Edit tour

Windows Analysis Report
Fast Download.exe

Overview

General Information

Sample name:	Fast Download.exe
Analysis ID:	1575633
MD5:	97d80681daef809909ac1b1e3b9898ba
SHA1:	f0ecc4ef701ea6ff61290f6fd4407049cd904e60
SHA256:	345d5d2759abd08a84c4c2e2a337a1babd02b5eda3921db1b83eb5d5f5ccc011
Tags:	exeNjRATuser-lontze7
Infos:

Detection

Njrat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Njrat

.NET source code contains potential unpacker

AI detected suspicious sample

Disables zone checking for all users

Machine Learning detection for sample

Uses cmd line tools excessively to alter registry or file data

Allocates memory with a write watch (potentially for evading sandboxes)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

Fast Download.exe (PID: 7752 cmdline: "C:\Users\user\Desktop\Fast Download.exe" MD5: 97D80681DAEF809909AC1B1E3B9898BA)

attrib.exe (PID: 7956 cmdline: attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)

conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

attrib.exe (PID: 7964 cmdline: attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe" MD5: 0E938DD280E83B1596EC6AA48729C2B0)

conhost.exe (PID: 7984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "late-lil.at.ply.gg", "Port": "35022", "Registry Value": "Windows", "Auto Run": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "Crash", "Network Seprator": "|-F-|", "Install Dir": "TEMP", "Install Name": "Payload.exe", "Version": "v2.0"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Fast Download.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Fast Download.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x4c2e:$a1: get_Registry 0x5ac4:$a2: SEE_MASK_NOZONECHECKS 0x5c9f:$a4: cmd.exe /c ping 0 -n 2 & del " 0x5c3f:$a5: netsh firewall delete allowedprogram " 0x5bbd:$a6: [+] System :
Fast Download.exe	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x5c9f:$x1: cmd.exe /c ping 0 -n 2 & del " 0x58de:$s3: Executed As 0x4305:$s5: Stub.exe
Fast Download.exe	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x5ac4:$reg: SEE_MASK_NOZONECHECKS 0x58b6:$msg: Execute ERROR 0x58f8:$msg: Execute ERROR 0x5c9f:$ping: cmd.exe /c ping 0 -n 2 & del
Fast Download.exe	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x5602:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Fast Download.exe	INDICATOR_SUSPICIOUS_EXE_attrib	Detects executables using attrib with suspicious attributes attributes	ditekSHen	0x5a98:$s1: attrib +h +r +s
Fast Download.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x5c3f:$s1: netsh firewall delete allowedprogram 0x5c9f:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x58b6:$s4: Execute ERROR 0x58f8:$s4: Execute ERROR 0x5c19:$s7: UploadValues
Click to see the 2 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x4a2e:$a1: get_Registry 0x58c4:$a2: SEE_MASK_NOZONECHECKS 0x5a9f:$a4: cmd.exe /c ping 0 -n 2 & del " 0x5a3f:$a5: netsh firewall delete allowedprogram " 0x59bd:$a6: [+] System :
00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x58c4:$reg: SEE_MASK_NOZONECHECKS 0x56b6:$msg: Execute ERROR 0x56f8:$msg: Execute ERROR 0x5a9f:$ping: cmd.exe /c ping 0 -n 2 & del
00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x5402:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
00000000.00000002.3756289646.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xec8:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Process Memory Space: Fast Download.exe PID: 7752	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: Fast Download.exe PID: 7752	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0xbb69:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM 0x13de1:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.Fast Download.exe.5a0000.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
0.0.Fast Download.exe.5a0000.0.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x4c2e:$a1: get_Registry 0x5ac4:$a2: SEE_MASK_NOZONECHECKS 0x5c9f:$a4: cmd.exe /c ping 0 -n 2 & del " 0x5c3f:$a5: netsh firewall delete allowedprogram " 0x5bbd:$a6: [+] System :
0.0.Fast Download.exe.5a0000.0.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x5c9f:$x1: cmd.exe /c ping 0 -n 2 & del " 0x58de:$s3: Executed As 0x4305:$s5: Stub.exe
0.0.Fast Download.exe.5a0000.0.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x5ac4:$reg: SEE_MASK_NOZONECHECKS 0x58b6:$msg: Execute ERROR 0x58f8:$msg: Execute ERROR 0x5c9f:$ping: cmd.exe /c ping 0 -n 2 & del
0.0.Fast Download.exe.5a0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse	Detects file containing reversed ASEP Autorun registry keys	ditekSHen	0x5602:$s1: nuR\noisreVtnerruC\swodniW\tfosorciM
0.0.Fast Download.exe.5a0000.0.unpack	INDICATOR_SUSPICIOUS_EXE_attrib	Detects executables using attrib with suspicious attributes attributes	ditekSHen	0x5a98:$s1: attrib +h +r +s
0.0.Fast Download.exe.5a0000.0.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x5c3f:$s1: netsh firewall delete allowedprogram 0x5c9f:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x58b6:$s4: Execute ERROR 0x58f8:$s4: Execute ERROR 0x5c19:$s7: UploadValues
Click to see the 2 entries

Sigma Signatures

System Summary

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\Fast Download.exe, ProcessId: 7752, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

Suricata Signatures

ET MALWARE Bladabindi/njRAT CnC Command (ll)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:29:47.764440+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:30:11.691550+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:35.705640+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:59.742964+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:23.787950+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:47.841943+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:11.887344+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:35.947756+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:33:00.046436+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:24.065571+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:29:47.764440+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:30:11.691550+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:35.705640+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:59.742964+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:23.787950+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:47.841943+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:11.887344+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:35.947756+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:33:00.046436+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:24.065571+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP

ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:29:52.881906+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:30:16.972016+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:36.234946+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:42.393653+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:42.674946+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:43.893723+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:44.018620+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:44.632028+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:46.552201+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:46.802082+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:46.921925+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:49.220931+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:51.593117+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:51.821014+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:52.760325+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:54.900896+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:55.836886+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:31:02.667501+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:02.787422+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:06.241064+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:06.957171+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:07.189053+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:07.425922+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:07.661200+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:08.143590+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:09.578417+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:10.281260+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:11.017887+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:11.253038+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:11.988382+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:12.225191+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:14.157286+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:14.649058+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:15.129249+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:15.365074+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:16.078369+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:17.065078+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:17.805051+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:19.165051+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:25.911285+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:29.361154+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:31.005178+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:33.357080+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:34.540409+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:34.997183+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:35.229481+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:37.364309+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:39.050340+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:40.017363+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:40.265246+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:42.621397+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:44.750235+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:49.061029+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:51.992359+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:53.237322+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:54.414524+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:55.145844+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:57.041384+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:58.521355+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:59.233382+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:59.713324+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:01.433317+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:01.917393+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:03.609593+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:05.089326+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:09.646397+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:12.250765+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:12.944147+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:22.765470+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:23.477408+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:23.717597+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:26.869543+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:28.548349+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:30.141604+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:32.886099+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:38.749598+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:38.870518+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:38.991468+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:39.113248+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:39.233088+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:39.821774+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:40.067067+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:42.975430+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:48.269593+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:49.221528+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:53.720324+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:54.206087+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:55.153709+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:55.871260+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:56.693642+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:57.349759+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:33:02.100898+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:02.220964+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:03.517647+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:03.762457+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:03.882617+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:04.006499+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.021766+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.405116+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.525918+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.888394+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:10.965676+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:13.734512+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:15.601748+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:19.364435+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:29.088362+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:30.217775+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:33.421820+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:34.993855+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:35.473856+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:35.697870+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.10	49983	147.185.221.229	35022	TCP

ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:29:47.884362+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:30:11.811439+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:35.825744+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP

ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:29:47.884362+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:30:11.811439+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:35.825744+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.10	49852	147.185.221.229	35022	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: Fast Download.exe

Avira: detected

Found malware configuration

Source: 0.0.Fast Download.exe.5a0000.0.unpack

Malware Configuration Extractor: Njrat {"Host": "late-lil.at.ply.gg", "Port": "35022", "Registry Value": "Windows", "Auto Run": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Campaign ID": "Crash", "Network Seprator": "|-F-|", "Install Dir": "TEMP", "Install Name": "Payload.exe", "Version": "v2.0"}

Multi AV Scanner detection for submitted file

Source: Fast Download.exe	Virustotal: Detection: 81%			Perma Link
Source: Fast Download.exe	ReversingLabs: Detection: 84%

Yara detected Njrat

Source: Yara match	File source: Fast Download.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Fast Download.exe PID: 7752, type: MEMORYSTR

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.6% probability

Machine Learning detection for sample

Source: Fast Download.exe

Joe Sandbox ML: detected

Source: Fast Download.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\Fast Download.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Fast Download.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49735 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49735 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49795 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49795 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49795 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49795 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49795 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49735 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49735 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49735 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49852 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49852 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.10:49852 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.10:49852 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49852 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49908 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49908 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49908 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49980 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49980 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49979 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49979 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49980 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49979 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49981 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49981 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49969 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49969 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49981 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49969 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49983 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49983 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.10:49982 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.10:49982 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49982 -> 147.185.221.229:35022
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.10:49983 -> 147.185.221.229:35022

Source: global traffic

TCP traffic: 192.168.2.10:49735 -> 147.185.221.229:35022

Source: Joe Sandbox View

ASN Name: SALSGIVERUS SALSGIVERUS

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: late-lil.at.ply.gg

Source: Fast Download.exe

String found in binary or memory: https://gg.ylp.ta.lil-etal

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: Fast Download.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Fast Download.exe PID: 7752, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: Fast Download.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: Fast Download.exe, type: SAMPLE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: Fast Download.exe, type: SAMPLE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: Fast Download.exe, type: SAMPLE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Fast Download.exe, type: SAMPLE	Matched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
Source: Fast Download.exe, type: SAMPLE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables using attrib with suspicious attributes attributes Author: ditekSHen
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: 00000000.00000002.3756289646.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen
Source: Process Memory Space: Fast Download.exe PID: 7752, type: MEMORYSTR	Matched rule: Detects file containing reversed ASEP Autorun registry keys Author: ditekSHen

Source: C:\Users\user\Desktop\Fast Download.exe	Code function: 0_2_01160370		0_2_01160370
Source: C:\Users\user\Desktop\Fast Download.exe	Code function: 0_2_01160360		0_2_01160360

Source: Fast Download.exe, 00000000.00000002.3755152265.0000000000C5E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamemscorwks.dllT vs Fast Download.exe

Source: Fast Download.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Fast Download.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: Fast Download.exe, type: SAMPLE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: Fast Download.exe, type: SAMPLE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: Fast Download.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Fast Download.exe, type: SAMPLE	Matched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
Source: Fast Download.exe, type: SAMPLE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_attrib author = ditekSHen, description = Detects executables using attrib with suspicious attributes attributes
Source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: 00000000.00000002.3756289646.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys
Source: Process Memory Space: Fast Download.exe PID: 7752, type: MEMORYSTR	Matched rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse author = ditekSHen, description = Detects file containing reversed ASEP Autorun registry keys

Source: classification engine

Classification label: mal100.phis.troj.evad.winEXE@7/2@1/1

Source: C:\Users\user\Desktop\Fast Download.exe	Code function: 0_2_0566280E AdjustTokenPrivileges,		0_2_0566280E
Source: C:\Users\user\Desktop\Fast Download.exe	Code function: 0_2_056627D7 AdjustTokenPrivileges,		0_2_056627D7

Source: C:\Users\user\Desktop\Fast Download.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
Source: C:\Users\user\Desktop\Fast Download.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03
Source: C:\Users\user\Desktop\Fast Download.exe	Mutant created: \Sessions\1\BaseNamedObjects\Windows

Source: Fast Download.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: Fast Download.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\Fast Download.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Fast Download.exe	Virustotal: Detection: 81%
Source: Fast Download.exe	ReversingLabs: Detection: 84%

Source: unknown	Process created: C:\Users\user\Desktop\Fast Download.exe "C:\Users\user\Desktop\Fast Download.exe"
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
Source: C:\Windows\SysWOW64\attrib.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\attrib.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: C:\Windows\SysWOW64\attrib.exe attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\attrib.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\attrib.exe	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\attrib.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\attrib.exe	Section loaded: fsutilext.dll	Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: Fast Download.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\Fast Download.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: Fast Download.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: Fast Download.exe, L.cs

.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\Fast Download.exe	Code function: 0_2_05700773 push 69E7C360h; ret		0_2_0570078A
Source: C:\Users\user\Desktop\Fast Download.exe	Code function: 0_2_0570064F push 69E7C310h; ret		0_2_05700666

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Users\user\Desktop\Fast Download.exe	Process created: attrib.exe
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: attrib.exe
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: attrib.exe	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process created: attrib.exe	Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe	Memory allocated: C40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Memory allocated: 2CE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Memory allocated: 1060000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe	Window / User API: threadDelayed 900	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Window / User API: threadDelayed 9087	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Window / User API: foregroundWindowGot 1772	Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe TID: 7756	Thread sleep count: 900 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe TID: 7756	Thread sleep time: -900000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe TID: 7756	Thread sleep count: 9087 > 30	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe TID: 7756	Thread sleep time: -9087000s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior

Source: Fast Download.exe, 00000000.00000002.3755152265.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWrter, system.w
Source: Fast Download.exe, 00000000.00000002.3755152265.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
Source: Fast Download.exe, 00000000.00000002.3755152265.0000000000CEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\P\

Source: C:\Users\user\Desktop\Fast Download.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\Fast Download.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: Fast Download.exe, 00000000.00000002.3756289646.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: Fast Download.exe, 00000000.00000002.3756289646.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9_l

Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Fast Download.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables zone checking for all users

Source: C:\Users\user\Desktop\Fast Download.exe

Registry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKS

Jump to behavior

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: Fast Download.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Fast Download.exe PID: 7752, type: MEMORYSTR

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: Fast Download.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Fast Download.exe.5a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Fast Download.exe PID: 7752, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Command and Scripting Interpreter	2 Registry Run Keys / Startup Folder	1 Access Token Manipulation	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	2 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	2 Registry Run Keys / Startup Folder	11 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Process Injection	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Obfuscated Files or Information	Cached Domain Credentials	11 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Fast Download.exe	82%	Virustotal		Browse
Fast Download.exe	84%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
Fast Download.exe	100%	Avira	TR/Dropper.Gen7
Fast Download.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
https://gg.ylp.ta.lil-etal	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true	false		high
late-lil.at.ply.gg	147.185.221.229	true	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://gg.ylp.ta.lil-etal	Fast Download.exe	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
147.185.221.229	late-lil.at.ply.gg	United States		12087	SALSGIVERUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575633
Start date and time:	2024-12-16 07:28:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Fast Download.exe
Detection:	MAL
Classification:	mal100.phis.troj.evad.winEXE@7/2@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 84 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:30:12	API Interceptor	1123980x Sleep call for process: Fast Download.exe modified
07:29:34	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
147.185.221.229	cheker.exe	Get hash	malicious	Orcus	Browse
147.185.221.229	CheatsCheker.exe	Get hash	malicious	Orcus	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s-part-0035.t-0009.t-msedge.net	Client.exe	Get hash	malicious	AsyncRAT	Browse	13.107.246.63
	backd00rhome.exe	Get hash	malicious	Metasploit	Browse	13.107.246.63
	fern_wifi_recon%2.34.exe	Get hash	malicious	Metasploit	Browse	13.107.246.63
	CrSpoofer.exe	Get hash	malicious	AsyncRAT	Browse	13.107.246.63
	ImageMso.Gallery.xll	Get hash	malicious	Unknown	Browse	13.107.246.63
	iAERhkhaZC.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	I37faEaz1K.exe	Get hash	malicious	LummaC	Browse	13.107.246.63
	6eftz6UKDm.exe	Get hash	malicious	Credential Flusher	Browse	13.107.246.63
	Adver Ransomware.exe	Get hash	malicious	Unknown	Browse	13.107.246.63
	Starcat Ransomware 32bit.exe	Get hash	malicious	Starcat	Browse	13.107.246.63

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SALSGIVERUS	Server1.exe	Get hash	malicious	Njrat	Browse	147.185.221.17
	njSilent.exe	Get hash	malicious	Njrat	Browse	147.185.221.19
	Minet.exe	Get hash	malicious	Njrat	Browse	147.185.221.22
	Discordd.exe	Get hash	malicious	AsyncRAT	Browse	147.185.221.18
	Discord2.exe	Get hash	malicious	AsyncRAT	Browse	147.185.221.18
	Discord3.exe	Get hash	malicious	AsyncRAT	Browse	147.185.221.18
	Loader.exe	Get hash	malicious	AsyncRAT	Browse	147.185.221.20
	72OWK7wBVH.exe	Get hash	malicious	XWorm	Browse	147.185.221.24
	aZDwfEKorn.exe	Get hash	malicious	XWorm	Browse	147.185.221.24
	HdTSntLSMB.exe	Get hash	malicious	XWorm	Browse	147.185.221.24

Process:	C:\Users\user\Desktop\Fast Download.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	1232
Entropy (8bit):	2.888801358734272
Encrypted:	false
SSDEEP:	24:8q2CzKgWLgD4/BOmRC87q8MHBJrXE+1sd04qy:8RgDsvRC87tMhJrR1y
MD5:	28D0C8271344646A4430F6C4B9AD1F6A
SHA1:	67B7D902FD587413552A9BFCB908C754BD127B43
SHA-256:	E1C8E50710A323345A1BBAAFC982B91C573A1404DB5E71C71D65E4117808E75C
SHA-512:	446DC44DF95C69B571112BF35E0A0D11E7994565766E676235CA3CFD27501688B1C759DAF616B5908AA107A649699EB6F40D24237075FBB512C144E428C391F7
Malicious:	false
Reputation:	low
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.....Z.1...........Programs..B............................................P.r.o.g.r.a.m.s.....V.1...........Startup.@............................................S.t.a.r.t.u.p.....b.2...........Windows.exe.H............................................W.i.n.d.o.w.s...e.x.e....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk

