instruction Fuzzy Hash: 15319375504780AFE722CF11CC85F92BBF8EF06320F08849AE945DB292D364E909CB72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 300 f6a462-f6a4c3 303 f6a4c5 300->303 304 f6a4c8-f6a4d4 300->304 303->304 305 f6a4d6 304->305 306 f6a4d9-f6a4f0 304->306 305->306 308 f6a527-f6a52c 306->308 309 f6a4f2-f6a505 RegSetValueExW 306->309 308->309 310 f6a507-f6a524 309->310 311 f6a52e-f6a533 309->311 311->310
                                      APIs
                                      • RegSetValueExW.KERNELBASE(?,00000E24,81CA0975,00000000,00000000,00000000,00000000), ref: 00F6A4F8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: a51f5625ceefd97ab83850d9657bdf1f7c718d66e0db0073c293ca30060b350d
                                      • Instruction ID: 12b0603aca3a690516555e5751cf7cc8ca85dee905c1a7bc4122048d16602906
                                      • Opcode Fuzzy Hash: a51f5625ceefd97ab83850d9657bdf1f7c718d66e0db0073c293ca30060b350d
                                      • Instruction Fuzzy Hash: 2B2192B6504380AFDB22CF11DC44F67BFB8DF46324F08849AE945DB652D264E808CB72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 315 f6a646-f6a695 318 f6a697 315->318 319 f6a69a-f6a6a3 315->319 318->319 320 f6a6a5 319->320 321 f6a6a8-f6a6b1 319->321 320->321 322 f6a702-f6a707 321->322 323 f6a6b3-f6a6bb CreateMutexW 321->323 322->323 324 f6a6c1-f6a6d7 323->324 326 f6a709-f6a70e 324->326 327 f6a6d9-f6a6ff 324->327 326->327
                                      APIs
                                      • CreateMutexW.KERNELBASE(?,?), ref: 00F6A6B9
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: e6ef98df45697155fe8e9fa82b8cebf126db1f3106f49aae965997fa8921c551
                                      • Instruction ID: 0976e983068efe52678474499e79b635793253c2f287db6feba2fa2647b6ecb0
                                      • Opcode Fuzzy Hash: e6ef98df45697155fe8e9fa82b8cebf126db1f3106f49aae965997fa8921c551
                                      • Instruction Fuzzy Hash: 0F2180B5500240AFEB20DF25DD45BA6FBE8EF04324F08886AE9489B741D775E809DE72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 330 f6aa07-f6aa65 332 f6aa67 330->332 333 f6aa6a-f6aa70 330->333 332->333 334 f6aa75-f6aa7e 333->334 335 f6aa72 333->335 336 f6aa80-f6aaa0 CopyFileW 334->336 337 f6aac1-f6aac6 334->337 335->334 340 f6aaa2-f6aabe 336->340 341 f6aac8-f6aacd 336->341 337->336 341->340
                                      APIs
                                      • CopyFileW.KERNELBASE(?,?,?), ref: 00F6AA86
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: b28ff124fb44616d65c622196e588f118b6b9c238c236428ae2092fd96100b0f
                                      • Instruction ID: b1d877a152f2b9b92e83b15c683486462ddf9b9f3d056a89dd9c41bbcd308c1c
                                      • Opcode Fuzzy Hash: b28ff124fb44616d65c622196e588f118b6b9c238c236428ae2092fd96100b0f
                                      • Instruction Fuzzy Hash: A92190B69043809FEB11CB65DD44B52BFF8EF06310F09849AE845DB262D224D908DB61

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 343 f6a392-f6a3cf 345 f6a3d4-f6a3dd 343->345 346 f6a3d1 343->346 347 f6a3e2-f6a3e8 345->347 348 f6a3df 345->348 346->345 349 f6a3ed-f6a404 347->349 350 f6a3ea 347->350 348->347 352 f6a406-f6a419 RegQueryValueExW 349->352 353 f6a43b-f6a440 349->353 350->349 354 f6a442-f6a447 352->354 355 f6a41b-f6a438 352->355 353->352 354->355
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E24,81CA0975,00000000,00000000,00000000,00000000), ref: 00F6A40C
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 05848e9f70363aa39257e19612fff51254a15d3a99a968e3732a14c0e4fd08a9
                                      • Instruction ID: 5d315284f990df2614dac600deb5fca3bda929456e18255bea7acb24543832ba
                                      • Opcode Fuzzy Hash: 05848e9f70363aa39257e19612fff51254a15d3a99a968e3732a14c0e4fd08a9
                                      • Instruction Fuzzy Hash: BF219076500604AFEB21CF15DC85FA6F7ECEF04724F04845AE945DB751D760E809DA72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 359 f6a486-f6a4c3 361 f6a4c5 359->361 362 f6a4c8-f6a4d4 359->362 361->362 363 f6a4d6 362->363 364 f6a4d9-f6a4f0 362->364 363->364 366 f6a527-f6a52c 364->366 367 f6a4f2-f6a505 RegSetValueExW 364->367 366->367 368 f6a507-f6a524 367->368 369 f6a52e-f6a533 367->369 369->368
                                      APIs
                                      • RegSetValueExW.KERNELBASE(?,00000E24,81CA0975,00000000,00000000,00000000,00000000), ref: 00F6A4F8
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 253b8856d7811db0aa9290f1777050b4e290d5df3c61bf42d0facecdacd2142c
                                      • Instruction ID: 170e5d4fa6fffe0b71e451a53cec692a4afb75e7dd69345c6029400e172dc8c3
                                      • Opcode Fuzzy Hash: 253b8856d7811db0aa9290f1777050b4e290d5df3c61bf42d0facecdacd2142c
                                      • Instruction Fuzzy Hash: 291181B6500600AFEB21CF11DD45FA6BBECEF04724F08855AED469A751D770E808DA72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 373 f6a2d2-f6a2d4 374 f6a2d6-f6a2dd 373->374 375 f6a2de-f6a328 373->375 374->375 377 f6a353-f6a358 375->377 378 f6a32a-f6a33d SetErrorMode 375->378 377->378 379 f6a33f-f6a352 378->379 380 f6a35a-f6a35f 378->380 380->379
                                      APIs
                                      • SetErrorMode.KERNELBASE(?), ref: 00F6A330
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: 66c9ad97db1f67809bff930d658acddd63f66ba32f4c81566e94684a82fd34e9
                                      • Instruction ID: 878540d8b41fa4799af40e685413462be86f447b37918fb8cafb792467d32017
                                      • Opcode Fuzzy Hash: 66c9ad97db1f67809bff930d658acddd63f66ba32f4c81566e94684a82fd34e9
                                      • Instruction Fuzzy Hash: 82212C7540D3C0AFDB138B259C55A52BFB49F07220F0980DBDD848F2A3D2656808DB72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 383 f6ac24-f6ac6a 385 f6ac6f-f6ac78 383->385 386 f6ac6c 383->386 387 f6ac7a-f6ac9a ShellExecuteExW 385->387 388 f6acb9-f6acbe 385->388 386->385 391 f6acc0-f6acc5 387->391 392 f6ac9c-f6acb8 387->392 388->387 391->392
                                      APIs
                                      • ShellExecuteExW.SHELL32(?), ref: 00F6AC80
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: ExecuteShell
                                      • String ID:
                                      • API String ID: 587946157-0
                                      • Opcode ID: 09790aece6e0fb243d3ac1aa8ade4c9e8a3d3f45ce1853fb928e6942dc490f5a
                                      • Instruction ID: 89d6535037a9309bca371d1808a0a5791831af8b3cca6bbc8a38f4b2f588a291
                                      • Opcode Fuzzy Hash: 09790aece6e0fb243d3ac1aa8ade4c9e8a3d3f45ce1853fb928e6942dc490f5a
                                      • Instruction Fuzzy Hash: 7C1160759093809FDB12CF25DC94B56BFB8DF46220F0884EBED45CB252D275E808DB62

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 394 f6a8a4-f6a8ed 396 f6a8f2-f6a8fb 394->396 397 f6a8ef 394->397 398 f6a93c-f6a941 396->398 399 f6a8fd-f6a91d SetFileAttributesW 396->399 397->396 398->399 402 f6a943-f6a948 399->402 403 f6a91f-f6a93b 399->403 402->403
                                      APIs
                                      • SetFileAttributesW.KERNELBASE(?,?), ref: 00F6A903
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: bba9bd9f7ae4ace835a2ca096fc244b4eb4f9ab5e7e572fa2e3fdc2b5c40961c
                                      • Instruction ID: 425bcadf2da0ccbf40fbf74f567b6e8211bd05e20584372ba0ff007449c5ec93
                                      • Opcode Fuzzy Hash: bba9bd9f7ae4ace835a2ca096fc244b4eb4f9ab5e7e572fa2e3fdc2b5c40961c
                                      • Instruction Fuzzy Hash: E71190759043809FDB11CF25DC84B56BFE8EF06320F0984AAEC45CB252D275E848DB62

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 405 f6aa3e-f6aa65 406 f6aa67 405->406 407 f6aa6a-f6aa70 405->407 406->407 408 f6aa75-f6aa7e 407->408 409 f6aa72 407->409 410 f6aa80-f6aa88 CopyFileW 408->410 411 f6aac1-f6aac6 408->411 409->408 413 f6aa8e-f6aaa0 410->413 411->410 414 f6aaa2-f6aabe 413->414 415 f6aac8-f6aacd 413->415 415->414
                                      APIs
                                      • CopyFileW.KERNELBASE(?,?,?), ref: 00F6AA86
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: 005fe5195b35b8c63cea2e858cd8a1257846eba20c8303a40aaf91b2288b01c3
                                      • Instruction ID: a2630a9bc915f9f234f638f4fd5f1036c944af536621b97f64dc58d7b8d41d7d
                                      • Opcode Fuzzy Hash: 005fe5195b35b8c63cea2e858cd8a1257846eba20c8303a40aaf91b2288b01c3
                                      • Instruction Fuzzy Hash: B2117076A00240DFEB20CF66D944B56BBE8EB04320F0884AADD09DB741E274D818DE72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 417 f6a8c6-f6a8ed 418 f6a8f2-f6a8fb 417->418 419 f6a8ef 417->419 420 f6a93c-f6a941 418->420 421 f6a8fd-f6a905 SetFileAttributesW 418->421 419->418 420->421 423 f6a90b-f6a91d 421->423 424 f6a943-f6a948 423->424 425 f6a91f-f6a93b 423->425 424->425
                                      APIs
                                      • SetFileAttributesW.KERNELBASE(?,?), ref: 00F6A903
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: b96d6fd2c09fa7a81067207c2513ece2c95fb9cba7813b2c98ee728b5ece76e7
                                      • Instruction ID: 98964ca683e5e45fb3cdf43400bf730e2aeb462daa64db3482b4a0fc5c6c20df
                                      • Opcode Fuzzy Hash: b96d6fd2c09fa7a81067207c2513ece2c95fb9cba7813b2c98ee728b5ece76e7
                                      • Instruction Fuzzy Hash: 9D0180769002409FEB20CF25D884766FBE4EF04320F18C4AADD49DB741E275E848DE62
                                      APIs
                                      • ShellExecuteExW.SHELL32(?), ref: 00F6AC80
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: ExecuteShell
                                      • String ID:
                                      • API String ID: 587946157-0
                                      • Opcode ID: 4afb89b68add41d7e42e3dada181e8eb73da86df4b742f5c75a4a13672145a31
                                      • Instruction ID: 3ff72b38c2f467dc232cfa5d8f24ea6507802046a5c88db3d6380d65e874a33d
                                      • Opcode Fuzzy Hash: 4afb89b68add41d7e42e3dada181e8eb73da86df4b742f5c75a4a13672145a31
                                      • Instruction Fuzzy Hash: 220180759042408FEB10CF26D884B56BBE4DF04320F08C4AADD49CB752D375E808DEA2
                                      APIs
                                      • SetErrorMode.KERNELBASE(?), ref: 00F6A330
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628213163.0000000000F6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F6A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f6a000_njrat.jbxd
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: b1c30792ca4182c5a5b502441fff9081ee7473d033f250940badaaf3582ec9cc
                                      • Instruction ID: 5dd2ad7803e88ce5542d5e7960dbd9f8c3376ad28ab34b911cbd73e2da78a4a4
                                      • Opcode Fuzzy Hash: b1c30792ca4182c5a5b502441fff9081ee7473d033f250940badaaf3582ec9cc
                                      • Instruction Fuzzy Hash: 0AF0A475804240DFEB208F15D885765FBE0EF04320F08C09ADD495B752D375E408DEB2
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1629046371.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4e20000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e93de5d260f405c2279caa2015885760c088a288c7056ac451367e7493a1c527
                                      • Instruction ID: 023e260c030e6a9a07141490e73e478cd6db5307c8d1c4db94e3da9ee903279d
                                      • Opcode Fuzzy Hash: e93de5d260f405c2279caa2015885760c088a288c7056ac451367e7493a1c527
                                      • Instruction Fuzzy Hash: 98511030605246CFC704FF74E999ACA77F2AB8520C7448929D005CB76EEB346F5AEB91
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1629046371.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4e20000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4019d51d3963bf4b761d58a99b023ca60cfa893cf240b6a494ddb0b413a8b221
                                      • Instruction ID: 50e1f4eb2d1f9bd2c09c511e82b0e1e58114a39a2fb1f66555cb0c9f8f026631
                                      • Opcode Fuzzy Hash: 4019d51d3963bf4b761d58a99b023ca60cfa893cf240b6a494ddb0b413a8b221
                                      • Instruction Fuzzy Hash: 0E0149E684E7C05FE74707341CA96813F71AEA3124B5F41C7C482CA0A3A91E9E0FDB22
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628694795.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_ff0000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1b8279a8ed664a6c1b94872417d555db5886f66979d0ceed9873c87d83f5d4c1
                                      • Instruction ID: fbf729abc7f2d6645a999e13cd165988b1b50542c820133d1ed1432ee8ee43b0
                                      • Opcode Fuzzy Hash: 1b8279a8ed664a6c1b94872417d555db5886f66979d0ceed9873c87d83f5d4c1
                                      • Instruction Fuzzy Hash: 9F01DB7650D7C06FD7128B15AC41863FFB8DF46620708C49FE8498B652D139A809C772
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1629046371.0000000004E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04E20000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_4e20000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e66ad91aff3f5bd1225d42705a18e48b81962beb9456d25cff1d2353fbfddcc4
                                      • Instruction ID: ad510d346f6cf8a48c75001d383f088d68eebb094d64390b1583516f281032b7
                                      • Opcode Fuzzy Hash: e66ad91aff3f5bd1225d42705a18e48b81962beb9456d25cff1d2353fbfddcc4
                                      • Instruction Fuzzy Hash: 68014430604B42DFC740EBB4D85D59D77E1EF80308B04846EE449C7366EB758D49AB53
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628694795.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_ff0000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5774caba6c5d763ebd630c7ea56f1174bc52f8d9fd84a1118b63f242b10d5e3a
                                      • Instruction ID: 8596d0cd1216a6ecd5ca625ccc74f0b5e54001520bb9a224934f116045811bd9
                                      • Opcode Fuzzy Hash: 5774caba6c5d763ebd630c7ea56f1174bc52f8d9fd84a1118b63f242b10d5e3a
                                      • Instruction Fuzzy Hash: 4FE092B6A016409B9650CF0BFC41456F7E8EB84730708C07FDC0D8B701E279B518CAA5
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628191402.0000000000F62000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F62000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f62000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b5dffa714d35efb6d425d1c84233b08a0fa0451a144acd7eb1d1f732ce8df9af
                                      • Instruction ID: 97402462d8ca1b4c80627a067a1b9d0ccabbcd2583662829390b3d8c185b23dd
                                      • Opcode Fuzzy Hash: b5dffa714d35efb6d425d1c84233b08a0fa0451a144acd7eb1d1f732ce8df9af
                                      • Instruction Fuzzy Hash: 58D05E79605AC18FD316DA1CD1A8BA937D4AF52724F4A44F9A8008BB63CB68D985E600
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.1628191402.0000000000F62000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F62000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f62000_njrat.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e7103a66687567d2b4c4e723ab8a771fb466db24ad99289ee48729c55f6b0f5a
                                      • Instruction ID: 480b79b26dccf412adc5dca1c22ee11354611dbd8fd9a33ab42b11982bfd9cec
                                      • Opcode Fuzzy Hash: e7103a66687567d2b4c4e723ab8a771fb466db24ad99289ee48729c55f6b0f5a
                                      • Instruction Fuzzy Hash: 2CD05E346006818BC715DB0CD2D5F5977D4AB40724F0644E9AC108B762CBB8E8C5DA00

                                      Execution Graph

                                      Execution Coverage:19.7%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:7.9%
                                      Total number of Nodes:178
                                      Total number of Limit Nodes:10
                                      execution_graph 7146 117be16 7148 117be4b GetExitCodeProcess 7146->7148 7149 117be74 7148->7149 7150 2bb1e3a 7151 2bb1e6f WSAConnect 7150->7151 7153 2bb1e8e 7151->7153 7154 2b803bd 7156 2b803c4 7154->7156 7155 2b805bf 7156->7155 7158 2b81500 7156->7158 7159 2b81534 7158->7159 7160 2b81551 7159->7160 7163 117bef2 7159->7163 7167 117bed0 7159->7167 7160->7155 7164 117bf27 NtSetInformationProcess 7163->7164 7165 117bf52 7163->7165 7166 117bf3c 7164->7166 7165->7164 7166->7160 7170 117bef2 NtSetInformationProcess 7167->7170 7169 117bf3c 7169->7160 7170->7169 7171 117a392 7172 117a3c7 RegQueryValueExW 7171->7172 7174 117a41b 7172->7174 7239 117ab52 7241 117ab8a RegOpenKeyExW 7239->7241 7242 117abe0 7241->7242 7243 117b152 7244 117b18a CreateFileW 7243->7244 7246 117b1d9 7244->7246 7247 2bb00fe 7250 2bb012a K32EnumProcesses 7247->7250 7249 2bb0146 7250->7249 7175 2bb2eb6 7176 2bb2eee RegCreateKeyExW 7175->7176 7178 2bb2f60 7176->7178 7179 2bb3236 7182 2bb326b GetProcessWorkingSetSize 7179->7182 7181 2bb3297 7182->7181 7183 117a09a 7184 117a107 7183->7184 7185 117a0cf send 7183->7185 7184->7185 7186 117a0dd 7185->7186 7254 2bb17f6 7255 2bb182e MapViewOfFile 7254->7255 7257 2bb187d 7255->7257 7258 117ac5a 7259 117ac83 SetFileAttributesW 7258->7259 7261 117ac9f 7259->7261 7187 117aa06 7188 117aa35 WaitForInputIdle 7187->7188 7189 117aa6b 7187->7189 7190 117aa43 7188->7190 7189->7188 7191 2bb212a 7192 2bb2159 CoGetObjectContext 7191->7192 7193 2bb2182 7191->7193 7194 2bb216e 7192->7194 7193->7192 7195 117a486 7196 117a4bb RegSetValueExW 7195->7196 7198 117a507 7196->7198 7262 117a646 7264 117a67e CreateMutexW 7262->7264 7265 117a6c1 7264->7265 7266 2bb1c6a 7267 2bb1c9f GetProcessTimes 7266->7267 7269 2bb1cd1 7267->7269 7270 117a74e 7271 117a77a CloseHandle 7270->7271 7272 117a7b9 7270->7272 7273 117a788 7271->7273 7272->7271 7274 2bb3162 7275 2bb318b select 7274->7275 7277 2bb31c0 7275->7277 7199 117b08a 7201 117b0b3 CopyFileW 7199->7201 7202 117b0da 7201->7202 7203 2bb1a9a 7205 2bb1acf shutdown 7203->7205 7206 2bb1af8 7205->7206 7207 2bb121a 7209 2bb1252 WSASocketW 7207->7209 7210 2bb128e 7209->7210 7211 2bb331a 7212 2bb334f SetProcessWorkingSetSize 7211->7212 7214 2bb337b 7212->7214 7278 2bb07da 7279 2bb0818 DuplicateHandle 7278->7279 7280 2bb0850 7278->7280 7281 2bb0826 7279->7281 7280->7279 7286 117a172 EnumWindows 7287 117a1c4 7286->7287 7292 2b81950 7293 2b8159a 7292->7293 7298 2b81a3a 7293->7298 7307 2b81999 7293->7307 7316 2b81a09 7293->7316 7325 2b81a27 7293->7325 7299 2b81a41 7298->7299 7334 2b80310 7299->7334 7301 2b81af5 7302 2b80310 2 API calls 7301->7302 7303 2b81b5e 7302->7303 7304 2b81b84 7303->7304 7339 2b82940 7303->7339 7343 2b82931 7303->7343 7308 2b819d3 7307->7308 7309 2b80310 2 API calls 7308->7309 7310 2b81af5 7309->7310 7311 2b80310 2 API calls 7310->7311 7312 2b81b5e 7311->7312 7313 2b81b84 7312->7313 7314 2b82940 2 API calls 7312->7314 7315 2b82931 2 API calls 7312->7315 7314->7313 7315->7313 7317 2b81a10 7316->7317 7318 2b80310 2 API calls 7317->7318 7319 2b81af5 7318->7319 7320 2b80310 2 API calls 7319->7320 7321 2b81b5e 7320->7321 7322 2b81b84 7321->7322 7323 2b82940 2 API calls 7321->7323 7324 2b82931 2 API calls 7321->7324 7323->7322 7324->7322 7326 2b81a2e 7325->7326 7327 2b80310 2 API calls 7326->7327 7328 2b81af5 7327->7328 7329 2b80310 2 API calls 7328->7329 7330 2b81b5e 7329->7330 7331 2b81b84 7330->7331 7332 2b82940 2 API calls 7330->7332 7333 2b82931 2 API calls 7330->7333 7332->7331 7333->7331 7337 2b80322 7334->7337 7335 2b80348 7335->7301 7336 2b805bf 7336->7301 7337->7335 7337->7336 7338 2b81500 2 API calls 7337->7338 7338->7336 7340 2b8296b 7339->7340 7341 2b829b3 7340->7341 7347 2b82f58 7340->7347 7341->7304 7344 2b82940 7343->7344 7345 2b829b3 7344->7345 7346 2b82f58 2 API calls 7344->7346 7345->7304 7346->7345 7348 2b82f8d 7347->7348 7352 2bb1ec6 7348->7352 7356 2bb1f36 7348->7356 7349 2b82fc8 7349->7341 7353 2bb1f36 GetVolumeInformationA 7352->7353 7355 2bb1f8e 7353->7355 7355->7349 7357 2bb1f86 GetVolumeInformationA 7356->7357 7358 2bb1f8e 7357->7358 7358->7349 7359 117a2fe 7360 117a32a SetErrorMode 7359->7360 7362 117a353 7359->7362 7361 117a33f 7360->7361 7362->7360 7215 117ba22 7217 117ba4b LookupPrivilegeValueW 7215->7217 7218 117ba72 7217->7218 7219 117bba2 7220 117bbd1 AdjustTokenPrivileges 7219->7220 7222 117bbf3 7220->7222 7363 2bb21c2 7364 2bb21fd LoadLibraryA 7363->7364 7366 2bb223a 7364->7366 7367 2bb01c2 7368 2bb0222 7367->7368 7369 2bb01f7 NtQuerySystemInformation 7367->7369 7368->7369 7370 2bb020c 7369->7370 7227 117af2a 7228 117af56 FindClose 7227->7228 7230 117af88 7227->7230 7229 117af6b 7228->7229 7230->7228 7231 2bb3086 7234 2bb30bb ioctlsocket 7231->7234 7233 2bb30e7 7234->7233 7235 117b32a 7237 117b35f ReadFile 7235->7237 7238 117b391 7237->7238 7371 117b26a 7373 117b29f GetFileType 7371->7373 7374 117b2cc 7373->7374 7375 2bb1646 7377 2bb167e ConvertStringSecurityDescriptorToSecurityDescriptorW 7375->7377 7378 2bb16bf 7377->7378
                                      APIs
                                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0117BBEB
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: AdjustPrivilegesToken
                                      • String ID:
                                      • API String ID: 2874748243-0
                                      • Opcode ID: d6e3b2b4d97a1553e3164b723c7ceb72fb57a8fba05efe9c7251b00a8572dad8
                                      • Instruction ID: 1c2d55b1fb136ced6830eccc76903c54f228558bd651f5de5d106fec7e9c71bb
                                      • Opcode Fuzzy Hash: d6e3b2b4d97a1553e3164b723c7ceb72fb57a8fba05efe9c7251b00a8572dad8
                                      • Instruction Fuzzy Hash: 9121D3755097809FDB238F25DC40B52BFB4EF06310F0984DAE9848B263D3319808DB62
                                      APIs
                                      • NtQuerySystemInformation.NTDLL ref: 02BB01FD
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: InformationQuerySystem
                                      • String ID:
                                      • API String ID: 3562636166-0
                                      • Opcode ID: 0f8e8e1e49ee6200f173246ddaa33bbd5ca3097a2c31a6793d1fc27474a1c065
                                      • Instruction ID: e1ce35a274657254d895c6bbad8716055b8ad93d1cb7666d2ab62b8d51e66c18
                                      • Opcode Fuzzy Hash: 0f8e8e1e49ee6200f173246ddaa33bbd5ca3097a2c31a6793d1fc27474a1c065
                                      • Instruction Fuzzy Hash: 1021AE754097C0AFDB238B20DC45A62FFB0EF07324F0984CBE9844B163E265A90DDB62
                                      APIs
                                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 0117BBEB
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: AdjustPrivilegesToken
                                      • String ID:
                                      • API String ID: 2874748243-0
                                      • Opcode ID: 1869f0ec9e60f7ea8bce79c0b5e16c0fadbcb9a638f0e782328190da119fa186
                                      • Instruction ID: 993ee009f931a12c060ca0108bdb1fe6a31f98c8eb3f12004e8034786a2c2a15
                                      • Opcode Fuzzy Hash: 1869f0ec9e60f7ea8bce79c0b5e16c0fadbcb9a638f0e782328190da119fa186
                                      • Instruction Fuzzy Hash: AA119E755042009FEB24CF15D884B62FBF4EF04220F08C8AADD498B722E331E418DB72
                                      APIs
                                      • NtSetInformationProcess.NTDLL ref: 0117BF2D
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: InformationProcess
                                      • String ID:
                                      • API String ID: 1801817001-0
                                      • Opcode ID: 336ef73abcd309f2472040cd34f69ac33241442993eb2a7bd1fcf582bdc4a502
                                      • Instruction ID: 56c2e388c1fbbc0a6daf0f781b77e99a17920e2e677e66f93d83edbb81a130e8
                                      • Opcode Fuzzy Hash: 336ef73abcd309f2472040cd34f69ac33241442993eb2a7bd1fcf582bdc4a502
                                      • Instruction Fuzzy Hash: 9911A071408780AFDB228F15DC44E52FFB4EF06720F09C49AED884B663D376A818CB62
                                      APIs
                                      • NtSetInformationProcess.NTDLL ref: 0117BF2D
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: InformationProcess
                                      • String ID:
                                      • API String ID: 1801817001-0
                                      • Opcode ID: e9656b0324219b6c53956e0e9a713f0015c7381062e6ba66de14eea0dd78dbcf
                                      • Instruction ID: 1a7b19aba20ff3a12151038129886748b1850865c58535bc268517ee3e5d1fed
                                      • Opcode Fuzzy Hash: e9656b0324219b6c53956e0e9a713f0015c7381062e6ba66de14eea0dd78dbcf
                                      • Instruction Fuzzy Hash: 240178358046009FEB258F05D884B62FBB0EF08B21F08C59ADD494B722D376E418CF62
                                      APIs
                                      • NtQuerySystemInformation.NTDLL ref: 02BB01FD
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: InformationQuerySystem
                                      • String ID:
                                      • API String ID: 3562636166-0
                                      • Opcode ID: 0db6ca0a4ee7897eefd4832e336401769956bc38ba340c5b4ee5c4290c32d4ca
                                      • Instruction ID: 7607f11b74bb107dd05c29f40c7e4632967bcfa37faf85a4c7ffde98f071f1cf
                                      • Opcode Fuzzy Hash: 0db6ca0a4ee7897eefd4832e336401769956bc38ba340c5b4ee5c4290c32d4ca
                                      • Instruction Fuzzy Hash: 5D017C358006009FEB219F45E844B72FBA0EF08620F08C59ADD890A712D3B5A45CCB72

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 2b81999-2b819f0 3 2b81a1a-2b81b77 call 2b80310 * 2 0->3 4 2b819f2-2b819f8 0->4 111 2b81b7e call 2b82d48 3->111 112 2b81b7e call 2bd05df 3->112 113 2b81b7e call 2b82b4b 3->113 114 2b81b7e call 2b82c2d 3->114 115 2b81b7e call 2b82940 3->115 116 2b81b7e call 2b82931 3->116 117 2b81b7e call 2bd0606 3->117 118 2b81b7e call 2b82a95 3->118 119 2b81b7e call 2b82a45 3->119 120 2b81b7e call 2b82ad7 3->120 5 2b819ff-2b81a07 4->5 5->3 34 2b81b84-2b81bb5 call 2b831b8 call 2b813b8 40 2b81bda-2b81c17 call 2b813b8 34->40 41 2b81bb7-2b81bd8 34->41 47 2b81c1a-2b81cf2 40->47 41->47 64 2b81cfb 47->64 65 2b81cf4-2b81cf9 47->65 66 2b81d00-2b81d28 64->66 65->66 69 2b81d2a-2b81d2f 66->69 70 2b81d31 66->70 71 2b81d36-2b81d5e 69->71 70->71 74 2b81d60-2b81d65 71->74 75 2b81d67 71->75 76 2b81d6c-2b81d94 74->76 75->76 79 2b81d9d 76->79 80 2b81d96-2b81d9b 76->80 81 2b81da2-2b81dca 79->81 80->81 84 2b81dcc-2b81dd1 81->84 85 2b81dd3 81->85 86 2b81dd8-2b81e00 84->86 85->86 89 2b81e09 86->89 90 2b81e02-2b81e07 86->90 91 2b81e0e-2b81e36 89->91 90->91 94 2b81e38-2b81e3d 91->94 95 2b81e3f 91->95 96 2b81e44-2b81e6c 94->96 95->96 99 2b81e6e-2b81e73 96->99 100 2b81e75 96->100 101 2b81e7a-2b81eb2 call 2b831b8 99->101 100->101 106 2b81eb8-2b81f02 101->106 110 2b81f03 106->110 110->110 111->34 112->34 113->34 114->34 115->34 116->34 117->34 118->34 119->34 120->34
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l$:@=l$\Odl
                                      • API String ID: 0-752882973
                                      • Opcode ID: 0fd7375606cc8051aa0823bb29d35a3a4f99411d4bbd717579f500bf635ea600
                                      • Instruction ID: b1ac068cac3b7bc84b0edf5fa12f8d4a4a4b45ba41c8cc71fbe12d3ea794c734
                                      • Opcode Fuzzy Hash: 0fd7375606cc8051aa0823bb29d35a3a4f99411d4bbd717579f500bf635ea600
                                      • Instruction Fuzzy Hash: 62C16C317102508BEB19AB78F8587BD37E7EB88308F10806AD41A97791DF798D96CB71

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 123 2b81a09-2b81b77 call 2b80310 * 2 232 2b81b7e call 2b82d48 123->232 233 2b81b7e call 2bd05df 123->233 234 2b81b7e call 2b82b4b 123->234 235 2b81b7e call 2b82c2d 123->235 236 2b81b7e call 2b82940 123->236 237 2b81b7e call 2b82931 123->237 238 2b81b7e call 2bd0606 123->238 239 2b81b7e call 2b82a95 123->239 240 2b81b7e call 2b82a45 123->240 241 2b81b7e call 2b82ad7 123->241 155 2b81b84-2b81bb5 call 2b831b8 call 2b813b8 161 2b81bda-2b81c17 call 2b813b8 155->161 162 2b81bb7-2b81bd8 155->162 168 2b81c1a-2b81cf2 161->168 162->168 185 2b81cfb 168->185 186 2b81cf4-2b81cf9 168->186 187 2b81d00-2b81d28 185->187 186->187 190 2b81d2a-2b81d2f 187->190 191 2b81d31 187->191 192 2b81d36-2b81d5e 190->192 191->192 195 2b81d60-2b81d65 192->195 196 2b81d67 192->196 197 2b81d6c-2b81d94 195->197 196->197 200 2b81d9d 197->200 201 2b81d96-2b81d9b 197->201 202 2b81da2-2b81dca 200->202 201->202 205 2b81dcc-2b81dd1 202->205 206 2b81dd3 202->206 207 2b81dd8-2b81e00 205->207 206->207 210 2b81e09 207->210 211 2b81e02-2b81e07 207->211 212 2b81e0e-2b81e36 210->212 211->212 215 2b81e38-2b81e3d 212->215 216 2b81e3f 212->216 217 2b81e44-2b81e6c 215->217 216->217 220 2b81e6e-2b81e73 217->220 221 2b81e75 217->221 222 2b81e7a-2b81eb2 call 2b831b8 220->222 221->222 227 2b81eb8-2b81f02 222->227 231 2b81f03 227->231 231->231 232->155 233->155 234->155 235->155 236->155 237->155 238->155 239->155 240->155 241->155
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l$:@=l$\Odl
                                      • API String ID: 0-752882973
                                      • Opcode ID: 536751d964ace676779d58fdfb13c9b32201fbec500fe1b579875bc1abe38f50
                                      • Instruction ID: 43be9fa721724a9ac8cff66907bcfc38c9ba4334bb718f32b51df9523290dd20
                                      • Opcode Fuzzy Hash: 536751d964ace676779d58fdfb13c9b32201fbec500fe1b579875bc1abe38f50
                                      • Instruction Fuzzy Hash: 0AA152313102508BEB19AB78F4597BD37E7EB88708F14806AD40A97B95CF798D8AC771

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 244 2b81a27-2b81b77 call 2b80310 * 2 352 2b81b7e call 2b82d48 244->352 353 2b81b7e call 2bd05df 244->353 354 2b81b7e call 2b82b4b 244->354 355 2b81b7e call 2b82c2d 244->355 356 2b81b7e call 2b82940 244->356 357 2b81b7e call 2b82931 244->357 358 2b81b7e call 2bd0606 244->358 359 2b81b7e call 2b82a95 244->359 360 2b81b7e call 2b82a45 244->360 361 2b81b7e call 2b82ad7 244->361 275 2b81b84-2b81bb5 call 2b831b8 call 2b813b8 281 2b81bda-2b81c17 call 2b813b8 275->281 282 2b81bb7-2b81bd8 275->282 288 2b81c1a-2b81cf2 281->288 282->288 305 2b81cfb 288->305 306 2b81cf4-2b81cf9 288->306 307 2b81d00-2b81d28 305->307 306->307 310 2b81d2a-2b81d2f 307->310 311 2b81d31 307->311 312 2b81d36-2b81d5e 310->312 311->312 315 2b81d60-2b81d65 312->315 316 2b81d67 312->316 317 2b81d6c-2b81d94 315->317 316->317 320 2b81d9d 317->320 321 2b81d96-2b81d9b 317->321 322 2b81da2-2b81dca 320->322 321->322 325 2b81dcc-2b81dd1 322->325 326 2b81dd3 322->326 327 2b81dd8-2b81e00 325->327 326->327 330 2b81e09 327->330 331 2b81e02-2b81e07 327->331 332 2b81e0e-2b81e36 330->332 331->332 335 2b81e38-2b81e3d 332->335 336 2b81e3f 332->336 337 2b81e44-2b81e6c 335->337 336->337 340 2b81e6e-2b81e73 337->340 341 2b81e75 337->341 342 2b81e7a-2b81eb2 call 2b831b8 340->342 341->342 347 2b81eb8-2b81f02 342->347 351 2b81f03 347->351 351->351 352->275 353->275 354->275 355->275 356->275 357->275 358->275 359->275 360->275 361->275
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l$:@=l$\Odl
                                      • API String ID: 0-752882973
                                      • Opcode ID: 7b74a8137a1268acd063da39cf835396d1d43e7aba6b9317efa675275f059175
                                      • Instruction ID: 36d2853e52be9cdc8ffa3e18e6dd55a27c09c02bfaeb9399137d2abc8c445949
                                      • Opcode Fuzzy Hash: 7b74a8137a1268acd063da39cf835396d1d43e7aba6b9317efa675275f059175
                                      • Instruction Fuzzy Hash: F8A174313102508BEB19AB78F4597BD33E7EB88708F14806AD40A97B95CF798D8AC771