Download File

Process:	C:\Users\user\Desktop\Fast Download.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	1052
Entropy (8bit):	2.9330746486067603
Encrypted:	false
SSDEEP:	12:8gl02sXyllEzKg/tz0/CSLwrHj4/3BVwzyDilVBJrXE+1gwbNfB94t2YZ/elFlS0:8d2CzKgWLgD4/BUBJrXE+1NJpqy
MD5:	75CC3C81702869BE4A7EB0FA719E201F
SHA1:	A9551815F38C52EBD27DCBA455B17AAA1D33E746
SHA-256:	CF74A8C383E45F7467390A810E076932CB85AC9C6DEA951C6AE0958E4BAFC05D
SHA-512:	318D96B6B4DF93C201E4F100313DEB2B2A7D93B4EC2829BCE670F055ACAE8C507217176938B2FABE2B632744B7FC1E1449473C06A9FF5E8981E3A512E7BBE538
Malicious:	false
Reputation:	low
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....\.1...........Templates.D............................................T.e.m.p.l.a.t.e.s.....b.2...........Windows.exe.H............................................W.i.n.d.o.w.s...e.x.e...........\.W.i.n.d.o.w.s...e.x.e.............w.............>.e.L.:..er.=w...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.583188702280738
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	Fast Download.exe
File size:	27'648 bytes
MD5:	97d80681daef809909ac1b1e3b9898ba
SHA1:	f0ecc4ef701ea6ff61290f6fd4407049cd904e60
SHA256:	345d5d2759abd08a84c4c2e2a337a1babd02b5eda3921db1b83eb5d5f5ccc011
SHA512:	f90bb8868612f5bc52c07cf90c4e62daf47ba3a3418fae3a82030bff449d62cd83ce185b22fdae632abdb661c8e3a725cc5fa5c44e47ca34f9ccbda6fafd21da
SSDEEP:	384:YL1q6J1G4APO7l0j8YCYPPdR9MZAQk93vmhm7UMKmIEecKdbXTzm9bVhcaW6mr6s:mccEY6AZA/vMHTi9bD
TLSH:	2DC2F82D37B68232D1EE067E9562EA5043B5D04BF633FB0E4CD954DD4B1B38A0A41EE4
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.c.................d..........~.... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40837e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x63E472FC [Thu Feb 9 04:13:48 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8328	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa000	0x240	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x6384	0x6400	d88204e814d8dfe59e4daf621c442751	False	0.4735546875	data	5.6289662693846205	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xa000	0x240	0x400	5b346ed223699f15252c1fdad182859f	False	0.3134765625	data	4.968771659524424	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xc000	0xc	0x200	d9f8966941971e46f1f81f427591a2e8	False	0.044921875	data	0.07763316234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0xa058	0x1e7	XML 1.0 document, ASCII text, with CRLF line terminators			0.5338809034907598