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 364 2b81a3a-2b81b77 call 2b80310 * 2 471 2b81b7e call 2b82d48 364->471 472 2b81b7e call 2bd05df 364->472 473 2b81b7e call 2b82b4b 364->473 474 2b81b7e call 2b82c2d 364->474 475 2b81b7e call 2b82940 364->475 476 2b81b7e call 2b82931 364->476 477 2b81b7e call 2bd0606 364->477 478 2b81b7e call 2b82a95 364->478 479 2b81b7e call 2b82a45 364->479 480 2b81b7e call 2b82ad7 364->480 394 2b81b84-2b81bb5 call 2b831b8 call 2b813b8 400 2b81bda-2b81c17 call 2b813b8 394->400 401 2b81bb7-2b81bd8 394->401 407 2b81c1a-2b81cf2 400->407 401->407 424 2b81cfb 407->424 425 2b81cf4-2b81cf9 407->425 426 2b81d00-2b81d28 424->426 425->426 429 2b81d2a-2b81d2f 426->429 430 2b81d31 426->430 431 2b81d36-2b81d5e 429->431 430->431 434 2b81d60-2b81d65 431->434 435 2b81d67 431->435 436 2b81d6c-2b81d94 434->436 435->436 439 2b81d9d 436->439 440 2b81d96-2b81d9b 436->440 441 2b81da2-2b81dca 439->441 440->441 444 2b81dcc-2b81dd1 441->444 445 2b81dd3 441->445 446 2b81dd8-2b81e00 444->446 445->446 449 2b81e09 446->449 450 2b81e02-2b81e07 446->450 451 2b81e0e-2b81e36 449->451 450->451 454 2b81e38-2b81e3d 451->454 455 2b81e3f 451->455 456 2b81e44-2b81e6c 454->456 455->456 459 2b81e6e-2b81e73 456->459 460 2b81e75 456->460 461 2b81e7a-2b81eb2 call 2b831b8 459->461 460->461 466 2b81eb8-2b81f02 461->466 470 2b81f03 466->470 470->470 471->394 472->394 473->394 474->394 475->394 476->394 477->394 478->394 479->394 480->394
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l$:@=l$\Odl
                                      • API String ID: 0-752882973
                                      • Opcode ID: db99fa5ded6a220302b0ad7d841e3941a0ba104084b8d77fff4153f83066c48d
                                      • Instruction ID: a61bafccf9e3199d879dde80dfd660868bd094bcf1626d9bc474c1963e7702f7
                                      • Opcode Fuzzy Hash: db99fa5ded6a220302b0ad7d841e3941a0ba104084b8d77fff4153f83066c48d
                                      • Instruction Fuzzy Hash: FBA164313102508BEB19AB78F4597BD37E7EB88708F14806AD40997B95CF798D8AC771

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 483 2b80310-2b80334 485 2b8033e-2b80346 483->485 486 2b80336-2b80338 483->486 487 2b80348-2b8034d 485->487 488 2b8034e-2b80391 485->488 486->485 491 2b803d8-2b80418 488->491 492 2b80393-2b803ce 488->492 499 2b8041a 491->499 500 2b8041f 491->500 492->491 499->500 541 2b8041f call 2b80ba8 500->541 542 2b8041f call 2b80d98 500->542 543 2b8041f call 2b80938 500->543 544 2b8041f call 2bd05df 500->544 545 2b8041f call 2b80c8d 500->545 546 2b8041f call 2b80d40 500->546 547 2b8041f call 2b80c22 500->547 548 2b8041f call 2b80b03 500->548 549 2b8041f call 2bd0606 500->549 550 2b8041f call 2b80e55 500->550 551 2b8041f call 2b80f05 500->551 501 2b80425-2b80434 502 2b8046b-2b80523 501->502 503 2b80436-2b80460 501->503 522 2b80570-2b80587 502->522 523 2b80525-2b80531 502->523 503->502 524 2b8058d-2b805b4 522->524 525 2b80880 522->525 536 2b80533 call 2bd05df 523->536 537 2b80533 call 2bd0606 523->537 538 2b805b9 call 2bd05df 524->538 539 2b805b9 call 2b81500 524->539 540 2b805b9 call 2bd0606 524->540 528 2b80539-2b80569 528->522 533 2b805bf 533->525 536->528 537->528 538->533 539->533 540->533 541->501 542->501 543->501 544->501 545->501 546->501 547->501 548->501 549->501 550->501 551->501
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2dl$2dl$2dl
                                      • API String ID: 0-339448731
                                      • Opcode ID: 1037ce991148088203a26eb871fe612071dab582aee7797f19c8fc576ff8add4
                                      • Instruction ID: bdff9e1b0c9fdc9bbad1bda9ba845c426f859c7884c74acb8162d10f52f2bbc4
                                      • Opcode Fuzzy Hash: 1037ce991148088203a26eb871fe612071dab582aee7797f19c8fc576ff8add4
                                      • Instruction Fuzzy Hash: D05128307002008BD719BB39A8542BD77E7EBC5248B18847AE405DB7D5DF3ACC8AC7A1

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 552 2b803bd-2b80418 560 2b8041a 552->560 561 2b8041f 552->561 560->561 597 2b8041f call 2b80ba8 561->597 598 2b8041f call 2b80d98 561->598 599 2b8041f call 2b80938 561->599 600 2b8041f call 2bd05df 561->600 601 2b8041f call 2b80c8d 561->601 602 2b8041f call 2b80d40 561->602 603 2b8041f call 2b80c22 561->603 604 2b8041f call 2b80b03 561->604 605 2b8041f call 2bd0606 561->605 606 2b8041f call 2b80e55 561->606 607 2b8041f call 2b80f05 561->607 562 2b80425-2b80434 563 2b8046b-2b80523 562->563 564 2b80436-2b80460 562->564 583 2b80570-2b80587 563->583 584 2b80525-2b80531 563->584 564->563 585 2b8058d-2b805b4 583->585 586 2b80880 583->586 608 2b80533 call 2bd05df 584->608 609 2b80533 call 2bd0606 584->609 610 2b805b9 call 2bd05df 585->610 611 2b805b9 call 2b81500 585->611 612 2b805b9 call 2bd0606 585->612 589 2b80539-2b80569 589->583 594 2b805bf 594->586 597->562 598->562 599->562 600->562 601->562 602->562 603->562 604->562 605->562 606->562 607->562 608->589 609->589 610->594 611->594 612->594
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2dl$2dl$2dl
                                      • API String ID: 0-339448731
                                      • Opcode ID: 751656aa9c8b14e78a8531611cfa80370175b23a2133c7c5720cdaf19fabec4f
                                      • Instruction ID: 6e965829dbaf14da280d7483f4106260c1d43ea4b8cc78942bc0a5e1e7500521
                                      • Opcode Fuzzy Hash: 751656aa9c8b14e78a8531611cfa80370175b23a2133c7c5720cdaf19fabec4f
                                      • Instruction Fuzzy Hash: D141E5307002118BDB1DBB7994142FD32D7AFC5248B58806AE406DBBD5DF7ACD4A8BB6

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 613 2b80938-2b80993 615 2b80999-2b80a22 613->615 616 2b80a2e-2b80a30 613->616 768 2b80a24 call 2bd05df 615->768 769 2b80a24 call 2bd0606 615->769 617 2b80a37-2b80a3c 616->617 619 2b80b1e-2b80bc2 617->619 620 2b80a42-2b80a7a 617->620 656 2b80bc8-2b80c50 619->656 657 2b80c9e-2b80ca7 619->657 636 2b80a7c-2b80a9a 620->636 637 2b80aa1-2b80b01 620->637 636->637 637->619 692 2b80c57-2b80c8b 656->692 659 2b80cad-2b80d3e 657->659 660 2b80d51-2b80d5a 657->660 658 2b80a2a-2b80a2c 658->616 662 2b80a32 658->662 659->660 663 2b80d7a-2b80d83 660->663 664 2b80d5c-2b80d73 660->664 662->617 667 2b80da9-2b80db2 663->667 668 2b80d85-2b80d8c 663->668 664->663 670 2b80db8-2b80dd6 667->670 671 2b80f33-2b80f3a 667->671 679 2b80d96 668->679 766 2b80dd8 call 2bd05df 670->766 767 2b80dd8 call 2bd0606 670->767 677 2b80dde-2b80e06 694 2b80f1c-2b80f2d 677->694 679->667 692->657 694->671 695 2b80e0b-2b80e14 694->695 698 2b80e1a-2b80efb 695->698 699 2b80f40-2b80fd1 695->699 743 2b80f03-2b80f1a 698->743 729 2b810ca 699->729 730 2b80fd7-2b80fe8 699->730 731 2b810cc-2b810d3 729->731 737 2b80fea-2b8100b 730->737 744 2b8100d 737->744 745 2b81012-2b81048 737->745 743->694 747 2b80f3b 743->747 744->745 753 2b8104a 745->753 754 2b8104f-2b81077 745->754 747->699 753->754 758 2b81079-2b8107b 754->758 759 2b8107d-2b810a1 754->759 758->731 762 2b810aa-2b810b4 759->762 763 2b810a3-2b810a8 759->763 764 2b810ba-2b810c4 762->764 765 2b810b6-2b810b8 762->765 763->731 764->729 764->737 765->731 766->677 767->677 768->658 769->658
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l$\Odl
                                      • API String ID: 0-1237378895
                                      • Opcode ID: 61ad2ad3342c991e7dbb31b78bc83147bb7d776e89f8eb48d563bf96d1b9cb0d
                                      • Instruction ID: af2119d99425f2d2532c2ec5d536f612da14d758f95f8994edf79d3c1e604ae1
                                      • Opcode Fuzzy Hash: 61ad2ad3342c991e7dbb31b78bc83147bb7d776e89f8eb48d563bf96d1b9cb0d
                                      • Instruction Fuzzy Hash: B3027130705210CFCB19EB78E8586AD77E2EF89348B104479D40ADB7A5DF7A9C8ACB51

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 770 2b81f3f-2b81f4a 772 2b81f4c-2b81f56 770->772 962 2b81f56 call 117af96 772->962 963 2b81f56 call 117afee 772->963 774 2b81f5b-2b81f67 775 2b81f6d-2b81f75 774->775 776 2b823b6 774->776 966 2b81f77 call 2bd05df 775->966 967 2b81f77 call 2bd0606 775->967 776->772 777 2b81f7c-2b81f88 777->776 778 2b81f8e-2b81fa1 777->778 780 2b81fab-2b81fba 778->780 781 2b81fa3-2b81fa9 778->781 785 2b823bb 780->785 786 2b81fc0-2b81fca 780->786 782 2b8200c-2b8203a 781->782 800 2b8203c 782->800 801 2b82041-2b8208f 782->801 791 2b823c0-2b823c8 785->791 787 2b81fcc-2b81fce 786->787 788 2b81fd0 786->788 790 2b81fd3-2b81ff9 787->790 788->790 802 2b81ffb-2b82001 790->802 803 2b82003-2b8200a 790->803 795 2b823ca-2b823e1 791->795 796 2b823e3-2b8242c 791->796 795->796 811 2b8242e-2b82432 796->811 812 2b82442-2b82448 796->812 800->801 831 2b82091 801->831 832 2b82096-2b820e7 801->832 802->782 803->782 814 2b8243b 811->814 815 2b82434-2b82439 811->815 816 2b8244a-2b8244d 812->816 817 2b82453 812->817 814->812 815->812 816->817 818 2b8244f-2b82451 816->818 819 2b82458-2b8245d 817->819 818->819 820 2b8245f-2b8248c 819->820 821 2b82491-2b82497 819->821 834 2b8267d-2b82686 820->834 823 2b8251c 821->823 824 2b8249d-2b824a3 821->824 828 2b82521-2b82526 823->828 824->823 827 2b824a5-2b824ab 824->827 827->823 833 2b824ad-2b824b0 827->833 829 2b82528-2b8252e 828->829 830 2b82533-2b8253e 828->830 829->834 835 2b8254b-2b8254e 830->835 836 2b82540-2b82546 830->836 831->832 878 2b820e9 832->878 879 2b820ee-2b820f9 832->879 833->823 838 2b824b2-2b824b8 833->838 839 2b82559 835->839 840 2b82550-2b82553 835->840 836->834 838->823 842 2b824ba-2b824bd 838->842 845 2b8255e-2b82563 839->845 840->839 843 2b82555-2b82557 840->843 842->823 846 2b824bf-2b824c5 842->846 843->845 847 2b82593-2b8259e 845->847 848 2b82565-2b8257b 845->848 846->823 850 2b824c7-2b824cd 846->850 851 2b825ab-2b825af 847->851 852 2b825a0-2b825a6 847->852 862 2b82588-2b8258e 848->862 863 2b8257d-2b82583 848->863 850->823 853 2b824cf-2b824d5 850->853 854 2b825b1-2b825b7 851->854 855 2b825f2-2b825f8 851->855 852->834 853->823 856 2b824d7-2b824da 853->856 859 2b825b9-2b825ed 854->859 860 2b82606-2b8261f 854->860 855->860 864 2b825fa 855->864 856->823 861 2b824dc-2b824df 856->861 859->834 883 2b82650-2b82678 860->883 884 2b82621-2b8264e 860->884 861->823 866 2b824e1-2b824e4 861->866 862->834 863->834 964 2b825fc call 2b82698 864->964 965 2b825fc call 2b82688 864->965 866->823 869 2b824e6-2b824e9 866->869 869->823 872 2b824eb-2b824ee 869->872 870 2b82602-2b82604 870->834 872->823 875 2b824f0-2b824f3 872->875 875->823 877 2b824f5-2b824f8 875->877 877->823 882 2b824fa-2b824fd 877->882 878->879 892 2b82100-2b82134 879->892 882->823 885 2b824ff-2b82502 882->885 883->834 884->834 885->823 888 2b82504-2b82507 885->888 888->823 891 2b82509-2b8250c 888->891 891->823 894 2b8250e-2b82511 891->894 907 2b8213b-2b8216b 892->907 908 2b82136 892->908 894->823 897 2b82513-2b82516 894->897 897->823 899 2b82518-2b8251a 897->899 899->828 907->776 914 2b82171-2b821a1 907->914 908->907 918 2b82330-2b8233e 914->918 919 2b82344-2b82366 918->919 920 2b821a6-2b821ac 918->920 919->776 922 2b82368-2b8236c 919->922 920->791 921 2b821b2-2b821e1 920->921 921->785 931 2b821e7-2b82210 921->931 923 2b8236e 922->923 924 2b82373-2b8237a 922->924 923->924 924->791 925 2b8237c-2b8238a 924->925 929 2b8238c 925->929 930 2b82391-2b82398 925->930 929->930 930->791 932 2b8239a-2b823ac 930->932 936 2b82212 931->936 937 2b82217-2b82242 931->937 932->776 936->937 941 2b8227a-2b82295 937->941 942 2b82244-2b8224d 937->942 948 2b8229c-2b822e3 941->948 949 2b82297 941->949 943 2b8225b-2b8226a 942->943 944 2b8224f-2b82253 942->944 943->791 945 2b82270-2b82277 943->945 944->943 945->941 955 2b822ea-2b8231b 948->955 956 2b822e5 948->956 949->948 960 2b8231d-2b82321 955->960 961 2b82327-2b8232a 955->961 956->955 960->785 960->961 961->785 961->918 962->774 963->774 964->870 965->870 966->777 967->777
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: L.dl
                                      • API String ID: 0-2277560483
                                      • Opcode ID: d1f27e4fc2c0d6fc27d11e56a51ec7d7e2c652506ae02b4b8624dcc4b161467d
                                      • Instruction ID: f578ea132e85dd34c037ea8768720493e7741826b9d557ad2de489862635bc2e
                                      • Opcode Fuzzy Hash: d1f27e4fc2c0d6fc27d11e56a51ec7d7e2c652506ae02b4b8624dcc4b161467d
                                      • Instruction Fuzzy Hash: 94129231B00251CFDB28BB78D5647AD72E2EF84209F1484B9CC59A7791DB39CC86CBA1

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 968 2bb2e8a-2bb2f0e 972 2bb2f13-2bb2f1f 968->972 973 2bb2f10 968->973 974 2bb2f21 972->974 975 2bb2f24-2bb2f2d 972->975 973->972 974->975 976 2bb2f2f 975->976 977 2bb2f32-2bb2f49 975->977 976->977 979 2bb2f8b-2bb2f90 977->979 980 2bb2f4b-2bb2f5e RegCreateKeyExW 977->980 979->980 981 2bb2f92-2bb2f97 980->981 982 2bb2f60-2bb2f88 980->982 981->982
                                      APIs
                                      • RegCreateKeyExW.KERNEL32(?,00000E5C), ref: 02BB2F51
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: 20de926dfcf07cfedfec0a6623a255b1e2f271717404376d93f6e3d442696f50
                                      • Instruction ID: 29ca51a03bf396b8eaab7f7338d25ab76a44a03a01ac4a015909f28daabf7b24
                                      • Opcode Fuzzy Hash: 20de926dfcf07cfedfec0a6623a255b1e2f271717404376d93f6e3d442696f50
                                      • Instruction Fuzzy Hash: 58316F72504744AFE7228B65CC44FA7BBFCEF09314F08859AE9458B562D364E908CB61

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 987 2bb1107-2bb1127 988 2bb1149-2bb117b 987->988 989 2bb1129-2bb1148 987->989 993 2bb117e-2bb11d6 RegQueryValueExW 988->993 989->988 995 2bb11dc-2bb11f2 993->995
                                      APIs
                                      • RegQueryValueExW.KERNEL32(?,00000E5C,?,?), ref: 02BB11CE
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: c52fa449515ff8557f42b1700a1535a79b85d904387e9c9ffd706bccacb53eea
                                      • Instruction ID: 9096e9cb22b8619298ecb065c4e4f38b5ac853203f3bbde0f4a3f3e7a79d5274
                                      • Opcode Fuzzy Hash: c52fa449515ff8557f42b1700a1535a79b85d904387e9c9ffd706bccacb53eea
                                      • Instruction Fuzzy Hash: D7319C2510E3C0AFD3138B258C65A61BF74EF47610F0E85CBE8C48F6A3D2696809C7B2

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 996 2bb1ec6-2bb1f88 GetVolumeInformationA 999 2bb1f8e-2bb1fb7 996->999
                                      APIs
                                      • GetVolumeInformationA.KERNEL32(?,00000E5C,?,?), ref: 02BB1F86
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: InformationVolume
                                      • String ID:
                                      • API String ID: 2039140958-0
                                      • Opcode ID: e8f2e1dafeda1473e57ab962aad7e677cca0c39c47675d6720e151fdc07ca432
                                      • Instruction ID: 28ccfd4b6105e72aa76585c62b8226112019cb37339560836377a36b60c04025
                                      • Opcode Fuzzy Hash: e8f2e1dafeda1473e57ab962aad7e677cca0c39c47675d6720e151fdc07ca432
                                      • Instruction Fuzzy Hash: 21318F7150D3C16FD3138B358C65AA2BFB4AF47610F1E80CBE8C48F5A3D225A959C7A2

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1001 117ab1e-117ab84 1003 117ab8a-117ab9b 1001->1003 1004 117aba1-117abad 1003->1004 1005 117abb2-117abc9 1004->1005 1006 117abaf 1004->1006 1008 117ac0b-117ac10 1005->1008 1009 117abcb-117abde RegOpenKeyExW 1005->1009 1006->1005 1008->1009 1010 117ac12-117ac17 1009->1010 1011 117abe0-117ac08 1009->1011 1010->1011
                                      APIs
                                      • RegOpenKeyExW.KERNEL32(?,00000E5C), ref: 0117ABD1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: Open
                                      • String ID:
                                      • API String ID: 71445658-0
                                      • Opcode ID: 9b1ceeac56261ad6f22b465c2feb8785b94d0cb0037422f7aad41709a1f4a0ef
                                      • Instruction ID: bdc0df6ae3dbf7a1f0d42ce8b03676d581592efe111c38e3e24b2d7b23e4c05e
                                      • Opcode Fuzzy Hash: 9b1ceeac56261ad6f22b465c2feb8785b94d0cb0037422f7aad41709a1f4a0ef
                                      • Instruction Fuzzy Hash: 96318476408784AFE7228B65DC44FA7BFBCEF06314F09849BE9858B653D324A918C771

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1016 117a612-117a695 1020 117a697 1016->1020 1021 117a69a-117a6a3 1016->1021 1020->1021 1022 117a6a5 1021->1022 1023 117a6a8-117a6b1 1021->1023 1022->1023 1024 117a6b3-117a6d7 CreateMutexW 1023->1024 1025 117a702-117a707 1023->1025 1028 117a709-117a70e 1024->1028 1029 117a6d9-117a6ff 1024->1029 1025->1024 1028->1029
                                      APIs
                                      • CreateMutexW.KERNEL32(?,?), ref: 0117A6B9
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: ba73c09a7938653c5ddf0e1a5828cd15248bbdc1d0a6c74b783db8b3449ded39
                                      • Instruction ID: ad24ea496ab8c7ed3104a40c363b79d6422c0fe8d9c911ea3ee60a7622ac7a4e
                                      • Opcode Fuzzy Hash: ba73c09a7938653c5ddf0e1a5828cd15248bbdc1d0a6c74b783db8b3449ded39
                                      • Instruction Fuzzy Hash: 8D31A1755097806FE712CB25DC45B96FFB8EF06314F08849AE9848B293D375E909CB61

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1047 2bb1c2c-2bb1cc1 1052 2bb1d0e-2bb1d13 1047->1052 1053 2bb1cc3-2bb1ccb GetProcessTimes 1047->1053 1052->1053 1054 2bb1cd1-2bb1ce3 1053->1054 1056 2bb1d15-2bb1d1a 1054->1056 1057 2bb1ce5-2bb1d0b 1054->1057 1056->1057
                                      APIs
                                      • GetProcessTimes.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB1CC9
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ProcessTimes
                                      • String ID:
                                      • API String ID: 1995159646-0
                                      • Opcode ID: c1fded8cff76c62d5d2926cff74669b814ed2c8a1b17c26e2be19c80d0ec12b5
                                      • Instruction ID: 88beeb4e4b710fdc27a0d871b232ebecb47191b5435c0f393c2453aa5fbb9af5
                                      • Opcode Fuzzy Hash: c1fded8cff76c62d5d2926cff74669b814ed2c8a1b17c26e2be19c80d0ec12b5
                                      • Instruction Fuzzy Hash: 6331F7765083806FEB228F21DC44F96BFB8EF06314F1884DBE9458B153D325A509C771