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-16T07:29:47.764440+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:29:47.764440+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:29:47.884362+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:29:47.884362+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:29:52.881906+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49735	147.185.221.229	35022	TCP
2024-12-16T07:30:11.691550+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:11.691550+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:11.811439+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:11.811439+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:16.972016+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49795	147.185.221.229	35022	TCP
2024-12-16T07:30:35.705640+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:35.705640+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:35.825744+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:35.825744+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:36.234946+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:42.393653+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:42.674946+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:43.893723+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:44.018620+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:44.632028+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:46.552201+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:46.802082+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:46.921925+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:49.220931+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:51.593117+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:51.821014+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:52.760325+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:54.900896+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:55.836886+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49852	147.185.221.229	35022	TCP
2024-12-16T07:30:59.742964+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:30:59.742964+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:02.667501+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:02.787422+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:06.241064+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:06.957171+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:07.189053+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:07.425922+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:07.661200+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:08.143590+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:09.578417+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:10.281260+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:11.017887+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:11.253038+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:11.988382+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:12.225191+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:14.157286+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:14.649058+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:15.129249+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:15.365074+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:16.078369+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:17.065078+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:17.805051+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:19.165051+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49908	147.185.221.229	35022	TCP
2024-12-16T07:31:23.787950+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:23.787950+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:25.911285+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:29.361154+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:31.005178+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:33.357080+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:34.540409+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:34.997183+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:35.229481+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:37.364309+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:39.050340+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:40.017363+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:40.265246+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:42.621397+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:44.750235+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49969	147.185.221.229	35022	TCP
2024-12-16T07:31:47.841943+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:47.841943+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:49.061029+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:51.992359+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:53.237322+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:54.414524+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:55.145844+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:57.041384+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:58.521355+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:59.233382+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:31:59.713324+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:01.433317+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:01.917393+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:03.609593+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:05.089326+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:09.646397+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49979	147.185.221.229	35022	TCP
2024-12-16T07:32:11.887344+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:11.887344+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:12.250765+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:12.944147+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:22.765470+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:23.477408+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:23.717597+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:26.869543+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:28.548349+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:30.141604+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:32.886099+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49980	147.185.221.229	35022	TCP
2024-12-16T07:32:35.947756+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:35.947756+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:38.749598+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:38.870518+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:38.991468+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:39.113248+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:39.233088+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:39.821774+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:40.067067+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:42.975430+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:48.269593+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:49.221528+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:53.720324+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:54.206087+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:55.153709+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:55.871260+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:56.693642+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:32:57.349759+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49981	147.185.221.229	35022	TCP
2024-12-16T07:33:00.046436+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:00.046436+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:02.100898+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:02.220964+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:03.517647+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:03.762457+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:03.882617+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:04.006499+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.021766+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.405116+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.525918+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:05.888394+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:10.965676+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:13.734512+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:15.601748+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:19.364435+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49982	147.185.221.229	35022	TCP
2024-12-16T07:33:24.065571+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:24.065571+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:29.088362+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:30.217775+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:33.421820+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:34.993855+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:35.473856+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49983	147.185.221.229	35022	TCP
2024-12-16T07:33:35.697870+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.10	49983	147.185.221.229	35022	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 07:29:47.532463074 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:29:47.652254105 CET	35022	49735	147.185.221.229	192.168.2.10
Dec 16, 2024 07:29:47.652359962 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:29:47.764440060 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:29:47.884212017 CET	35022	49735	147.185.221.229	192.168.2.10
Dec 16, 2024 07:29:47.884361982 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:29:48.004115105 CET	35022	49735	147.185.221.229	192.168.2.10
Dec 16, 2024 07:29:52.881906033 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:29:53.001622915 CET	35022	49735	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:09.554671049 CET	35022	49735	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:09.554759026 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:11.566200018 CET	49735	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:11.567800045 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:11.686060905 CET	35022	49735	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:11.687603951 CET	35022	49795	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:11.687724113 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:11.691550016 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:11.811304092 CET	35022	49795	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:11.811439037 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:11.931415081 CET	35022	49795	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:16.972016096 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:17.091825962 CET	35022	49795	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:33.571950912 CET	35022	49795	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:33.572032928 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:35.580892086 CET	49795	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:35.582067013 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:35.700691938 CET	35022	49795	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:35.701771975 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:35.701894045 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:35.705640078 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:35.825432062 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:35.825743914 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:35.945528984 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:36.234946012 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:36.356060028 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:42.393652916 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:42.513415098 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:42.674946070 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:42.794972897 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:43.893723011 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:44.013772011 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:44.018620014 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:44.138401985 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:44.632028103 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:44.752397060 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:44.752655983 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:44.872559071 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:44.872788906 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:44.992619991 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:44.992743015 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.112545013 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.112648964 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.232572079 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.232762098 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.352556944 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.352720022 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.472645044 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.472776890 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.592698097 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.592865944 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.712652922 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.712820053 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.832643986 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.832814932 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:45.952594995 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:45.952743053 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.072516918 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.072690010 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.192425966 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.192526102 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.312278032 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.312489033 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.432257891 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.432351112 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.552100897 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.552201033 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.672024965 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.802082062 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:46.921796083 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:46.921925068 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.041724920 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.041841984 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.161560059 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.161627054 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.281336069 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.281404018 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.401230097 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.401302099 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.521095991 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.521169901 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.640966892 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.641088009 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.760885954 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.760960102 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:47.880754948 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:47.880892038 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.000730991 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.000854969 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.120912075 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.121004105 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.241076946 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.242306948 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.370307922 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.371387005 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.532798052 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.536293983 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.736777067 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.736869097 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:48.976761103 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:48.976890087 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:49.213308096 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:49.220798969 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:49.220931053 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:49.456865072 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:49.457035065 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:49.704741955 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:49.704876900 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:49.944777012 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:49.944909096 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:50.186880112 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:50.186965942 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:50.428730965 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:50.428826094 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:50.642751932 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:50.668865919 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:50.669003010 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:50.858283043 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:50.887473106 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:50.887610912 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:51.101239920 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:51.101361990 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:51.348865986 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:51.349041939 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:51.580590963 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:51.592874050 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:51.593116999 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:51.806210995 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:51.820867062 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:51.821013927 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:52.052840948 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:52.053010941 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:52.267069101 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:52.297000885 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:52.299732924 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:52.509021997 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:52.512336969 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:52.756778002 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:52.760324955 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:53.004941940 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:53.008342981 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:53.248842001 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:53.248920918 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:53.492796898 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:53.492881060 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:53.727430105 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:53.732867002 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:53.940505028 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:53.968826056 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:53.968914986 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:54.184937954 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:54.185127020 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:54.414093018 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:54.428853035 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:54.432339907 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:54.657531977 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:54.660969973 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:54.887852907 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:54.900791883 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:54.900896072 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:55.110505104 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:55.129174948 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:55.129370928 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:55.352797031 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:55.352947950 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:55.592830896 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:55.592956066 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:55.836812019 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:55.836885929 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:56.076824903 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:56.076977968 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:56.320822001 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:56.320911884 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:56.560796976 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:56.560873032 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:56.800908089 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:56.801033974 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:56.985711098 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:57.044833899 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:57.045031071 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:57.228816986 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:57.230385065 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:57.436567068 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:57.476862907 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:57.478534937 CET	49852	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:57.602984905 CET	35022	49852	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:59.617337942 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:59.737838984 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:59.738964081 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:59.742964029 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:59.862696886 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:59.866992950 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:30:59.986845016 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:30:59.988411903 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.108609915 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.112307072 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.232137918 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.232217073 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.352045059 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.352360964 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.472176075 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.472349882 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.592097044 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.592310905 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.712138891 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.712255001 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.832134962 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.832300901 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:00.952131987 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:00.953082085 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.106148958 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.106309891 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.329310894 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.351145029 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.352330923 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.449465990 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.449525118 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.449826956 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.472275972 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.476324081 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.569474936 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.572629929 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.596095085 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.596273899 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.692461967 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.696331978 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.716171026 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.716576099 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.816284895 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.816409111 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.836278915 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.838671923 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.936389923 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.940560102 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:01.958492994 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:01.960300922 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.060374975 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.065917969 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.080102921 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.081844091 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.185676098 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.185781956 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.202086926 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.202266932 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.305469990 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.305567026 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.322097063 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.322252989 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.426047087 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.427340984 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.442267895 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.547501087 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.547579050 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.667397022 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.667500973 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.787321091 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.787421942 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:02.907377005 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:02.907569885 