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 1032 2bb1620-2bb16a1 1036 2bb16a3 1032->1036 1037 2bb16a6-2bb16af 1032->1037 1036->1037 1038 2bb16b1-2bb16b9 ConvertStringSecurityDescriptorToSecurityDescriptorW 1037->1038 1039 2bb1707-2bb170c 1037->1039 1041 2bb16bf-2bb16d1 1038->1041 1039->1038 1042 2bb170e-2bb1713 1041->1042 1043 2bb16d3-2bb1704 1041->1043 1042->1043
                                      APIs
                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E5C), ref: 02BB16B7
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: DescriptorSecurity$ConvertString
                                      • String ID:
                                      • API String ID: 3907675253-0
                                      • Opcode ID: 6ad2614002395898d6726ab09c3a0a39bfd57713bed83367bd53ab8351cb9843
                                      • Instruction ID: cc8be9d551c6d374ea50002cc94458b9b80d8ab29dc4d689a1ddbd283f97f5d3
                                      • Opcode Fuzzy Hash: 6ad2614002395898d6726ab09c3a0a39bfd57713bed83367bd53ab8351cb9843
                                      • Instruction Fuzzy Hash: 3D319376504344AFEB22CF65DC45FA7BBB8EF05324F08849AE944DB552D364E818CB71
                                      APIs
                                      • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0117B1D1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 0c1f0a700f6dd42605e797b5576ff5b2a4323d0215823c854fdc47da2010aa51
                                      • Instruction ID: 63b40cadbdbf51f8db404886465c4fc8d5edb7cbb0d94c9d6fe6fddba99c758d
                                      • Opcode Fuzzy Hash: 0c1f0a700f6dd42605e797b5576ff5b2a4323d0215823c854fdc47da2010aa51
                                      • Instruction Fuzzy Hash: 74318D75508340AFEB21CF65DC85F96BBF8EF09324F08889EE9458B652D375E808CB65
                                      APIs
                                      • GetExitCodeProcess.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117BE6C
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CodeExitProcess
                                      • String ID:
                                      • API String ID: 3861947596-0
                                      • Opcode ID: ac23000bd899314e4ce8b26d3431d9e8865e7bee9b1b3bb4a58a46bf7bc50f12
                                      • Instruction ID: b6a3a50dcd5b8d3ad06005ab3cb77cff8cf6a214647f329454250901ae179b03
                                      • Opcode Fuzzy Hash: ac23000bd899314e4ce8b26d3431d9e8865e7bee9b1b3bb4a58a46bf7bc50f12
                                      • Instruction Fuzzy Hash: 6421A2765093806FE7128F25DC45B96BFB8EF46324F0984DBE944CF293D364A909C761
                                      APIs
                                      • RegCreateKeyExW.KERNEL32(?,00000E5C), ref: 02BB2F51
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: Create
                                      • String ID:
                                      • API String ID: 2289755597-0
                                      • Opcode ID: babc10d71c8a022c924eba974fe1435f2a3f5ef74f251eff7218aae4a425a2f9
                                      • Instruction ID: 85021ae29e0bafeca8f1a9162a1036546085e246e9ea9503015dbb9175c522bd
                                      • Opcode Fuzzy Hash: babc10d71c8a022c924eba974fe1435f2a3f5ef74f251eff7218aae4a425a2f9
                                      • Instruction Fuzzy Hash: 77214B72500604AFEB228E25DD85FA7BBECEF08724F04859AED49D6652E760E5088B71
                                      APIs
                                      • RegQueryValueExW.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117A40C
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 13c75047fabd4d1ddc1ef28f6ea2f36849343cd346ce4a57f8c535525cc950ac
                                      • Instruction ID: b3d8cbe204828be502825985095a16e2f3a34d2478997eff86b9afd417a93d66
                                      • Opcode Fuzzy Hash: 13c75047fabd4d1ddc1ef28f6ea2f36849343cd346ce4a57f8c535525cc950ac
                                      • Instruction Fuzzy Hash: B3318D75509780AFE722CF15DC84F96BFB8EF06714F08849AE9858B292D364E909CB71
                                      APIs
                                      • GetProcessWorkingSetSize.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB328F
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: 0e772158f5dafe7ea2b7d4126f9eece26b0bab92cd7f3a39bf584a28ed56fc4d
                                      • Instruction ID: 4b29df033799385932bc8e7a4998e0f523ba084d1cd92a35ce9c1af8c2bf326d
                                      • Opcode Fuzzy Hash: 0e772158f5dafe7ea2b7d4126f9eece26b0bab92cd7f3a39bf584a28ed56fc4d
                                      • Instruction Fuzzy Hash: F621C3755093C06FEB13CB20DC54B96BFB8AF46324F0884DBE9888F153D265A809C772
                                      APIs
                                      • EnumWindows.USER32(?,00000E5C,?,?), ref: 0117A1BD
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: EnumWindows
                                      • String ID:
                                      • API String ID: 1129996299-0
                                      • Opcode ID: 90e620b328bbab32a277367fc7c0f3729137c2f8935a29197a29ae1603bcb7d7
                                      • Instruction ID: 371ce51325f0b13a1e9d9dce20dfec9e275eef3462a78bb287ae36bce837d15c
                                      • Opcode Fuzzy Hash: 90e620b328bbab32a277367fc7c0f3729137c2f8935a29197a29ae1603bcb7d7
                                      • Instruction Fuzzy Hash: 3F21B57140D3C06FD3128B258C65BA2BFB4EF47620F1A85CBD984CF593D229A919D7B2
                                      APIs
                                      • GetFileType.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117B2BD
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: FileType
                                      • String ID:
                                      • API String ID: 3081899298-0
                                      • Opcode ID: 5c54dc7e0ad7dc2e0fe8261ed5eebb65d2eb9980893b6b8f8dc13ac40c3721bd
                                      • Instruction ID: f007a98ae4b9d5e8e4163b1b4e83f65cc117dcdc2fa8539c43b222bb33e58c72
                                      • Opcode Fuzzy Hash: 5c54dc7e0ad7dc2e0fe8261ed5eebb65d2eb9980893b6b8f8dc13ac40c3721bd
                                      • Instruction Fuzzy Hash: 5F21F8754097806FE7128B259C41BA2BFBCDF07724F0984D6E9848B253D264A909C775
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: select
                                      • String ID:
                                      • API String ID: 1274211008-0
                                      • Opcode ID: f4adb6e7c648d2c4913cf4edaf40e27767a42b89bd40b14e315f5532da6a9662
                                      • Instruction ID: b995a2474269b5cbb40c795861951eb8c0bae71dda0956bfce33bebc3d6ca4a0
                                      • Opcode Fuzzy Hash: f4adb6e7c648d2c4913cf4edaf40e27767a42b89bd40b14e315f5532da6a9662
                                      • Instruction Fuzzy Hash: 8D216F755053809FDB22CF25DC44BA2BFF8EF06214F0984DAE984CB162D375A949DB61
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: 1d33bd433a04a6b08df509a7f76d3c6d1eb941f7ca30176611a9ee50ccb6c699
                                      • Instruction ID: 4b690fa74ca3a96d2474c2c2570cde5d893360977ece055111ce44c0b8f2efca
                                      • Opcode Fuzzy Hash: 1d33bd433a04a6b08df509a7f76d3c6d1eb941f7ca30176611a9ee50ccb6c699
                                      • Instruction Fuzzy Hash: CDD12A34B00214DFCB19EFB8E8586ADB7B2EB88304B10816AE916973A5DF359C95CF50
                                      APIs
                                      • RegSetValueExW.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117A4F8
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: f1b30d806c6f91c05c2964b6c94991e83af4a60402a668e93496f0c04c151468
                                      • Instruction ID: e0243874ec034d8796102817659bdd4d9f54b6efb3ccc8f24372a3e5e1a6ea8f
                                      • Opcode Fuzzy Hash: f1b30d806c6f91c05c2964b6c94991e83af4a60402a668e93496f0c04c151468
                                      • Instruction Fuzzy Hash: B721A4B65043806FEB228F15DC44F67BFB8DF46724F08849AE945CB652D364E448C771
                                      APIs
                                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 02BB1286
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: Socket
                                      • String ID:
                                      • API String ID: 38366605-0
                                      • Opcode ID: 7306bfb274d262aa6e445aa93b28cf3f5d5eb046f43472b2f67d5d677665a663
                                      • Instruction ID: 69862a93097bda003072d27d3b2ec62f741a1a183bc979e21e84076b47227e54
                                      • Opcode Fuzzy Hash: 7306bfb274d262aa6e445aa93b28cf3f5d5eb046f43472b2f67d5d677665a663
                                      • Instruction Fuzzy Hash: 9F219171405380AFE722CF55DC45F96FFB8EF09324F08889EE9858B652D375A408CB62
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: FileView
                                      • String ID:
                                      • API String ID: 3314676101-0
                                      • Opcode ID: ee3fadc3a8e7978cf7ed45703e2be320bc33f02fff5814503589591bede9044c
                                      • Instruction ID: 96d83934af14daa2f66a486ac0d0b04a00080c53b6a794a49d2b57d3a711a61f
                                      • Opcode Fuzzy Hash: ee3fadc3a8e7978cf7ed45703e2be320bc33f02fff5814503589591bede9044c
                                      • Instruction Fuzzy Hash: A7219F71405380AFEB22CF55DC44F96FBF8EF09324F08899EE9858B652D375A508CB62
                                      APIs
                                      • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0117B1D1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CreateFile
                                      • String ID:
                                      • API String ID: 823142352-0
                                      • Opcode ID: 57147f272114cf570b6af2a82a300933baf0a8ee9b6fbec5817acb2ed821deb2
                                      • Instruction ID: d9f41c3bd4d4900e9bdb6e4833d640b687042005a0bddf485f32fc705c148d6f
                                      • Opcode Fuzzy Hash: 57147f272114cf570b6af2a82a300933baf0a8ee9b6fbec5817acb2ed821deb2
                                      • Instruction Fuzzy Hash: 7E218E75504204AFEB25CF65ED85FA6FBE8EF08324F04885AE9458B752E371E408CB75
                                      APIs
                                      • K32EnumProcesses.KERNEL32(?,?,?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 02BB013E
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: EnumProcesses
                                      • String ID:
                                      • API String ID: 84517404-0
                                      • Opcode ID: b1c09cf1e9971e72b20d17fab39106020392491c4513e7272cac93234d98b40d
                                      • Instruction ID: 4a554132c4a0178cdc34213972485e7888465967dcc6216e13a7abe452f36f0e
                                      • Opcode Fuzzy Hash: b1c09cf1e9971e72b20d17fab39106020392491c4513e7272cac93234d98b40d
                                      • Instruction Fuzzy Hash: D6216B755093C09FDB138B65DC55BA2BFB4EF07220F0D88DBE984CB163D2649958CB62
                                      APIs
                                      • RegQueryValueExW.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB15CC
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 2bf39741bd69fd3cf706ea66bb8594d47e8915b281d30dc156e1a89441f308c9
                                      • Instruction ID: f2683cee00cf3236c12e762a6f97676d50bac00a36b973cfe1b216c5208e9d87
                                      • Opcode Fuzzy Hash: 2bf39741bd69fd3cf706ea66bb8594d47e8915b281d30dc156e1a89441f308c9
                                      • Instruction Fuzzy Hash: CD21A172505780AFE722CF15CC44FA7BBB8EF49314F08849AE9858B692D364E808C771
                                      APIs
                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E5C), ref: 02BB16B7
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: DescriptorSecurity$ConvertString
                                      • String ID:
                                      • API String ID: 3907675253-0
                                      • Opcode ID: e7b32535e11624ae3fd07b4efe63b6706d3003e8193c51125956b9e4fc537bde
                                      • Instruction ID: b104ce03d2841620ee87cd52ec48f1fbc38be0d934e1524165baa510caf4dfcd
                                      • Opcode Fuzzy Hash: e7b32535e11624ae3fd07b4efe63b6706d3003e8193c51125956b9e4fc537bde
                                      • Instruction Fuzzy Hash: 7F21B076500204AFEB219F25DD45FAABBA8EF04624F0884AAE949CB641E770E408CA71
                                      APIs
                                      • ReadFile.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117B389
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: 55811c4d2cd4d1f04e1d4961ad6158ba6b0149143d70a4d98517d746a0112815
                                      • Instruction ID: 0b47bab3625f4f3e47c1bbbde51b99f8e0ad997075c3b3ed30b73723dcebb7aa
                                      • Opcode Fuzzy Hash: 55811c4d2cd4d1f04e1d4961ad6158ba6b0149143d70a4d98517d746a0112815
                                      • Instruction Fuzzy Hash: DD219075409380AFDB228F61DC44F96BFB8EF46314F09849BE9448B653D325A409CBB6
                                      APIs
                                      • RegOpenKeyExW.KERNEL32(?,00000E5C), ref: 0117ABD1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: Open
                                      • String ID:
                                      • API String ID: 71445658-0
                                      • Opcode ID: 152557716a6bbeb4bb74453f240662bea66f846bdabb9dbc9605d70c4021eb21
                                      • Instruction ID: d4c4def4d11459fafa9f3e4ef1a33ca11f7a37cefeb1eaed9c0936743970f564
                                      • Opcode Fuzzy Hash: 152557716a6bbeb4bb74453f240662bea66f846bdabb9dbc9605d70c4021eb21
                                      • Instruction Fuzzy Hash: 9021A472500304AEEB219F15DD44FABFBBCEF08724F08845AEA4587752D734E5088B71
                                      APIs
                                      • SetProcessWorkingSetSize.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB3373
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: ed9e1ba91c1a02dc95e38e45892ae3c13be086de7b7b196ac602ca3e1364e6e2
                                      • Instruction ID: 938e34542d7c1d93aacfc0eb9ae42e8dcb2e4428cba51f813fd60bcb112533a0
                                      • Opcode Fuzzy Hash: ed9e1ba91c1a02dc95e38e45892ae3c13be086de7b7b196ac602ca3e1364e6e2
                                      • Instruction Fuzzy Hash: BC2183755053806FDB22CF11DC44FABBBB8EF45224F08849BE9449B252D365A508C765
                                      APIs
                                      • CreateMutexW.KERNEL32(?,?), ref: 0117A6B9
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: b258a558eb3270d33b27b273090203e429013fbf02cea3c29d893e68794e376f
                                      • Instruction ID: a7516512f0ac4bf077c80f01bf2fbf0a2829112024a58dcbe0da4d901795965c
                                      • Opcode Fuzzy Hash: b258a558eb3270d33b27b273090203e429013fbf02cea3c29d893e68794e376f
                                      • Instruction Fuzzy Hash: E0219275500200AFFB24CF25DD45BAAFBF8EF44724F08886AE9498B742E775E409CA71
                                      APIs
                                      • shutdown.WS2_32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB1AF0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: shutdown
                                      • String ID:
                                      • API String ID: 2510479042-0
                                      • Opcode ID: b18e0a257c8d5660150620dedbee8d7535fb987366b2ee45eeff2ece7bc1a09c
                                      • Instruction ID: 1a907d33c7062570fca00c54af9a3ca1b5e7188bf22326f814e15711604e4943
                                      • Opcode Fuzzy Hash: b18e0a257c8d5660150620dedbee8d7535fb987366b2ee45eeff2ece7bc1a09c
                                      • Instruction Fuzzy Hash: 082180B1409380AFDB228B159C54B96BFB8EF46224F0884DBE9449B252D368A548C7A2
                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0117BA6A
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: e65793557b7e4882935709c541b1e7228a076f46ebf58aae1c30e71863665a8b
                                      • Instruction ID: ec6d6513513ed6756f555da81cc2c7a24f5d6a7b93e90b3b0ddf53725b9f3206
                                      • Opcode Fuzzy Hash: e65793557b7e4882935709c541b1e7228a076f46ebf58aae1c30e71863665a8b
                                      • Instruction Fuzzy Hash: 9D216F715093805FEB228F29DC54B52BFB8EF46611F0884DAED85CB252E375E408D771
                                      APIs
                                      • RegQueryValueExW.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117A40C
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 46a40764c6cd7bc7017d570970085c9a9410805c816b4b15c3a8bf76bdccb8dc
                                      • Instruction ID: 7d75106530f55beeba95d430afded580f926a387db7c2edd68e4ffe7661ae85c
                                      • Opcode Fuzzy Hash: 46a40764c6cd7bc7017d570970085c9a9410805c816b4b15c3a8bf76bdccb8dc
                                      • Instruction Fuzzy Hash: C8218E75604604AFEB21CF15DC84FA6F7F8EF08724F08845AE9468B752D760E809CA72
                                      APIs
                                      • ioctlsocket.WS2_32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB30DF
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ioctlsocket
                                      • String ID:
                                      • API String ID: 3577187118-0
                                      • Opcode ID: bcf9edf9804ffce3cc0dc0961af1ad931dbec7cd635c3b5970b3d1600e9675d9
                                      • Instruction ID: 6160ed206b0a3c3b55ab45ca3581304eaf50e30850d06587223d45be1d384942
                                      • Opcode Fuzzy Hash: bcf9edf9804ffce3cc0dc0961af1ad931dbec7cd635c3b5970b3d1600e9675d9
                                      • Instruction Fuzzy Hash: BB21A171409784AFDB22CF11DC84FA6BFB8EF45324F08849BE9449B252D374A508C7B2
                                      APIs
                                      • SetFileAttributesW.KERNEL32(?,?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117AC97
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 6ae16f892ad05abfd55468c0a83e7a4ab1fd86de6dd8e5d3bbedca9f3083e846
                                      • Instruction ID: f6b67e0aa7a2bf2af0e0c4a364b58c28e1ffbf41f4166cd22fcdf57693032c9d
                                      • Opcode Fuzzy Hash: 6ae16f892ad05abfd55468c0a83e7a4ab1fd86de6dd8e5d3bbedca9f3083e846
                                      • Instruction Fuzzy Hash: 2C21D4755093C05FEB12CF25DC85B96BFB4EF06324F0D84DAD8858B263D2719449CB61
                                      APIs
                                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 02BB1E86
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: Connect
                                      • String ID:
                                      • API String ID: 3144859779-0
                                      • Opcode ID: f686345eb85f88e8cb96f266248738800442f5c04e1772d8cf4077d10a35cac6
                                      • Instruction ID: f11d55074f3883cef866627a3b8e673d422d659cfc255c60b5822821bc40a29d
                                      • Opcode Fuzzy Hash: f686345eb85f88e8cb96f266248738800442f5c04e1772d8cf4077d10a35cac6
                                      • Instruction Fuzzy Hash: A321A175409380AFDB228F65CC84A92BFF4EF06310F0984DAE9858F262D375A819DB61
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: FileView
                                      • String ID:
                                      • API String ID: 3314676101-0
                                      • Opcode ID: 747cf14f59ef081ee93d6763beca009bf050a03e34cdecc2e8c49d9c5015de87
                                      • Instruction ID: c24e5cb9f12d92bf4ee953fd9f80c5b9b54085d9a2a79cbb8f74677a6cfc53e9
                                      • Opcode Fuzzy Hash: 747cf14f59ef081ee93d6763beca009bf050a03e34cdecc2e8c49d9c5015de87
                                      • Instruction Fuzzy Hash: 97218171500204AFEB21CF55DD45FA6FBE8EF08324F04859AE9498B651E375F509CB71
                                      APIs
                                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 02BB1286
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: Socket
                                      • String ID:
                                      • API String ID: 38366605-0
                                      • Opcode ID: cdbe17c8948b684033e8522f60324b3710865402b78ca765a955e6cbb3b03ec7
                                      • Instruction ID: 6c33df78e9fc0ea45002bda66751124aa1b845b1b2648ae00acd2542b24c4525
                                      • Opcode Fuzzy Hash: cdbe17c8948b684033e8522f60324b3710865402b78ca765a955e6cbb3b03ec7
                                      • Instruction Fuzzy Hash: 2C218E71900240AFEB21CF55DD45FA6FBE4EF08324F04889EE9898B652D3B5E419CB72
                                      APIs
                                      • CopyFileW.KERNEL32(?,?,?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117B0D2
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: 65afdde9306883ad66b836f3fca62bdbe117189d8d89c82380799d4705e643a2
                                      • Instruction ID: 27452d37b3aad9f714385a81cd5d9561b43535d3420bbb01f627be3136781f0d
                                      • Opcode Fuzzy Hash: 65afdde9306883ad66b836f3fca62bdbe117189d8d89c82380799d4705e643a2
                                      • Instruction Fuzzy Hash: 2E2166755093805FD721CF65DC55B53BFF8EF06210F0984AADD45CB652D325E448CB61
                                      APIs
                                      • LoadLibraryA.KERNEL32(?,00000E5C), ref: 02BB222B
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 8f820c1fe99d1724b43f5190a2fbfe7746515cfb0653c1682ccb807503d5070b
                                      • Instruction ID: b6f8d8e066954914e36baa8e9a1443cff7deef507adb2998e4e8d70090134c13
                                      • Opcode Fuzzy Hash: 8f820c1fe99d1724b43f5190a2fbfe7746515cfb0653c1682ccb807503d5070b
                                      • Instruction Fuzzy Hash: B811B471504340AFE721CB11DC85FA6FBB8DF46724F08849AFD449B692D3A4A948C766
                                      APIs
                                      • RegSetValueExW.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117A4F8
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 20bb8845d53084a70d67d11bed804d013b0b967939a2b08ab2de1ae907229f2e
                                      • Instruction ID: 474f54f19d4fac6320fdc97e691678103bd18c8cf9f80d73f2b4673f72538b0d
                                      • Opcode Fuzzy Hash: 20bb8845d53084a70d67d11bed804d013b0b967939a2b08ab2de1ae907229f2e
                                      • Instruction Fuzzy Hash: 5E117FB6500600AFEB218F15EC45FABBBB8EF04724F08855AED458B752D761E4488AB2
                                      APIs
                                      • RegQueryValueExW.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB15CC
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 08a2b7c8f419ea1e6d0fa02dfb0d826f56024fa5dbf39d658fc9250e3329cf0c
                                      • Instruction ID: 958e045797e8d3d81c88ed22f8ca10d8cb91d6529650abb70f94189fbc9a5e1e
                                      • Opcode Fuzzy Hash: 08a2b7c8f419ea1e6d0fa02dfb0d826f56024fa5dbf39d658fc9250e3329cf0c
                                      • Instruction Fuzzy Hash: 76118176510704AFEB21CF15DC85FA6F7E8EF08724F08859AE94A8B752D7A0E508CB71
                                      APIs
                                      • GetProcessTimes.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB1CC9
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ProcessTimes
                                      • String ID:
                                      • API String ID: 1995159646-0
                                      • Opcode ID: b4a3afcb9caae3283b54aa400dc37435fd5af73d3e62615d36c16125866b6694
                                      • Instruction ID: 3f5bf0c94ccc62ad6ca6a7424a15a2ac10297ff774eae559bee6b0f1448e09a0
                                      • Opcode Fuzzy Hash: b4a3afcb9caae3283b54aa400dc37435fd5af73d3e62615d36c16125866b6694
                                      • Instruction Fuzzy Hash: 0811E276500700AFEB21CF55DC44FA6FBA8EF04324F0484AAE9098B651D374E408CBB1
                                      APIs
                                      • GetProcessWorkingSetSize.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB328F
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: af903c8e8eef7af51d2db06dcff5ed29fc049dc667334f16ac99b548057695e5
                                      • Instruction ID: 30058986733c9301fcb2091c8d39b039f5018e68ce013202dbe11e71df8de5c4
                                      • Opcode Fuzzy Hash: af903c8e8eef7af51d2db06dcff5ed29fc049dc667334f16ac99b548057695e5
                                      • Instruction Fuzzy Hash: 3B11BF75900240AFEB21CF55DC45BA6F7A8EF04324F0884AAED498B651D774E408CBB1
                                      APIs
                                      • SetProcessWorkingSetSize.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB3373
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ProcessSizeWorking
                                      • String ID:
                                      • API String ID: 3584180929-0
                                      • Opcode ID: af903c8e8eef7af51d2db06dcff5ed29fc049dc667334f16ac99b548057695e5
                                      • Instruction ID: c73b19b640349278a59bfd9f179299297ad8729ff0bf2009856147bb7f023e87