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.027410030 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.027496099 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.147403955 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.147615910 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.267406940 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.267520905 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.387227058 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.387295008 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.511384964 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.511518002 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.631385088 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.631537914 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.751355886 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.751684904 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:03.912981987 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:03.913357973 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:04.116848946 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:04.117013931 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:04.335038900 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:04.364969015 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:04.365127087 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:04.580920935 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:04.581098080 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:04.828850985 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:04.831335068 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.052829027 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.076920986 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:05.080938101 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.300846100 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:05.301063061 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.506385088 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.548877954 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:05.549000978 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.752942085 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:05.753158092 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:05.994276047 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:06.000922918 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:06.223797083 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:06.240837097 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:06.241064072 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:06.464564085 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:06.468852997 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:06.708931923 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:06.709167004 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:06.944468975 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:06.956998110 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:06.957170963 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.175777912 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.188875914 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:07.189053059 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.412250996 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.425288916 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:07.425921917 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.645875931 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.660875082 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:07.661200047 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:07.892930031 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:07.893491030 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:08.131428957 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:08.140896082 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:08.143589973 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:08.368324041 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:08.376914978 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:08.612843037 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:08.612914085 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:08.856928110 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:08.857197046 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:09.104907036 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:09.105051041 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:09.331105947 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:09.348942041 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:09.352313995 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:09.570818901 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:09.576936007 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:09.578417063 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:09.812872887 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:09.815783024 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:10.035861969 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:10.061048985 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:10.064382076 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:10.269443989 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:10.280881882 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:10.281260014 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:10.516948938 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:10.517134905 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:10.764964104 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:10.765196085 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.005557060 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.017687082 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:11.017887115 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.242723942 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.252904892 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:11.253037930 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.492927074 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:11.496398926 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.740627050 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.741003990 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:11.977576971 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:11.984880924 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:11.988382101 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.212563992 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.224922895 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:12.225191116 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.456983089 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:12.458983898 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.716236115 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.768316031 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.837923050 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:12.838089943 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:12.957911015 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:12.958260059 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:13.165921926 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:13.204967976 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:13.205135107 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:13.413059950 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:13.413343906 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:13.661025047 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:13.661199093 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:13.908993959 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:13.909323931 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:14.157083035 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:14.157285929 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:14.404886007 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:14.405023098 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:14.639071941 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:14.648936987 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:14.649058104 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:14.881855965 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:14.884892941 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:15.118804932 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:15.128948927 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:15.129249096 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:15.354295969 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:15.364942074 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:15.365073919 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:15.601088047 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:15.603723049 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:15.825711966 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:15.848915100 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:15.849172115 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:16.066376925 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:16.077080011 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:16.078368902 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:16.312987089 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:16.313111067 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:16.565118074 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:16.565778017 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:16.816958904 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:16.817415953 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:17.064980030 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:17.065078020 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:17.308969975 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:17.309104919 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:17.552978039 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:17.553189039 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:17.774054050 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:17.804927111 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:17.805051088 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.020945072 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:18.021107912 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.212385893 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.265013933 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:18.268352985 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.457087994 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:18.457273960 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.667912960 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.705116034 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:18.705924034 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:18.912914991 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:18.913315058 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:19.149447918 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:19.164959908 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:19.165050983 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:19.397043943 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:19.400352955 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:19.644951105 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:19.648396969 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:19.892884016 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:19.896676064 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:20.140955925 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:20.141180992 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:20.389100075 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:20.389173031 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:20.636977911 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:20.637077093 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:20.876302958 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:20.881027937 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:21.085624933 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:21.121200085 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:21.121371031 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:21.332611084 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:21.332880974 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:21.574222088 CET	49908	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:21.580934048 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:21.651042938 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:21.694046021 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:21.694227934 CET	35022	49908	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:23.661017895 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:23.780703068 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:23.784420013 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:23.787950039 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:23.907659054 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:23.907723904 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.027482033 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.028328896 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.148232937 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.151339054 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.271018982 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.271128893 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.390826941 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.391349077 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.511432886 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.511580944 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.631412983 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.631628990 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.751355886 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.751504898 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.871175051 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.871334076 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:24.991050005 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:24.991336107 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.111268997 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.111341953 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.431241989 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.502616882 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.502799988 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.551136017 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.551167965 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.551254034 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.622536898 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.671041965 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.671185970 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.791095972 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.791212082 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:25.911125898 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:25.911284924 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.031177998 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.031380892 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.151191950 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.151252031 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.271060944 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.271214962 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.391066074 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.391231060 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.511300087 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.511449099 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.631483078 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.631633043 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.751641989 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.751816034 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.871815920 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.871912003 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:26.991916895 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:26.992033958 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.112230062 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.112395048 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.232381105 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.232677937 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.352655888 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.352850914 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.473215103 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.473356962 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.593729973 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.593833923 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.757958889 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.758055925 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:27.961061001 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:27.961301088 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.179404974 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.209109068 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:28.209252119 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.425151110 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:28.425371885 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.647474051 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.673026085 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:28.673113108 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.866540909 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:28.893001080 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:28.893132925 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:29.112965107 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:29.113090992 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:29.325120926 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:29.361031055 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:29.361154079 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:29.569276094 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:29.569380999 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:29.821046114 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:29.821170092 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.069185019 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:30.069331884 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.284379959 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.317019939 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:30.318320990 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.529241085 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:30.529340029 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.760780096 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.777040005 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:30.778636932 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:30.992870092 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:31.005088091 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:31.005177975 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:31.236938000 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:31.237119913 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:31.481132984 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:31.481232882 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:31.728107929 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:31.729055882 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:31.973078012 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:31.973186016 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:32.210988998 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:32.217061996 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:32.419222116 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:32.457042933 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:32.457540989 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:32.665177107 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:32.666538000 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:32.864799976 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:32.913027048 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:32.914788008 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:33.109225988 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:33.109323978 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:33.348937035 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:33.357002020 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:33.357079983 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:33.593029976 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:33.593158007 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:33.837188005 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:33.837270021 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.044317961 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.089029074 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:34.089103937 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.289073944 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:34.290395975 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.531611919 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.537053108 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:34.540409088 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.750904083 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.777192116 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:34.778930902 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.995138884 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:34.997107983 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:34.997183084 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:35.218278885 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:35.229041100 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:35.229480982 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:35.440850973 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:35.441133976 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:35.665013075 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:35.665700912 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:35.872184038 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:35.913206100 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:35.913551092 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:36.101381063 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:36.117017984 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:36.117213011 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:36.331620932 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:36.349100113 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:36.349306107 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:36.581202984 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:36.581423044 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:36.829149008 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:36.829238892 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:37.095467091 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:37.095648050 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:37.360735893 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:37.364309072 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:37.609055042 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:37.610338926 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:37.861150026 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:37.862385988 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:38.109076977 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:38.109178066 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:38.357064009 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:38.360342979 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:38.553808928 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:38.609116077 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:38.610358953 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:38.801141024 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:38.801318884 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:39.027992964 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:39.049079895 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:39.050339937 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:39.274102926 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:39.275933027 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:39.521112919 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:39.524221897 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:39.769179106 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:39.769361019 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:40.017107010 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:40.017363071 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:40.265141964 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:40.265245914 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:40.509232044 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:40.509342909 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:40.757225990 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:40.757369041 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.009094954 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:41.009198904 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.229394913 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.257158995 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:41.257317066 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.454420090 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.477091074 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:41.478357077 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.672209024 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.705241919 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:41.705982924 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:41.921128988 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:41.922388077 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:42.127635956 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:42.169183969 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:42.171364069 