                                      • Opcode Fuzzy Hash: af903c8e8eef7af51d2db06dcff5ed29fc049dc667334f16ac99b548057695e5
                                      • Instruction Fuzzy Hash: 5311BF75500300AFEB21CF15DC44BABB7A8EF44324F04C4AAE9098B641E775E408CBB5
                                      APIs
                                      • GetExitCodeProcess.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117BE6C
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CodeExitProcess
                                      • String ID:
                                      • API String ID: 3861947596-0
                                      • Opcode ID: 3e47d7b583a5a7df0bec0e1944f41770f7088729784b6390b30cc02614c7e806
                                      • Instruction ID: ef840d6227abd334630a988fb6502dfbb0568f0be094d0a6137477ea253259ca
                                      • Opcode Fuzzy Hash: 3e47d7b583a5a7df0bec0e1944f41770f7088729784b6390b30cc02614c7e806
                                      • Instruction Fuzzy Hash: 19119175504200AFEB25CF15DC85BA6B7A8DF44724F04886AED05CB751E774A5088AB6
                                      APIs
                                      • ReadFile.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117B389
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: FileRead
                                      • String ID:
                                      • API String ID: 2738559852-0
                                      • Opcode ID: b34fd7c235318cafb0a8033e87cadcea39079549ee8dc4e49e4eeafe3c58f0e9
                                      • Instruction ID: 9b10e142725a22cb324da58fe40ee5e9174f8119d476869bed0f8481d7dcac86
                                      • Opcode Fuzzy Hash: b34fd7c235318cafb0a8033e87cadcea39079549ee8dc4e49e4eeafe3c58f0e9
                                      • Instruction Fuzzy Hash: EC11BF72404200AFEB21CF55DC44FA6FBB8EF08724F04885AED498B752D375A4488BB6
                                      APIs
                                      • ioctlsocket.WS2_32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB30DF
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ioctlsocket
                                      • String ID:
                                      • API String ID: 3577187118-0
                                      • Opcode ID: b26099adbb4a1f88a744712ae84f858ab84281538b8722e53441127f98dee887
                                      • Instruction ID: 4c90ab6791477a15176e54867038bdc0f3ee16cceaf9c0d043ec46740d1947e5
                                      • Opcode Fuzzy Hash: b26099adbb4a1f88a744712ae84f858ab84281538b8722e53441127f98dee887
                                      • Instruction Fuzzy Hash: A611E371500200AFEB21CF11DC84FA6F7E8EF04724F04C49AED098B641D774A408CBB1
                                      APIs
                                      • CoGetObjectContext.COMBASE(?,?), ref: 02BB215F
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ContextObject
                                      • String ID:
                                      • API String ID: 3343934925-0
                                      • Opcode ID: 322d0089869a1f26beef36d9ac0a5414d076f6d1da7f58f7ef60385323231a43
                                      • Instruction ID: a19e1903b0e9476d157ff0eeb978458115bb0002165bacc30e64f054a9d7d173
                                      • Opcode Fuzzy Hash: 322d0089869a1f26beef36d9ac0a5414d076f6d1da7f58f7ef60385323231a43
                                      • Instruction Fuzzy Hash: B711AC354083809FDB228F25CD84B62BFB0EF06220F0984DADD844F263D275A949CB62
                                      APIs
                                      • shutdown.WS2_32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 02BB1AF0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: shutdown
                                      • String ID:
                                      • API String ID: 2510479042-0
                                      • Opcode ID: 10c3e00184945af19069eea1be659f7952dcbe3fdae349fb2156927c0d46cad2
                                      • Instruction ID: 3bde4628360868e59282ba01d7858c62941d066db9870667ff0a40aa38632dd5
                                      • Opcode Fuzzy Hash: 10c3e00184945af19069eea1be659f7952dcbe3fdae349fb2156927c0d46cad2
                                      • Instruction Fuzzy Hash: BF11C275500200AFEB21CF19DC84FA6FBA8DF44724F14C49BED088B641E374A408CAB1
                                      APIs
                                      • SetErrorMode.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117A330
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: 12c86337417d13ebcb3cf77179c9659f90d2dcc0007f535fc69471358abb9dde
                                      • Instruction ID: dfe7c518e37d830e5d61d4965b6d2df0f719038e4811ef84a571e6272bb14176
                                      • Opcode Fuzzy Hash: 12c86337417d13ebcb3cf77179c9659f90d2dcc0007f535fc69471358abb9dde
                                      • Instruction Fuzzy Hash: C8118C718093C0AFDB238B25DC54A62BFB4DF47624F0D80CBED848B263D265A918D772
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02BB081E
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 98938d1e9dc932a14b2730fefde4aad4b7c23b39df7f500c2f7816feb6324e7f
                                      • Instruction ID: 59f986a252a7f52708112697107391c6f6285b996c286f0876625b8553fc350a
                                      • Opcode Fuzzy Hash: 98938d1e9dc932a14b2730fefde4aad4b7c23b39df7f500c2f7816feb6324e7f
                                      • Instruction Fuzzy Hash: 21118E35408780AFDB228F51DC44B62FFF4EF4A320F09889EE9898B562D375A418DB61
                                      APIs
                                      • LoadLibraryA.KERNEL32(?,00000E5C), ref: 02BB222B
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: LibraryLoad
                                      • String ID:
                                      • API String ID: 1029625771-0
                                      • Opcode ID: 19cfb8df76b42b978e844c1390c6c3d28e6eca58a835a995c2230725ad004317
                                      • Instruction ID: e72803db395814bce090a6002a11d8c77bb96c4fdbbdc9252bf575d25dc38fa9
                                      • Opcode Fuzzy Hash: 19cfb8df76b42b978e844c1390c6c3d28e6eca58a835a995c2230725ad004317
                                      • Instruction Fuzzy Hash: 7A11C231900300AEFB218B11DD45FB6F7A8DF45724F14C09AEE489A681D3B4A548CAB6
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: select
                                      • String ID:
                                      • API String ID: 1274211008-0
                                      • Opcode ID: 752440d22ba893eb9f5edb35a9a29f711fc1d173a58ac246f19e32bbefbe3465
                                      • Instruction ID: 1ad5c6bb57cacd6c420411cad50dc1c40dcb217ff447b0956935dbb5f95090fa
                                      • Opcode Fuzzy Hash: 752440d22ba893eb9f5edb35a9a29f711fc1d173a58ac246f19e32bbefbe3465
                                      • Instruction Fuzzy Hash: F41128756002009FEB21CF19D884BA6FBE8EF04624F0884EADD498B652E775E489CB71
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: send
                                      • String ID:
                                      • API String ID: 2809346765-0
                                      • Opcode ID: 80182577bb137e016c90213029b592751363e09aa8c114f4282cd32f028dd217
                                      • Instruction ID: c6710d491c9ca6d8bee8648e68f9c39b3600f69f2a50b4d9df74ec776d53b949
                                      • Opcode Fuzzy Hash: 80182577bb137e016c90213029b592751363e09aa8c114f4282cd32f028dd217
                                      • Instruction Fuzzy Hash: 4211B275408380AFDB22CF15DC44B52FFB4EF46224F08849AED848B653D275A418DB61
                                      APIs
                                      • CopyFileW.KERNEL32(?,?,?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117B0D2
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CopyFile
                                      • String ID:
                                      • API String ID: 1304948518-0
                                      • Opcode ID: eacc8bfdccd50389acd1590fa4c4684b15372804e3e8965ba23dcb8ac2921051
                                      • Instruction ID: 81991a78bc5b2e8d7473b55de5db4f2c8442ab9c99eedfaccdc7f3d5a6812057
                                      • Opcode Fuzzy Hash: eacc8bfdccd50389acd1590fa4c4684b15372804e3e8965ba23dcb8ac2921051
                                      • Instruction Fuzzy Hash: 3A1130756042008FEB25CF29DC85B56FBB8EF04620F08C46ADD59CB752E375E408CA76
                                      APIs
                                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0117BA6A
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: LookupPrivilegeValue
                                      • String ID:
                                      • API String ID: 3899507212-0
                                      • Opcode ID: eacc8bfdccd50389acd1590fa4c4684b15372804e3e8965ba23dcb8ac2921051
                                      • Instruction ID: 1f845429c7735b35d01c55d576c20f002fc3a2b49c59676bf5b586f546d5a4d0
                                      • Opcode Fuzzy Hash: eacc8bfdccd50389acd1590fa4c4684b15372804e3e8965ba23dcb8ac2921051
                                      • Instruction Fuzzy Hash: C7117075A042008FEB24EF29D885B56FBE8EF44221F08C46ADD09CB752E774E408CA76
                                      APIs
                                      • FindClose.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117AF5C
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseFind
                                      • String ID:
                                      • API String ID: 1863332320-0
                                      • Opcode ID: 8c34df4d4e0ba587d8891805e7c8f8d1f577b623d4f665c7b081fd7f49291040
                                      • Instruction ID: 3ac3cc42ad4ab258057da6cd023095209facc93a316b883ebf3c36ad6c21cc5e
                                      • Opcode Fuzzy Hash: 8c34df4d4e0ba587d8891805e7c8f8d1f577b623d4f665c7b081fd7f49291040
                                      • Instruction Fuzzy Hash: C71182755093809FDB128F15DC54B56FFB4DF06221F0980DBED858B6A3D265A908CB62
                                      APIs
                                      • GetFileType.KERNEL32(?,00000E5C,E3696B86,00000000,00000000,00000000,00000000), ref: 0117B2BD
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: FileType
                                      • String ID:
                                      • API String ID: 3081899298-0
                                      • Opcode ID: 9d1a5021c7426cb087b88b9dbeb2a0667c1b7a18b3c919a9bdc2c6c72b39544e
                                      • Instruction ID: 3bf361441d0eddcdfcc25c1f38cf58127f52049f43a8fbd23bd462978f0f774d
                                      • Opcode Fuzzy Hash: 9d1a5021c7426cb087b88b9dbeb2a0667c1b7a18b3c919a9bdc2c6c72b39544e
                                      • Instruction Fuzzy Hash: 2701C071504200AEEB208F15DC84FAAF7A8DF09724F04C096ED088B752E774A4088AB6
                                      APIs
                                      • WaitForInputIdle.USER32(?,?), ref: 0117AA3B
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: IdleInputWait
                                      • String ID:
                                      • API String ID: 2200289081-0
                                      • Opcode ID: 67edf1f1ba52ab2fba4cc21eff55dd46dbc84d577730536bbcc0f53762ca521c
                                      • Instruction ID: 04cb052c074ed2fa51acf4d3aa33f500678ebc56f3df762bdf05071e88621ba8
                                      • Opcode Fuzzy Hash: 67edf1f1ba52ab2fba4cc21eff55dd46dbc84d577730536bbcc0f53762ca521c
                                      • Instruction Fuzzy Hash: 6B119E754083809FDB228F15DD84B56FFB4EF46220F0984DAED858B263D275A808CB62
                                      APIs
                                      • K32EnumProcesses.KERNEL32(?,?,?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 02BB013E
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: EnumProcesses
                                      • String ID:
                                      • API String ID: 84517404-0
                                      • Opcode ID: 26e3446bf2cfdc35d67e7a49d88b1638907f52c8879276151c3d65cc149aed81
                                      • Instruction ID: 23828fdf9dd7115886e73b23d06162d0624293a5c77fd698d767724f3b46270e
                                      • Opcode Fuzzy Hash: 26e3446bf2cfdc35d67e7a49d88b1638907f52c8879276151c3d65cc149aed81
                                      • Instruction Fuzzy Hash: E3115B755002049FEB25DF65D884BA6FBE4EF04320F08C8ABED498B652E375E448CB61
                                      APIs
                                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 02BB1E86
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: Connect
                                      • String ID:
                                      • API String ID: 3144859779-0
                                      • Opcode ID: b6b8c36d7d899dfd0588d0ae7deaefa8bc66bdd0547a78859d6684fc52ca4823
                                      • Instruction ID: 3ea0c3278e42882985dcd76317f1f3d15ef7a435663111df957626aa2631eb26
                                      • Opcode Fuzzy Hash: b6b8c36d7d899dfd0588d0ae7deaefa8bc66bdd0547a78859d6684fc52ca4823
                                      • Instruction Fuzzy Hash: 1B1130355106049FEB21CF55D884BA6FBE4EF08720F08C9AADD498B622D3B5E418DB71
                                      APIs
                                      • SetFileAttributesW.KERNEL32(?,?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117AC97
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: AttributesFile
                                      • String ID:
                                      • API String ID: 3188754299-0
                                      • Opcode ID: 4cb5d5aebf3e70be64b6c30679c55c5944ed32f6c6133dd62af95c67b3a66c89
                                      • Instruction ID: 00134b430b079e8dab24eb73239695bb846eff5f4d62d48583c189b0a458058e
                                      • Opcode Fuzzy Hash: 4cb5d5aebf3e70be64b6c30679c55c5944ed32f6c6133dd62af95c67b3a66c89
                                      • Instruction Fuzzy Hash: 9E0192755002409FEB24CF29E885B5AFBE4EF04220F0CC4AADD49CB752E375E448DAA2
                                      APIs
                                      • EnumWindows.USER32(?,00000E5C,?,?), ref: 0117A1BD
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: EnumWindows
                                      • String ID:
                                      • API String ID: 1129996299-0
                                      • Opcode ID: a56953e127a92f3c5854ad762f24a55e6b5d6a6919439a760adc60db239bc033
                                      • Instruction ID: 91db3b5673b20f23e8857d0d8bb1768d32427e817c9d1f5c27c6d92978223767
                                      • Opcode Fuzzy Hash: a56953e127a92f3c5854ad762f24a55e6b5d6a6919439a760adc60db239bc033
                                      • Instruction Fuzzy Hash: 1601B171900204AFD310DF16CC45B66FBA8EB88A20F14855AED089BB41E735F515CBE5
                                      APIs
                                      • GetVolumeInformationA.KERNEL32(?,00000E5C,?,?), ref: 02BB1F86
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: InformationVolume
                                      • String ID:
                                      • API String ID: 2039140958-0
                                      • Opcode ID: 952ee5cc04c0c6a77d41854633ae98171cff70dbb7e9335537b9086031023883
                                      • Instruction ID: 72e36cffdf3d5b8f7d469fd5bccef7f74a0a557fbb267fe10a8d6b2df883a003
                                      • Opcode Fuzzy Hash: 952ee5cc04c0c6a77d41854633ae98171cff70dbb7e9335537b9086031023883
                                      • Instruction Fuzzy Hash: C501B171900204AFD310DF16CC45B66FBA8EB88B20F14855AED089BB41E731F515CBE5
                                      APIs
                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02BB081E
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: DuplicateHandle
                                      • String ID:
                                      • API String ID: 3793708945-0
                                      • Opcode ID: 92184587c35c41df94a635aaebc160c731aa53b5da3670f44da18bf330c82d47
                                      • Instruction ID: 0eada86295f15847fe64f9fc1f497e4d723506b56911deab296a8cd94472acb4
                                      • Opcode Fuzzy Hash: 92184587c35c41df94a635aaebc160c731aa53b5da3670f44da18bf330c82d47
                                      • Instruction Fuzzy Hash: 24015B36800700DFEF218F55DD44BA2FBA0EF48720F08C99AED494A612D376E118DBA2
                                      APIs
                                      • RegQueryValueExW.KERNEL32(?,00000E5C,?,?), ref: 02BB11CE
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: 8e77bfa6a23a4847e6ac7c8b6a81617b5ca14f86f523cb86bc3ae554bbb7b370
                                      • Instruction ID: ca4f769cebc548ffa11b14d8374970acd02fe602bc96df609b49c66af9d21dcd
                                      • Opcode Fuzzy Hash: 8e77bfa6a23a4847e6ac7c8b6a81617b5ca14f86f523cb86bc3ae554bbb7b370
                                      • Instruction Fuzzy Hash: 4701A271640605AFD210DF16CC46B66FBA4FB88B20F14815AED089BB41E771F515CBE5
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: send
                                      • String ID:
                                      • API String ID: 2809346765-0
                                      • Opcode ID: 60670f235e64232ffc3ed42ae3de834a204a3ad454bee1edfa342844823b3a5c
                                      • Instruction ID: 8a9237e3275199f6dbee9d0b237148e24f3abc06e5bb8455c7fb5ee6e9e2d85b
                                      • Opcode Fuzzy Hash: 60670f235e64232ffc3ed42ae3de834a204a3ad454bee1edfa342844823b3a5c
                                      • Instruction Fuzzy Hash: 4B018C355006409FEB25CF55E844B66FBA0EF04224F08C89ADD498B712D375E018CBA2
                                      APIs
                                      • WaitForInputIdle.USER32(?,?), ref: 0117AA3B
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: IdleInputWait
                                      • String ID:
                                      • API String ID: 2200289081-0
                                      • Opcode ID: 5a1554e734440a9ea3289a09e282fb3308a2c9e74595c1767f3d3bcdc63685ac
                                      • Instruction ID: 4a1df11f77191a405374540338fc0f61295d80c0bca0a4c2aa3b056e975d41e0
                                      • Opcode Fuzzy Hash: 5a1554e734440a9ea3289a09e282fb3308a2c9e74595c1767f3d3bcdc63685ac
                                      • Instruction Fuzzy Hash: FB018F358002409FEF24DF15E984B66FBA4EF44720F08C8AADD498B712E375E408CBA2
                                      APIs
                                      • FindClose.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117AF5C
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseFind
                                      • String ID:
                                      • API String ID: 1863332320-0
                                      • Opcode ID: 256435e524569eea25d139ae040c2ffdc285894f2d15035f0f3cb6a70e18898a
                                      • Instruction ID: a6703ac22aa0ebf86bfc595cddb9ae7179875e39d23cc3c2e943e27e84cee028
                                      • Opcode Fuzzy Hash: 256435e524569eea25d139ae040c2ffdc285894f2d15035f0f3cb6a70e18898a
                                      • Instruction Fuzzy Hash: A50186755006408FEB248F15E885769FBA4DF05635F0CC09ADD494B792E375E448CBA3
                                      APIs
                                      • CoGetObjectContext.COMBASE(?,?), ref: 02BB215F
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026837120.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bb0000_rundll32.jbxd
                                      Similarity
                                      • API ID: ContextObject
                                      • String ID:
                                      • API String ID: 3343934925-0
                                      • Opcode ID: c5ec6ecbdcae99007631b5b99ea1f6e048ae494cc77a724262949a77d7d801f8
                                      • Instruction ID: c119938d089be086d4c66b27df944cd5dd5aa5837a043cb439c62492528e8b0f
                                      • Opcode Fuzzy Hash: c5ec6ecbdcae99007631b5b99ea1f6e048ae494cc77a724262949a77d7d801f8
                                      • Instruction Fuzzy Hash: 37F08C359002409FEF218F05D984BA6FBA0EF05625F08C4DADE494B752E3B5E448CAA2
                                      APIs
                                      • SetErrorMode.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117A330
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: ErrorMode
                                      • String ID:
                                      • API String ID: 2340568224-0
                                      • Opcode ID: 3fb008d215026ce93adf59768a40863f4686f7f9e87fed0297eecff4ac5b615e
                                      • Instruction ID: 363489f9fd681a57a25f14980d9057d02d9c516656725792bd84eb57d6bad6fa
                                      • Opcode Fuzzy Hash: 3fb008d215026ce93adf59768a40863f4686f7f9e87fed0297eecff4ac5b615e
                                      • Instruction Fuzzy Hash: 59F0AF35908240CFEB248F19E884B65FBA0EF04725F0CC09ADD494B752E3B9E408CAA2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2dl
                                      • API String ID: 0-1227207512
                                      • Opcode ID: 27dc38e4a0e21ce3ab5ffed6ba32a561a360ddf1fb5fb2f69e7f14ca90b8f979
                                      • Instruction ID: 848c3d2cf9f87f6874d65b62be2e721dd2f907adaf57780671e1621de8570139
                                      • Opcode Fuzzy Hash: 27dc38e4a0e21ce3ab5ffed6ba32a561a360ddf1fb5fb2f69e7f14ca90b8f979
                                      • Instruction Fuzzy Hash: 14A1D2307112018BC714EB3DE849BAD32E2EB84358F1446A9D41A9B3D1DF7ADD86CB61
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: a636719b6777007fa291146b472f9a447c779000f235f62679278717bd13613d
                                      • Instruction ID: 75502e73292a4fcb0bf6cf5937e8a112986bb322a685f366406da1cf24c084b6
                                      • Opcode Fuzzy Hash: a636719b6777007fa291146b472f9a447c779000f235f62679278717bd13613d
                                      • Instruction Fuzzy Hash: 34A15B34B01214DFDB09AF78F8586AD77F2EB88304B1081AAE916973A5DF359C95CF50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: fde0e0f712c8fdda9ffe6c652680c3fd73d8405dd9aa617b75dd0b98494c3468
                                      • Instruction ID: 893a8ee160cd89d4d99db33d02d121538e89b9f9f3246245148db261ebb87d7c
                                      • Opcode Fuzzy Hash: fde0e0f712c8fdda9ffe6c652680c3fd73d8405dd9aa617b75dd0b98494c3468
                                      • Instruction Fuzzy Hash: 1B915C34B00214DFDB19AF78F8486AD77B2FB88308B10806AE916977A5DF399C95CF50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: 022b1ec898c5c3308fba70937a48775b706b0026779d4713535dec41f051df07
                                      • Instruction ID: d8612d89e50e51f305938a72bb57bcd442f785a67af7054f022114d618672f5c
                                      • Opcode Fuzzy Hash: 022b1ec898c5c3308fba70937a48775b706b0026779d4713535dec41f051df07
                                      • Instruction Fuzzy Hash: 6E814D34B00214DFDB19AF78F8586AD77F2EB88308B10816AE905977A5DF399C95CF50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: 08a2a12871f6382d5b7b259d26d5890bcfb047f395a7dc75bdff3374a68d76fd
                                      • Instruction ID: 6842605dc4073be95975857d167090ca97cd9b5daeb3e28f4e8a3e088ffe6420
                                      • Opcode Fuzzy Hash: 08a2a12871f6382d5b7b259d26d5890bcfb047f395a7dc75bdff3374a68d76fd
                                      • Instruction Fuzzy Hash: 97814D34B00214DFDB19AB78F85866D77F2FB88308B10816AE905977A5DF3A9C95CF50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: e00faae53675c0e15999ab8e4100f5c97b411bffb1d09418c1ca75ecf49cc0f6
                                      • Instruction ID: 078e820cd8daa938385292c841325365cc73dea64e1e2f4c80f14892a29e3d7e
                                      • Opcode Fuzzy Hash: e00faae53675c0e15999ab8e4100f5c97b411bffb1d09418c1ca75ecf49cc0f6
                                      • Instruction Fuzzy Hash: 12716E34700210CFD719EB78E85867D37E3FB89308B1481AAE4199B795DF7A9C99CB60
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: 344e80b5f999f0374991901358a9561e436a0819d27ad0d7f7eb7cb9a7435e47
                                      • Instruction ID: 84121ed7176a38bfa354252048796e3c22a383007c96106c6fa5f105fad07795
                                      • Opcode Fuzzy Hash: 344e80b5f999f0374991901358a9561e436a0819d27ad0d7f7eb7cb9a7435e47
                                      • Instruction Fuzzy Hash: E6714F34B01214DFDB19AB78F85866D73F2FB88308B1081AAE905977A5DF3A9C95CF50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: 288d9f10714c1401b52ce79a4e27256543b875e68a44039155de423691d31331
                                      • Instruction ID: e053a0616849b47d56eadadf1a02f5f723c5fdda4bc51d0430f22c69bcdeeb40
                                      • Opcode Fuzzy Hash: 288d9f10714c1401b52ce79a4e27256543b875e68a44039155de423691d31331
                                      • Instruction Fuzzy Hash: EB517034B00214DFDB18AB78F8586AEB3B2FB88348F10816AE916977A5DF359C45CF50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: d59778e5182bfc60c6c1aaebb4783e859be15736014124df1295413411f13665
                                      • Instruction ID: 6e89b75787047ab7d2c14cfd5da78b5b43c9e0991fd360b2aa80a7223c7a736c
                                      • Opcode Fuzzy Hash: d59778e5182bfc60c6c1aaebb4783e859be15736014124df1295413411f13665
                                      • Instruction Fuzzy Hash: 6241C031B002048FDB18EBB5E4916ADBBF3EFC8208F14446AD545A77A1DF399E09CB60
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: :@=l
                                      • API String ID: 0-3768856532
                                      • Opcode ID: aad716c3e4dcb45d9621daaaabe68e162702037c3caa7e9c889aead6c900b6db
                                      • Instruction ID: b93165b4e84c3fcd8b3cb32a9f0f0e342d8215c8a9cb7718afb4ba5e233b0136
                                      • Opcode Fuzzy Hash: aad716c3e4dcb45d9621daaaabe68e162702037c3caa7e9c889aead6c900b6db
                                      • Instruction Fuzzy Hash: AD317035B00214DBDB18AB78F8586BDB7B6FB88308F10806BD80597795CF399D55CB50
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: L.dl
                                      • API String ID: 0-2277560483
                                      • Opcode ID: dc63bbdfc22aea2f588e21570cfab18d31cb9b2f741116f13a836bcd995c62bd
                                      • Instruction ID: a2290604a5904f2b341b7d42b3835bdea94b1e4d04a70a9bf74bcf688ed50a98
                                      • Opcode Fuzzy Hash: dc63bbdfc22aea2f588e21570cfab18d31cb9b2f741116f13a836bcd995c62bd
                                      • Instruction Fuzzy Hash: B7119035B002499BDB08FA79D841BFEB7F6AB98204F108569D505AB280EB359C41CBB1
                                      APIs
                                      • CloseHandle.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117BCA4
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 8ca08a4a8c320f0538b71cff79096392136d5fd87becac98d31b9a2f72e64e5d
                                      • Instruction ID: 4bcdbe204c88f59aca0fd8733ca71a739a2f1a8ceb4ad27bc10bc6ca1c91e798
                                      • Opcode Fuzzy Hash: 8ca08a4a8c320f0538b71cff79096392136d5fd87becac98d31b9a2f72e64e5d
                                      • Instruction Fuzzy Hash: FC21A17550D3C05FDB128F25DC54A92BFB4AF07324F0984DAE8858F663D265A908D762
                                      APIs
                                      • CloseHandle.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117A780
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 951649567f2e522a55bea9810d68bad9cb3ab839d269d5f35c5c2f81fcc9f1bd
                                      • Instruction ID: 023add18639e4ddbbd05e6153687e0dfddad993dfb17f3e5276d49a663c30145
                                      • Opcode Fuzzy Hash: 951649567f2e522a55bea9810d68bad9cb3ab839d269d5f35c5c2f81fcc9f1bd
                                      • Instruction Fuzzy Hash: 0B21D2B55047809FDB12CF15ED85B52BFB4EF02324F0984ABED458B253E335A909DBA1
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \Odl
                                      • API String ID: 0-2664179243
                                      • Opcode ID: 641ab3dc1982c74cb1048941e1b0c178c2274d1542bf0cd12f4288799b82efb5
                                      • Instruction ID: ff68577ebd4e0d210f92cd614826b6a395c94e09b6083e40a30a1d73d25fa8b2
                                      • Opcode Fuzzy Hash: 641ab3dc1982c74cb1048941e1b0c178c2274d1542bf0cd12f4288799b82efb5
                                      • Instruction Fuzzy Hash: 82213B34B11114DFCB04EBA8E8589ED73F3FFC8258B1081A6E409AB765DB309C49CB91
                                      APIs
                                      • CloseHandle.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117AAE0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 8e1d6fb7e589c0a1e7fefd3596279a17bdf7617aca6e725019b3839ac9e581ab
                                      • Instruction ID: c35dd71b484af0dcdf3905a7a64274fb4b33d4ff12619d9bdbd43323a41f1552
                                      • Opcode Fuzzy Hash: 8e1d6fb7e589c0a1e7fefd3596279a17bdf7617aca6e725019b3839ac9e581ab
                                      • Instruction Fuzzy Hash: 0F115E755093C09FDB128F25DC54A92BFB4DF46220F0988DBDD848F253D265A948DBA2
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 2dl
                                      • API String ID: 0-1227207512
                                      • Opcode ID: 635f2050ce7d6613427c394fb6250d2f9f23f7dedd645674abff71b2535892c0
                                      • Instruction ID: 1aa3aa59a2c89150c3177f6bdab867a622fb14d0b6f221907113b74bb4b79b44
                                      • Opcode Fuzzy Hash: 635f2050ce7d6613427c394fb6250d2f9f23f7dedd645674abff71b2535892c0
                                      • Instruction Fuzzy Hash: 5C01D430B001208B5B5DB77D08202BE31D35BC9148B18C46AD41AEBB84EF38CC4A9BF6
                                      APIs
                                      • CloseHandle.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117A780
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 3b3f7297b9b0963ccce297950c8d9338b2d34802147f5a639e7b15aab14434ad
                                      • Instruction ID: 70e5f9ac9fbb89b261189083ee9133f30bd032c86f23e61958c8d628e305d762
                                      • Opcode Fuzzy Hash: 3b3f7297b9b0963ccce297950c8d9338b2d34802147f5a639e7b15aab14434ad
                                      • Instruction Fuzzy Hash: B50184755006408FEB24CF15E985756FBB4DF04621F08C4ABDD4A8B752D375E408CAA2
                                      APIs
                                      • CloseHandle.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117BCA4
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 8903584031d18cf379ef024c534b478421d8cd337dca63853d92a59eb8d90d49
                                      • Instruction ID: e21bb3ce46e2f3280c9874c9edcca2f74d7c069f08437d93b472b6d78ecff4aa
                                      • Opcode Fuzzy Hash: 8903584031d18cf379ef024c534b478421d8cd337dca63853d92a59eb8d90d49
                                      • Instruction Fuzzy Hash: 0501DF755082008FEB24CF29E884B96FBA4EF04220F08C4ABDC098B752D775E408CBB2
                                      APIs
                                      • CloseHandle.KERNEL32(?,E3696B86,00000000,?,?,?,?,?,?,?,?,6CF73C58), ref: 0117AAE0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025024959.000000000117A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0117A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_117a000_rundll32.jbxd
                                      Similarity
                                      • API ID: CloseHandle
                                      • String ID:
                                      • API String ID: 2962429428-0
                                      • Opcode ID: 03b5558c5d8d70978ffc5d6ed8685b3986d0c58c0c25653e0897058b22b1a1ff
                                      • Instruction ID: f4d2b33496565c6d822f515b4a6ec7bfec24968c1d237642eba323b34e917f5b
                                      • Opcode Fuzzy Hash: 03b5558c5d8d70978ffc5d6ed8685b3986d0c58c0c25653e0897058b22b1a1ff
                                      • Instruction Fuzzy Hash: 1201A2359002408FEB24CF15E984B66FBA4DF04220F08C8AADD488F756D375E448CBA2
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ec7b1644bb8a7188be44266ec6a842f8490037f0c26e64d36d33cc6f576e1e6
                                      • Instruction ID: 01427922aa1aa910080dbb33b46921365a0c9d0052ad32172cffacdb35e9a581
                                      • Opcode Fuzzy Hash: 4ec7b1644bb8a7188be44266ec6a842f8490037f0c26e64d36d33cc6f576e1e6
                                      • Instruction Fuzzy Hash: 29614D34701310CFCB15AB38E85866D77E3FB88348B1444AAD8059B3A6DF7ADC96CB60
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dae89a53bb98bc11167c46d3a0793ef633ece509e11fcb7cd86e096340874eda
                                      • Instruction ID: 608ac17a793382e5e86884a3e7225744af334f5d02c7a7ff69811322797e7760
                                      • Opcode Fuzzy Hash: dae89a53bb98bc11167c46d3a0793ef633ece509e11fcb7cd86e096340874eda
                                      • Instruction Fuzzy Hash: 7A516B34700210CFC719EB78E85866D37E2FB89308B5484A9E4199B795DF7ADC99CB50
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: baee24d5ad43ebc2ca37ad658d95b466184df4eb8a72ec430bfdf167033f3df4
                                      • Instruction ID: 6ed0ec4c484b4472c13fdb48c79be59b12ea84f48763e2b2a61ffd6a1c1d0653
                                      • Opcode Fuzzy Hash: baee24d5ad43ebc2ca37ad658d95b466184df4eb8a72ec430bfdf167033f3df4
                                      • Instruction Fuzzy Hash: 3C511935701310CFCB19AB38E85C66D73E3FB8834871540AAE8059B7A6DF7A9C96CB50
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e02f1ffcf08fc423dd72d33d6c096baf7c5b417149c33bda59c4d15b74b80359
                                      • Instruction ID: d471d82641450af2bec0bcc22fd60829dd831b84a78b5a86fe88453125bf90e3
                                      • Opcode Fuzzy Hash: e02f1ffcf08fc423dd72d33d6c096baf7c5b417149c33bda59c4d15b74b80359
                                      • Instruction Fuzzy Hash: 2551AE30612201CBDB15EF3AE8087B937E6EB88355F1881A9D459DB2D1DB79DD87CB20
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2cfb14f216db273d703d59d313f323882772f0f7052a50fb7b1be0d38ccc1a4
                                      • Instruction ID: c5f7f5563dab2a64c34fa5c07163ae526cdfc47e791954a2b5faa7d2069c53d6
                                      • Opcode Fuzzy Hash: f2cfb14f216db273d703d59d313f323882772f0f7052a50fb7b1be0d38ccc1a4
                                      • Instruction Fuzzy Hash: 22419030712201CBDB15EB3AA8087B832E2EB44355F1882A5D4599B2D1DF79DD87CB21
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04dff0a3085266c1f02b394dbde25be519075a2c7591fa28de525aced20ea309
                                      • Instruction ID: 3292f5caf060a233161aacbbac141cb7a58875a3266262d2936e73b72646ddfd
                                      • Opcode Fuzzy Hash: 04dff0a3085266c1f02b394dbde25be519075a2c7591fa28de525aced20ea309
                                      • Instruction Fuzzy Hash: 1F510730315342CBC718DB38F58D9DA77F3FB90208344846AE0148B66AEB795DDACBA1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e65b8b03023e30fde780a45e64ade2fb395dce0486f80ce4c1fce6e04fe09931
                                      • Instruction ID: 53fd0044ada5e3b340bea687ae864556507b88f788bf3b21d05cd24147731d62
                                      • Opcode Fuzzy Hash: e65b8b03023e30fde780a45e64ade2fb395dce0486f80ce4c1fce6e04fe09931
                                      • Instruction Fuzzy Hash: 19418D30700210CFCB15EB78E8586AC37E2FB89308B5484A9E4199B795DF7ADC99DB50
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d518ab8b22aa8ef9988dca0d4c5c678f59fae6c79fd41cf3f0ef83b4f0cd4254
                                      • Instruction ID: 2041b9c749bfe823c148f3adeb2f8fb8e0a7ca2dd99e42ae5be7c4ea37e7ea46
                                      • Opcode Fuzzy Hash: d518ab8b22aa8ef9988dca0d4c5c678f59fae6c79fd41cf3f0ef83b4f0cd4254
                                      • Instruction Fuzzy Hash: 854162317112118FCB14EF78D8845AD77E6EF88208B0485B9D809DB799EF35CD86CBA0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 33e82dc3958a2ca4432a4b6a2abaa0d82430e1e6e735144ce867247d8d2fdc12
                                      • Instruction ID: 88e6c6d59b1bd6ce7c0cba8cc75f9440e6912557b78d65eeb9a40e40caadbe86
                                      • Opcode Fuzzy Hash: 33e82dc3958a2ca4432a4b6a2abaa0d82430e1e6e735144ce867247d8d2fdc12
                                      • Instruction Fuzzy Hash: DE3155317112118FCB14EF38D8996AD77E6EF88244B1481B9D809DB79ADF35CD86CBA0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e8079cfbc2ede2327441f8c2e1edab2b23213849cd07df698193ffc0287cbee7
                                      • Instruction ID: a7e693a89a2246a7156f826b7818c60ab9080eefbef7f8a5f0ab549e9be299a8
                                      • Opcode Fuzzy Hash: e8079cfbc2ede2327441f8c2e1edab2b23213849cd07df698193ffc0287cbee7
                                      • Instruction Fuzzy Hash: 3231A030B002059FDB14DF79D854BAEBBE2EF88614F1480A9E4099B390DF759D45CB91
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc4e96a77d3d46d2b90b6e0b0fdf28de2be561e4c1148ccec78e6ca05acbbe5b
                                      • Instruction ID: 2e63e98d7444d628f1e287cf706d94a3b7d01dec16738050011a0a71d5535000
                                      • Opcode Fuzzy Hash: cc4e96a77d3d46d2b90b6e0b0fdf28de2be561e4c1148ccec78e6ca05acbbe5b
                                      • Instruction Fuzzy Hash: FF318E30700210CFDB14EB78F8587AD37E2EB89208B548569D419DB795EF3ADC89DB60
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ce9e5612c3f9d24fc0b4e46befbb13e168cbb1967e8e517106d0d0bc5e031bbc
                                      • Instruction ID: 55d8dc3c77c2768cd4e2351ee18acd7d21c2d93f21104d13dc2d10386b891ec1
                                      • Opcode Fuzzy Hash: ce9e5612c3f9d24fc0b4e46befbb13e168cbb1967e8e517106d0d0bc5e031bbc
                                      • Instruction Fuzzy Hash: FC210B34701310CFCB09AB38E45C66D73E3FB8934875140AAD806977A6DF7AAC96CB50
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d8dd5e8be1292098b60b90f474991a4b17a6836ef5fc3851e6bc9ac033f9bf2b
                                      • Instruction ID: 756704fa4649bed038df7005e8c03445d54aa950b1000fb998c453d2092361e9
                                      • Opcode Fuzzy Hash: d8dd5e8be1292098b60b90f474991a4b17a6836ef5fc3851e6bc9ac033f9bf2b
                                      • Instruction Fuzzy Hash: B511AF30B00260CFCB18EF79E4542AC77F2FB85258B54846DD429DB395EB39D885DB20
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4031159367.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_53f0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ca9955a9d462f46eecbfee93e95ae4b4c6c5b664f23b478ee16af16e8cfbb24b
                                      • Instruction ID: f3f3418b148e51513582975d9be23ad07d85bf604d013cd8c3fd9e6feebb7ee0
                                      • Opcode Fuzzy Hash: ca9955a9d462f46eecbfee93e95ae4b4c6c5b664f23b478ee16af16e8cfbb24b
                                      • Instruction Fuzzy Hash: 8911CCB5908341AFD350CF19D941A5BFBE4FB88664F04895EF998D7311E231E9188FA2
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 70032139281a874dec5c74178825a78e3447866ae9e0890a03fabaece9bc9a88
                                      • Instruction ID: 04631ba7bf65a26abd7a4326221ec7cf09c8812b706bf371c2f181aadc982dea
                                      • Opcode Fuzzy Hash: 70032139281a874dec5c74178825a78e3447866ae9e0890a03fabaece9bc9a88
                                      • Instruction Fuzzy Hash: 6B112B32F0024447EB10AAF998113FEBBE6DBC4628F0545F6DA48D7281EB768945C661
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4027187037.0000000002BD0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bd0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f3dd8082581ae642ea3f97107b1e448f6dd086ef830248e5f3433c39882e4d8b
                                      • Instruction ID: a1018f6eca2f26575da211757874e1b82e5fc34f55a0db41731c2eac909a414a
                                      • Opcode Fuzzy Hash: f3dd8082581ae642ea3f97107b1e448f6dd086ef830248e5f3433c39882e4d8b
                                      • Instruction Fuzzy Hash: BC11E1302082409FE715DB18D980B66FBA1EB99718F24CADDEA490B752D77BD803CA51
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a929de7407e19df083f8b55865f6dc632fdb04e854de2ec8e060d9bc9eb6dfa
                                      • Instruction ID: 13b94a68fcdf6dd46debbf36f2f24b09bc95b5f848174dd915c3186900f284a8
                                      • Opcode Fuzzy Hash: 5a929de7407e19df083f8b55865f6dc632fdb04e854de2ec8e060d9bc9eb6dfa
                                      • Instruction Fuzzy Hash: 4601CE32E002199BDF04B6B8A8145FD7BE59F89A54B0044E5D905AB241DB29DE4ACBF0
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4027187037.0000000002BD0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bd0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d1ddf56b9f2db9b307e15c51fcde3d183b1a6177b2f718fa4078658035b49acc
                                      • Instruction ID: 41800d9604d033a6f4e87ca7b3f6da3545d582b4a5f7837f2a821498df2f7155
                                      • Opcode Fuzzy Hash: d1ddf56b9f2db9b307e15c51fcde3d183b1a6177b2f718fa4078658035b49acc
                                      • Instruction Fuzzy Hash: F4218C341093C49FD706CB24C990B65BFB1EB57218F1989DED8884B6A3D33A8806CB52
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9c8d517c421b018da8400b18c8d662500553804bae9a74134a02051e3591c3cb
                                      • Instruction ID: 8cc9deaa7db3e86f5227cd173b7967d6ef93d1452d776cfe819aa907284d6321
                                      • Opcode Fuzzy Hash: 9c8d517c421b018da8400b18c8d662500553804bae9a74134a02051e3591c3cb
                                      • Instruction Fuzzy Hash: F711C0B1E11218AFDB04DFA9E8858EEBBF9EF98214F10813AE505F3254EB345D45CB60
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025105917.000000000118A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_118a000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 48a573d3e5a8aac0435bf22dc2d3fcae483f65dd0e94a45d8bb6eb31cabb5436
                                      • Instruction ID: 523341645ddebbdd89fe78ab0d9c589610d2e2176637fab306670130e14c1ce8
                                      • Opcode Fuzzy Hash: 48a573d3e5a8aac0435bf22dc2d3fcae483f65dd0e94a45d8bb6eb31cabb5436
                                      • Instruction Fuzzy Hash: 8B11BAB5A08301AFD750CF19DC41E5BFBE8EB88660F14C91EF95997311E271E9188FA2
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e1cbee1cd1457669819cb126f0bb162a43f09f2d1764a777f5301b8ef3181c9
                                      • Instruction ID: 4ad25dc0582e2df5df05acbfdda63ef570ea780a29cb19b03e32a596a270c399
                                      • Opcode Fuzzy Hash: 7e1cbee1cd1457669819cb126f0bb162a43f09f2d1764a777f5301b8ef3181c9
                                      • Instruction Fuzzy Hash: 58018831F01214CF8B54EF78A8081AEB7F6EB8924472040BAC40AE3350EF368E12CB90
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4027187037.0000000002BD0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bd0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6843b2c9ca9a41565db7a3ad5d61ff73932a81362568a95c53713ec98517a3e2
                                      • Instruction ID: a7a07ea2b296928e1862e222396193980f17ed93c300c54c11a549244837d48a
                                      • Opcode Fuzzy Hash: 6843b2c9ca9a41565db7a3ad5d61ff73932a81362568a95c53713ec98517a3e2
                                      • Instruction Fuzzy Hash: AA0186B65097806FD712CF15AC40862FFB8EE87630749C4DFEC498BA12E169A909C772
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bee38d6eec6cf60d04809de4ebe5a9007e89c696cc9bac5c430d907647de542b
                                      • Instruction ID: d778fd71f4cd2149b78543da49d81da21134b7900446620bb51368316376bd30
                                      • Opcode Fuzzy Hash: bee38d6eec6cf60d04809de4ebe5a9007e89c696cc9bac5c430d907647de542b
                                      • Instruction Fuzzy Hash: DE01FEA285E3C19FC303873418BA9A17F705E63025B5E81CBD4D1CB5E7E11A694AE323
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: df6eb088f210e5e057f1b21ee37e3c93541004795d94c2963046d5f3399aec76
                                      • Instruction ID: 50862667c988ccfb7baa16c8d625f0cf9839dcbdb8e171a0aadb192eb8387395
                                      • Opcode Fuzzy Hash: df6eb088f210e5e057f1b21ee37e3c93541004795d94c2963046d5f3399aec76
                                      • Instruction Fuzzy Hash: E6011A70B01354CFCB18EFB9E0585ACB7B2FF49219B548469D419DB355DB3AC885CB60
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e854226af8088d8b7a102a474f62144b2ec18b66893cf0e639ace02f95d57f73
                                      • Instruction ID: 38c02bf8c736656905dd9f9ddca006ec574e9462fb2bde720c5b96fae7d69d20
                                      • Opcode Fuzzy Hash: e854226af8088d8b7a102a474f62144b2ec18b66893cf0e639ace02f95d57f73
                                      • Instruction Fuzzy Hash: A1012970704342CBC759EB64E4585ADB7E2EF90308B50C42EE4898B359DB768859DB52
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 74b54ba63dfccfbe5369a20b18101300f980ae9a9a8f18f9431e6ba779c13450
                                      • Instruction ID: 011ef5788ddb23d36ce8b9e5e1cc7699c3c4a0eb7a87fd1bbbf2c738bcdd7b3c
                                      • Opcode Fuzzy Hash: 74b54ba63dfccfbe5369a20b18101300f980ae9a9a8f18f9431e6ba779c13450
                                      • Instruction Fuzzy Hash: 6EF09671E112489FCF44EBB888416EE7BF5EF49204F10407ED659E7241F6368A02CBD1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4027187037.0000000002BD0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bd0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7b28678c5a70949db37930264f4b3a713d3e41550259bd94b5e094c4ad160f74
                                      • Instruction ID: 2c23655aa2768bb376696a76d85dac9605ad1290c47272993bb679bf34c3932c
                                      • Opcode Fuzzy Hash: 7b28678c5a70949db37930264f4b3a713d3e41550259bd94b5e094c4ad160f74
                                      • Instruction Fuzzy Hash: B7F01D35104645DFC305CF04D540B65FBA2EB89718F24CAEDE94907752C73BD813DA81
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4027187037.0000000002BD0000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2bd0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 89bccf81aa21e8877b5b30d61104fd0500e82d5032f0a7c3d20f7b1bd156af64
                                      • Instruction ID: 023e90b2ea99726a726bae833b619e694ea67fb955ff79ca04bcc438261ff6e9
                                      • Opcode Fuzzy Hash: 89bccf81aa21e8877b5b30d61104fd0500e82d5032f0a7c3d20f7b1bd156af64
                                      • Instruction Fuzzy Hash: 13E09276A01B004F9650CF0AEC41452F7A4EB84A31B18C47FDC0D8B711E279B508CAA5
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4031159367.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_53f0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6e63904a510294885aa1cbffc8d5a7da72fb22aac743463a2ba07ab5ad208f86
                                      • Instruction ID: b67578bc14e235722a4eeab3b8c0eb072450c174b66acfc2d01b3de09dfab4ff
                                      • Opcode Fuzzy Hash: 6e63904a510294885aa1cbffc8d5a7da72fb22aac743463a2ba07ab5ad208f86
                                      • Instruction Fuzzy Hash: 08E0DFB2A007006BD2208F06AD46F63FB98DB80A31F08C56BED081B702F172B518CAF1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4031159367.00000000053F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053F0000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_53f0000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d414a67db5dc4954b532caad89e531ac55a67db1c3552664bfdc43206807b9f3
                                      • Instruction ID: b0b413afdd2d27085f42f82b70d80dec9801e16101205808e121bdd8b86e0c41
                                      • Opcode Fuzzy Hash: d414a67db5dc4954b532caad89e531ac55a67db1c3552664bfdc43206807b9f3
                                      • Instruction Fuzzy Hash: A0E0D8B29407006BD2208F06AD46F53FB58DB44A31F04C567ED081B702F172B5188AF1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4025105917.000000000118A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0118A000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_118a000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a2a06c48df0076b8b8492758baed6cae1eab4e400f18074b708dc6cd5e601b55
                                      • Instruction ID: 56735eef276901b3459bf9fd5cc30e995ffa3200fa2b113fb37ae7204e321547
                                      • Opcode Fuzzy Hash: a2a06c48df0076b8b8492758baed6cae1eab4e400f18074b708dc6cd5e601b55
                                      • Instruction Fuzzy Hash: 13E0DFB2A403046BD2208F06AC46F63FB58DB40A31F08C56BED0C5B702F172B5188AF1
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6330dabcde510fa355371e1c72d090edc983694ac821495465f344d86b206c90
                                      • Instruction ID: 555585da9883b9af6b4c5b8658b038347b137e0fe436c9c80928b3662719c64a
                                      • Opcode Fuzzy Hash: 6330dabcde510fa355371e1c72d090edc983694ac821495465f344d86b206c90
                                      • Instruction Fuzzy Hash: 0BD02B312080D14BC72E133870345983F65DBC251074401BFD95187681DE244806D351
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4026608815.0000000002B80000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B80000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_2b80000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf1671bcf49a9996886995ff56865cb3acdca396cd91b2359042517ba1b72d32
                                      • Instruction ID: e7cfce0d38a775ead0e0ccd94fe7725df41adc463f0c21183c24343b4bfb2918
                                      • Opcode Fuzzy Hash: bf1671bcf49a9996886995ff56865cb3acdca396cd91b2359042517ba1b72d32
                                      • Instruction Fuzzy Hash: DDD0A7B1D0130867C7059E71E4157AC7B78DB41615F4001EED82997281E92A5F099B50
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4024991273.0000000001172000.00000040.00000800.00020000.00000000.sdmp, Offset: 01172000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_1172000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 819712fbb686474d12dda94b5b2f31ec9833e37e1c1cd6299442853c0332d350
                                      • Instruction ID: 3f88f2c725561c72563d5427e7f6c25c68f22714a2918bba307119d6a8e0278e
                                      • Opcode Fuzzy Hash: 819712fbb686474d12dda94b5b2f31ec9833e37e1c1cd6299442853c0332d350
                                      • Instruction Fuzzy Hash: 04D05E793047D18FE31A8A1CD1A4B9A3BB4AB52704F5644F9E8018B763C769D582D200
                                      Memory Dump Source
                                      • Source File: 00000002.00000002.4024991273.0000000001172000.00000040.00000800.00020000.00000000.sdmp, Offset: 01172000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_2_2_1172000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 905c49e64c1d3a74aa5354aed7ac660b7f16a25d9354396a070f0fb94d5f127b
                                      • Instruction ID: ed38d34337717edde785ea446b37b9431822d50aa959d8411b6536c8d0c57c77
                                      • Opcode Fuzzy Hash: 905c49e64c1d3a74aa5354aed7ac660b7f16a25d9354396a070f0fb94d5f127b
                                      • Instruction Fuzzy Hash: 8CD05E342046818BD719CA0CD1D4F597BE4AB44704F0644ECAC108B762C7B5E8C6CA00