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:42.373296022 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:42.373424053 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:42.591034889 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:42.621135950 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:42.621397018 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:42.837076902 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:42.837403059 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:43.085289955 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:43.085481882 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:43.333230972 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:43.333355904 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:43.582185030 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:43.582298994 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:43.800250053 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:43.833350897 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:43.836313009 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.045303106 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:44.046349049 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.255093098 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.293387890 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:44.293597937 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.501152992 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:44.501374960 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.736234903 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.749301910 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:44.750235081 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.942179918 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:44.981180906 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:44.981614113 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:45.189086914 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:45.189395905 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:45.437098980 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:45.437304974 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:45.684175014 CET	49969	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:45.685169935 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:45.691406965 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:45.804124117 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:45.804182053 CET	35022	49969	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:47.707941055 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:47.828134060 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:47.828239918 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:47.841943026 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:47.961872101 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:47.962179899 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.082084894 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.082194090 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.202194929 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.202404976 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.322479010 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.326469898 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.446408033 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.447068930 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.566858053 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.567831993 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.687736034 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.687971115 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.807946920 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:48.808345079 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:48.928250074 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.061028957 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.180933952 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.181052923 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.300921917 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.301239967 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.422370911 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.422446012 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.542263031 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.542350054 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.662169933 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.662271976 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.782874107 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.782996893 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:49.907506943 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:49.907602072 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.069209099 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.069447041 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.273315907 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.273436069 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.394411087 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.396373034 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.516479969 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.520394087 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.642349005 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.643594027 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.763896942 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.764496088 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:50.884566069 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:50.888360977 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.008336067 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.008852959 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.129086971 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.129189014 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.249284029 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.252336025 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.372329950 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.376359940 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.496232986 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.500385046 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.620417118 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.620522022 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.740544081 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.744405031 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.864547014 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.868371010 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:51.988220930 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:51.992358923 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:52.237170935 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:52.237447023 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:52.489350080 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:52.489445925 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:52.741198063 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:52.741298914 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:52.989201069 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:52.989468098 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.227637053 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.237202883 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:53.237322092 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.443264008 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.477200031 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:53.480334044 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.670634985 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.690622091 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:53.691195011 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:53.917421103 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:53.920447111 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:54.169073105 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:54.169218063 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:54.399806023 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:54.414446115 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:54.414524078 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:54.645234108 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:54.645344973 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:54.897396088 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:54.897500992 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:55.145782948 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:55.145843983 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:55.393663883 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:55.393804073 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:55.636034012 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:55.641180992 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:55.866645098 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:55.944417000 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:55.944509983 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:56.113311052 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:56.113471985 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:56.343431950 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:56.365190029 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:56.366719007 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:56.593143940 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:56.593235016 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:56.793885946 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:56.841177940 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:56.842907906 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:57.029639959 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:57.041167021 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:57.041383982 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:57.277389050 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:57.277509928 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:57.525331020 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:57.526325941 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:57.773222923 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:57.775064945 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.021210909 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:58.022592068 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.273313999 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:58.273432970 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.513479948 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.521270990 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:58.521354914 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.731327057 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.761281967 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:58.761570930 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:58.981328011 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:58.981614113 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.217070103 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.233263969 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:59.233381987 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.461349010 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:59.461837053 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.706690073 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.713219881 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:31:59.713324070 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.953105927 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:31:59.953295946 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:00.197279930 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:00.198532104 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:00.445161104 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:00.445410967 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:00.697246075 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:00.697506905 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:00.945158958 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:00.945223093 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:01.189132929 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:01.189193964 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:01.423872948 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:01.433231115 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:01.433316946 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:01.669207096 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:01.669372082 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:01.903707027 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:01.917237043 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:01.917392969 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:02.149409056 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:02.149516106 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:02.397406101 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:02.397567987 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:02.613327026 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:02.645289898 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:02.648374081 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:02.861278057 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:02.861438990 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:03.105873108 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:03.109483004 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:03.353241920 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:03.353421926 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:03.601358891 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:03.609592915 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:03.857332945 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:03.857397079 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:04.106731892 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:04.106823921 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:04.356038094 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:04.357294083 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:04.594583988 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:04.601300001 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:04.841384888 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:04.841501951 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.081217051 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.089224100 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:05.089325905 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.333221912 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:05.334790945 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.559201956 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.581367016 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:05.581485987 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.776504040 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:05.805282116 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:05.805516005 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:06.021475077 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:06.021651983 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:06.269347906 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:06.270797014 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:06.521370888 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:06.521547079 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:06.769671917 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:06.769737005 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.017333984 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:07.017400026 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.230863094 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.269254923 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:07.269387960 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.477202892 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:07.477366924 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.695964098 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.721407890 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:07.721570015 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.936507940 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:07.941205978 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:08.179058075 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:08.181237936 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:08.395797968 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:08.425328016 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:08.425417900 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:08.641927958 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:08.642034054 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:08.889338017 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:08.889502048 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:09.137339115 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:09.137458086 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:09.526151896 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:09.526420116 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:09.646197081 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:09.646397114 CET	49979	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:09.737931013 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:09.766138077 CET	35022	49979	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:11.763878107 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:11.883822918 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:11.883932114 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:11.887343884 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:12.007103920 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:12.007400036 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:12.127331018 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:12.127820969 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:12.247735977 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:12.250765085 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:12.370577097 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:12.944147110 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.064097881 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.064198971 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.184640884 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.184734106 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.304636955 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.304776907 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.424748898 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.424904108 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.544770956 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.544876099 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.664747953 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.664834023 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.784635067 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.784725904 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:13.904548883 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:13.904769897 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.024574041 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.024652958 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.144417048 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.144540071 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.264303923 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.264398098 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.384083033 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.384336948 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.504183054 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.506448984 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.626208067 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.626571894 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.746309042 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.747088909 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:14.866960049 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:14.867059946 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.029274940 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.029414892 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.149610996 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.152362108 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.353763103 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.353929996 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.474103928 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.474200964 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.594355106 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.594453096 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.714673042 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.714811087 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.835053921 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.835177898 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:15.956623077 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:15.956732988 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:16.076924086 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:16.077017069 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:16.197216988 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:16.197323084 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:16.437505960 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:16.437654018 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:16.682100058 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:16.684351921 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:16.925323963 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:16.925539017 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:17.169277906 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:17.170403004 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:17.413408995 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:17.413592100 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:17.657326937 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:17.657490015 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:17.901360989 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:17.901529074 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:18.145365953 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:18.145487070 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:18.389374971 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:18.389533997 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:18.637281895 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:18.637356997 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:18.881402969 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:18.881506920 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:19.125257015 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:19.125364065 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:19.365278006 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:19.366663933 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:19.609270096 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:19.609373093 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:19.853426933 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:19.856386900 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:20.097315073 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:20.098423004 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:20.341360092 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:20.344525099 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:20.585293055 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:20.585392952 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:20.829313993 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:20.829538107 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:21.063657999 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:21.073837996 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:21.305315018 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:21.305433035 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:21.545420885 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:21.545537949 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:21.789483070 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:21.789668083 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:22.033302069 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:22.033479929 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:22.277451992 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:22.277615070 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:22.521521091 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:22.521630049 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:22.751766920 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:22.765319109 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:22.765470028 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:22.993240118 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:22.993403912 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:23.233457088 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:23.233624935 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:23.477324009 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:23.477407932 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:23.717514038 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:23.717597008 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:23.961360931 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:23.961483955 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:24.201376915 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:24.201570988 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:24.445420980 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:24.445532084 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:24.689295053 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:24.689445972 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:24.929347038 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:24.929450035 