                                      Execution Graph

                                      Execution Coverage:10.8%
                                      Dynamic/Decrypted Code Coverage:100%
                                      Signature Coverage:0%
                                      Total number of Nodes:12
                                      Total number of Limit Nodes:0
                                      execution_graph 545 10aa612 548 10aa646 CreateMutexW 545->548 547 10aa6c1 548->547 549 10aa462 550 10aa486 RegSetValueExW 549->550 552 10aa507 550->552 553 10aa361 554 10aa392 RegQueryValueExW 553->554 556 10aa41b 554->556 541 10aa646 542 10aa67e CreateMutexW 541->542 544 10aa6c1 542->544

                                      Callgraph

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 2b70310-2b70334 2 2b70336-2b70338 0->2 3 2b7033e-2b70346 0->3 2->3 4 2b7034e-2b70391 3->4 5 2b70348-2b7034d 3->5 8 2b70393-2b703bb 4->8 9 2b703d8-2b703ff 4->9 14 2b703ce 8->14 15 2b7040a-2b70418 9->15 14->9 16 2b7041f-2b70434 15->16 17 2b7041a 15->17 19 2b70436-2b70460 16->19 20 2b7046b-2b70523 16->20 17->16 19->20 39 2b70525-2b70569 20->39 40 2b70570-2b70587 20->40 39->40 41 2b70880 40->41 42 2b7058d-2b705bf 40->42 42->41
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830595457.0000000002B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_2b70000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: [k^$-[k^$2dl$2dl$2dl$=[k^
                                      • API String ID: 0-3581797930
                                      • Opcode ID: 2b4f9775acc81d08b94cc467d0375e430abfaf0dfb3cb05107ba2ed02a21e808
                                      • Instruction ID: 96dcdb9592b6cc2bad0f1170848115f9caf52ce9531fc8ec8ceeafe63ec00117
                                      • Opcode Fuzzy Hash: 2b4f9775acc81d08b94cc467d0375e430abfaf0dfb3cb05107ba2ed02a21e808
                                      • Instruction Fuzzy Hash: C251E2307002018BCB18AB7998506EE77E6EF85208B5485BAE442DF795DF3EDC4A87A1

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 53 2b703bd-2b70418 61 2b7041f-2b70434 53->61 62 2b7041a 53->62 64 2b70436-2b70460 61->64 65 2b7046b-2b70523 61->65 62->61 64->65 84 2b70525-2b70569 65->84 85 2b70570-2b70587 65->85 84->85 86 2b70880 85->86 87 2b7058d-2b705bf 85->87 87->86
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830595457.0000000002B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_2b70000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: [k^$-[k^$2dl$2dl$2dl$=[k^
                                      • API String ID: 0-3581797930
                                      • Opcode ID: c2bfb7192111d298935ead34b9bf2e7ae90fd030b442c488d24c33cb8d2bb3ad
                                      • Instruction ID: d671314ac7a922189c13f3954a8285df7e561f688aef6cbe85c1bb6c686d1bbb
                                      • Opcode Fuzzy Hash: c2bfb7192111d298935ead34b9bf2e7ae90fd030b442c488d24c33cb8d2bb3ad
                                      • Instruction Fuzzy Hash: 794106307001118BDB18ABB994606FE32D7AFC5208B54447AE442EF7D5DF2ECD4A97A6

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 98 10aa612-10aa695 102 10aa69a-10aa6a3 98->102 103 10aa697 98->103 104 10aa6a8-10aa6b1 102->104 105 10aa6a5 102->105 103->102 106 10aa702-10aa707 104->106 107 10aa6b3-10aa6d7 CreateMutexW 104->107 105->104 106->107 110 10aa709-10aa70e 107->110 111 10aa6d9-10aa6ff 107->111 110->111
                                      APIs
                                      • CreateMutexW.KERNELBASE(?,?), ref: 010AA6B9
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830126567.00000000010AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AA000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10aa000_rundll32.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: 184cc85d3f3ba21fde7c671451e1f2dff635469737c90f0d7010ccae79688f72
                                      • Instruction ID: cf32d191c9d45866247236056ed1e24da1c0d31142cc85f7061f3cb3702983ef
                                      • Opcode Fuzzy Hash: 184cc85d3f3ba21fde7c671451e1f2dff635469737c90f0d7010ccae79688f72
                                      • Instruction Fuzzy Hash: 7331A175509380AFE712CB65CC45B96BFF8EF06214F08849AE9848B292D375E809CB61

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 114 10aa361-10aa3cf 117 10aa3d1 114->117 118 10aa3d4-10aa3dd 114->118 117->118 119 10aa3df 118->119 120 10aa3e2-10aa3e8 118->120 119->120 121 10aa3ea 120->121 122 10aa3ed-10aa404 120->122 121->122 124 10aa43b-10aa440 122->124 125 10aa406-10aa419 RegQueryValueExW 122->125 124->125 126 10aa41b-10aa438 125->126 127 10aa442-10aa447 125->127 127->126
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E5C,F5AD236E,00000000,00000000,00000000,00000000), ref: 010AA40C
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830126567.00000000010AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AA000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10aa000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: adb2b5a7600e67a1ecf2d8229945898e1f5f2af181635f94c86dbc5cc80208fe
                                      • Instruction ID: 91a2aab2d43fe1517a0cc344cfb548e1f4f4e1d2d966800947430870b4d7fe6b
                                      • Opcode Fuzzy Hash: adb2b5a7600e67a1ecf2d8229945898e1f5f2af181635f94c86dbc5cc80208fe
                                      • Instruction Fuzzy Hash: 42318075504740AFE722CF55CC84F92BBF8EF05614F0884DAE9858B292D364E909CB71

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 131 10aa462-10aa4c3 134 10aa4c8-10aa4d4 131->134 135 10aa4c5 131->135 136 10aa4d9-10aa4f0 134->136 137 10aa4d6 134->137 135->134 139 10aa4f2-10aa505 RegSetValueExW 136->139 140 10aa527-10aa52c 136->140 137->136 141 10aa52e-10aa533 139->141 142 10aa507-10aa524 139->142 140->139 141->142
                                      APIs
                                      • RegSetValueExW.KERNELBASE(?,00000E5C,F5AD236E,00000000,00000000,00000000,00000000), ref: 010AA4F8
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830126567.00000000010AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AA000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10aa000_rundll32.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: b1ac7ecfbc6ec8f6fc81364e1ff228835a558064c35f82fe46ad15b7bc5b343d
                                      • Instruction ID: c1efbd19abe90a47613968b3e4ce7f812e5c44d9e1a74e72a283fe8d2b37232c
                                      • Opcode Fuzzy Hash: b1ac7ecfbc6ec8f6fc81364e1ff228835a558064c35f82fe46ad15b7bc5b343d
                                      • Instruction Fuzzy Hash: C821B272104380AFDB228F55DC44FA7BFB8EF45214F08849AE985CB692D364E408C771

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 146 10aa646-10aa695 149 10aa69a-10aa6a3 146->149 150 10aa697 146->150 151 10aa6a8-10aa6b1 149->151 152 10aa6a5 149->152 150->149 153 10aa702-10aa707 151->153 154 10aa6b3-10aa6bb CreateMutexW 151->154 152->151 153->154 155 10aa6c1-10aa6d7 154->155 157 10aa709-10aa70e 155->157 158 10aa6d9-10aa6ff 155->158 157->158
                                      APIs
                                      • CreateMutexW.KERNELBASE(?,?), ref: 010AA6B9
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830126567.00000000010AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AA000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10aa000_rundll32.jbxd
                                      Similarity
                                      • API ID: CreateMutex
                                      • String ID:
                                      • API String ID: 1964310414-0
                                      • Opcode ID: 1068f8c3d34c9d446c467ae3a9fa8f9be05d63774efe404007b8e98e332c4ab3
                                      • Instruction ID: cd5e0773c21ea8b0aabc0d32ab74d19aee67e35743d8e4adeaa8540a2b43bee1
                                      • Opcode Fuzzy Hash: 1068f8c3d34c9d446c467ae3a9fa8f9be05d63774efe404007b8e98e332c4ab3
                                      • Instruction Fuzzy Hash: 4B218375600200AFEB20CF65DD45FAAFBE8EF48214F0488AAE9458B781D775E409CA71

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 161 10aa392-10aa3cf 163 10aa3d1 161->163 164 10aa3d4-10aa3dd 161->164 163->164 165 10aa3df 164->165 166 10aa3e2-10aa3e8 164->166 165->166 167 10aa3ea 166->167 168 10aa3ed-10aa404 166->168 167->168 170 10aa43b-10aa440 168->170 171 10aa406-10aa419 RegQueryValueExW 168->171 170->171 172 10aa41b-10aa438 171->172 173 10aa442-10aa447 171->173 173->172
                                      APIs
                                      • RegQueryValueExW.KERNELBASE(?,00000E5C,F5AD236E,00000000,00000000,00000000,00000000), ref: 010AA40C
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830126567.00000000010AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AA000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10aa000_rundll32.jbxd
                                      Similarity
                                      • API ID: QueryValue
                                      • String ID:
                                      • API String ID: 3660427363-0
                                      • Opcode ID: a9b2568673d6bbf13bc9e76f236f9af3b1ab717325cf3d5ae7b5924ded6661a4
                                      • Instruction ID: 458813a289121066510f8b6c5f3ff9290d8ed8e51f31b10bbc41851edf3843a7
                                      • Opcode Fuzzy Hash: a9b2568673d6bbf13bc9e76f236f9af3b1ab717325cf3d5ae7b5924ded6661a4
                                      • Instruction Fuzzy Hash: A2218E76600604AFEB21CF55DC84FA6F7ECEF44714F04C49AE9858B691D764E809CA71

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 177 10aa486-10aa4c3 179 10aa4c8-10aa4d4 177->179 180 10aa4c5 177->180 181 10aa4d9-10aa4f0 179->181 182 10aa4d6 179->182 180->179 184 10aa4f2-10aa505 RegSetValueExW 181->184 185 10aa527-10aa52c 181->185 182->181 186 10aa52e-10aa533 184->186 187 10aa507-10aa524 184->187 185->184 186->187
                                      APIs
                                      • RegSetValueExW.KERNELBASE(?,00000E5C,F5AD236E,00000000,00000000,00000000,00000000), ref: 010AA4F8
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830126567.00000000010AA000.00000040.00000800.00020000.00000000.sdmp, Offset: 010AA000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10aa000_rundll32.jbxd
                                      Similarity
                                      • API ID: Value
                                      • String ID:
                                      • API String ID: 3702945584-0
                                      • Opcode ID: 88603c362c317990486d4ee09dc5eee31e39b66ea956b54861c196d2dc9ba8e6
                                      • Instruction ID: 1a7a74d3cf3438f60a3c96512d39d1028ab4e89607f100d9aae8f9614cc3e1b5
                                      • Opcode Fuzzy Hash: 88603c362c317990486d4ee09dc5eee31e39b66ea956b54861c196d2dc9ba8e6
                                      • Instruction Fuzzy Hash: 3911B176600600AFEB218F55DC44FA6FBECEF04714F04845AED858B782D770E408CA71

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 191 2b70080-2b700ad 194 2b700b8-2b702f9 191->194
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830595457.0000000002B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_2b70000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 751c788564a8746ffed8676675bd8446b6c531b63e0aac21ed23e337cc6d8fd4
                                      • Instruction ID: 41997f05f9e67cb74ff2c5152bae39730ea33639eb2a0156fee464449855dd95
                                      • Opcode Fuzzy Hash: 751c788564a8746ffed8676675bd8446b6c531b63e0aac21ed23e337cc6d8fd4
                                      • Instruction Fuzzy Hash: 6D510A30216242CBC718DF74F4949CA7BB2EB84208340857DE8449F66AEF3D6D4EDB91

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 232 2b70006-2b70076
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830595457.0000000002B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B70000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_2b70000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d374947b4f0ef118d2593a8771a02716dedebb50c5c74aa0a0637c39b119ddb
                                      • Instruction ID: dcaac9848a78db1779512f46250ce5f78214d3658a014131f5c0ff4d73236de4
                                      • Opcode Fuzzy Hash: 4d374947b4f0ef118d2593a8771a02716dedebb50c5c74aa0a0637c39b119ddb
                                      • Instruction Fuzzy Hash: 7101406155E3C18FC7138B7488A59913FB1AE2311439F05CBC4D1CF1B3E56C696AD722

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 233 2b905df-2b90603 234 2b90606-2b90620 233->234 235 2b90626-2b90643 234->235
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830633321.0000000002B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_2b90000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f1c2d821f06c9b853d61f37fb261b433064c6fe308b78159ca4c020b8ffab634
                                      • Instruction ID: efeead0777ffde8bc2ed997ee5508e90b91f496e95ae01262132a81330cc0477
                                      • Opcode Fuzzy Hash: f1c2d821f06c9b853d61f37fb261b433064c6fe308b78159ca4c020b8ffab634
                                      • Instruction Fuzzy Hash: 3501D67650E7846FD7128F15AC40862FFB8EF86620708C49FEC498B612D129A808C772

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 236 2b90606-2b90620 237 2b90626-2b90643 236->237
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830633321.0000000002B90000.00000040.00000020.00020000.00000000.sdmp, Offset: 02B90000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_2b90000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cc42e9f625455ec8d67f2c9120a2b495be8abfd3b95826f4f2d5b3d991561250
                                      • Instruction ID: 93fdbdc3e6c21516bc9c8586124af4caa15c0522205434a7f85249cd5a5bf924
                                      • Opcode Fuzzy Hash: cc42e9f625455ec8d67f2c9120a2b495be8abfd3b95826f4f2d5b3d991561250
                                      • Instruction Fuzzy Hash: 18E09276605A044B9650CF0AEC41852F7A8EB84A31718C47FDC0D8B701D279B508CBA5

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 238 10a23f4-10a23ff 239 10a2412-10a2417 238->239 240 10a2401-10a240e 238->240 241 10a241a 239->241 242 10a2419 239->242 240->239 243 10a2420-10a2421 241->243
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830107204.00000000010A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A2000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10a2000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 30cf70ed3ed352bfe91a1b6324519dab0c5c420e2422e66f68857ff81e019761
                                      • Instruction ID: e0e881b66fd3c5db9574b4b4d16ab49cdbe33ce85aab37b9684df656ea21e1c3
                                      • Opcode Fuzzy Hash: 30cf70ed3ed352bfe91a1b6324519dab0c5c420e2422e66f68857ff81e019761
                                      • Instruction Fuzzy Hash: 37D05E792047D18FE31A8A1CD1A4B9A3BE4AB52704F8644F9E8408B763CB69D5D1D200

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 244 10a23bc-10a23c3 245 10a23d6-10a23db 244->245 246 10a23c5-10a23d2 244->246 247 10a23dd-10a23e0 245->247 248 10a23e1 245->248 246->245 249 10a23e7-10a23e8 248->249
                                      Memory Dump Source
                                      • Source File: 00000006.00000002.1830107204.00000000010A2000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A2000, based on PE: false
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_6_2_10a2000_rundll32.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd3a8c1068dedc76d77ba60156718593c5916e42649cf97420a00304aa04389d
                                      • Instruction ID: b9175f8511454e932e2a9f5b470ca426db64437534731e1dfebd2f1187177b7b
                                      • Opcode Fuzzy Hash: bd3a8c1068dedc76d77ba60156718593c5916e42649cf97420a00304aa04389d
                                      • Instruction Fuzzy Hash: 6AD05E352002818BDB15CA0CD1D4F597BD4AB41704F0684F8AC508B762C7B9E8C5CA00