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:25.173377991 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:25.173621893 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:25.413274050 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:25.417339087 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:25.653356075 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:25.653501987 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:25.897420883 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:25.897588015 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:26.141508102 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:26.141627073 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:26.385322094 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:26.385494947 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:26.625472069 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:26.625647068 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:26.869415045 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:26.869543076 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:27.113667011 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:27.113806963 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:27.357387066 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:27.357465982 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:27.597491980 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:27.597740889 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:27.845381021 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:27.845546961 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.060636044 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.089354038 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:28.089545965 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.301335096 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:28.301523924 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.531737089 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.545291901 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:28.548348904 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.749228954 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.777396917 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:28.780422926 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:28.989443064 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:28.991640091 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:29.195149899 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:29.235965014 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:29.236402988 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:29.437407017 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:29.437510014 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:29.677341938 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:29.677633047 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:29.898447037 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:29.925479889 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:29.925719023 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:30.118153095 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:30.141443968 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:30.141603947 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:30.358588934 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:30.361385107 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:30.562864065 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:30.601435900 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:30.604370117 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:30.805341005 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:30.808370113 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.028556108 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.053360939 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:31.056370974 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.269421101 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:31.269539118 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.492639065 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.517339945 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:31.517482996 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.737456083 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:31.737612009 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.953274965 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:31.981368065 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:31.981518030 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:32.185832977 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:32.193370104 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:32.405673981 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:32.429600000 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:32.429773092 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:32.642678022 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:32.649468899 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:32.860053062 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:32.886003971 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:32.886099100 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:33.101360083 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:33.101438999 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:33.343422890 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:33.343615055 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:33.585370064 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:33.586534977 CET	49980	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:33.801570892 CET	35022	49980	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:35.818965912 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:35.938707113 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:35.944489002 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:35.947756052 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.067513943 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.067630053 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.187417030 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.190550089 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.310439110 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.314826965 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.434762955 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.436438084 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.556385040 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.558492899 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.678406000 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.678508997 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.798362017 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.799333096 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:36.919246912 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:36.924371958 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.044200897 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.044939995 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.164781094 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.167541027 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.287291050 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.288407087 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.408206940 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.408288956 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.528121948 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.528204918 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.648045063 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.648219109 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.768049002 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.768205881 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:37.888045073 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:37.888192892 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.008635044 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.008727074 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.128540993 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.128711939 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.293452978 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.293670893 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.497467041 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.497584105 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.740386963 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.749464035 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.749598026 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.864424944 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.864578009 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.870431900 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.870517969 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.985295057 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.985457897 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:38.991384029 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:38.991467953 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.107300997 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.107570887 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.113147974 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.113248110 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.227366924 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.227462053 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.233026028 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.233088017 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.347712040 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.347901106 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.401431084 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.401494026 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.565453053 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.565531015 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.805404902 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:39.821701050 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:39.821774006 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:40.048760891 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:40.066879988 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:40.067066908 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:40.297488928 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:40.297703028 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:40.549478054 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:40.549668074 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:40.766843081 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:40.801486969 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:40.801655054 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:41.017436028 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:41.017455101 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:41.265480042 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:41.265677929 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:41.517591000 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:41.517678976 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:41.769407988 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:41.769642115 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:41.997107983 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.025513887 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:42.025710106 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.245460987 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:42.245563984 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.474076033 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.493622065 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:42.496392012 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.722954035 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.725456953 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:42.957230091 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:42.973504066 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:42.975430012 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:43.205495119 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:43.208400965 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:43.458985090 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:43.459089041 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:43.713591099 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:43.713694096 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:43.969831944 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:43.969997883 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.181494951 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.221539974 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:44.221663952 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.433835983 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:44.436395884 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.657830954 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.685566902 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:44.688592911 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.906692982 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:44.909533024 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:45.135668039 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:45.157401085 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:45.159112930 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:45.380331039 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:45.385473967 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:45.629570961 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:45.629703999 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:45.881520033 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:45.881650925 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:46.098901987 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:46.137451887 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:46.137584925 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:46.349415064 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:46.349515915 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:46.559881926 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:46.597503901 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:46.600385904 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:46.809453011 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:46.811134100 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:47.045573950 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:47.061486006 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:47.063208103 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:47.293910980 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:47.294107914 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:47.545407057 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:47.545496941 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:47.793621063 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:47.793802023 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.018852949 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.045553923 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:48.045686960 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.255614042 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.269510031 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:48.269593000 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.486778021 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.505527020 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:48.505656958 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.741329908 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.741492033 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:48.965847969 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:48.989510059 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:48.989674091 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:49.203685999 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:49.221451998 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:49.221528053 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:49.453448057 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:49.453538895 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:49.677232981 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:49.701417923 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:49.701551914 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:49.929434061 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:49.929599047 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:50.151895046 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:50.177500963 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:50.177647114 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:50.401443958 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:50.401546955 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:50.616664886 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:50.649406910 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:50.649518967 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:50.865436077 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:50.865562916 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:51.075896025 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:51.117801905 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:51.117877007 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:51.325493097 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:51.325609922 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:51.553566933 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:51.573493958 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:51.576391935 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:51.805491924 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:51.808412075 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.041910887 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.057522058 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:52.060374022 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.276772976 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.297466040 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:52.300363064 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.525516987 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:52.525600910 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.773590088 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:52.773710966 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:52.987673998 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.025408030 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:53.025491953 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.241476059 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:53.241592884 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.466702938 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.493391037 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:53.496367931 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.714426994 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.717505932 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:53.720324039 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.955619097 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:53.957565069 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:54.168541908 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:54.205478907 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:54.206087112 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:54.417566061 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:54.417934895 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:54.651364088 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:54.673773050 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:54.676476955 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:54.901519060 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:54.902920008 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.137732983 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.153546095 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:55.153708935 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.367197037 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.389741898 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:55.390707970 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.619379044 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:55.619565964 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.854315042 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:55.871109009 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:55.871259928 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:56.104933977 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:56.107095003 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:56.409020901 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:56.600858927 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:56.600961924 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:56.693559885 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:56.693641901 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:56.849509954 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:56.849575996 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.097009897 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.101509094 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:57.337328911 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.349569082 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:57.349759102 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.564029932 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.589493990 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:57.589802980 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.813518047 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:57.813703060 CET	49981	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:32:57.880584955 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:57.933695078 CET	35022	49981	147.185.221.229	192.168.2.10
Dec 16, 2024 07:32:59.895169020 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.015012980 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.015089035 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.046436071 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.166857958 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.166918039 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.286683083 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.286766052 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.406609058 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.406711102 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.526565075 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.526827097 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.646775007 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.646924973 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.766814947 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.768323898 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:00.888292074 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:00.890400887 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.010370016 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.015372038 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.135229111 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.138602018 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.258567095 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.260356903 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.380378008 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.380522966 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.500504971 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.500669003 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.620596886 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.620749950 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.740647078 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.740775108 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.860641956 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.860734940 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:01.980796099 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:01.980874062 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.100797892 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.100898027 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.220841885 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.220963955 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.340840101 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.340924978 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.460922003 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.461056948 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.581062078 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.581140041 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.701091051 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.701172113 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.821150064 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.821218967 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:02.941128969 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:02.941456079 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.061491966 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.061642885 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.277626991 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.362198114 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.380796909 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.380909920 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.397629976 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.397727013 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.500977039 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.501151085 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.517585039 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.517647028 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.620894909 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.623632908 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.637579918 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.639353037 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.743383884 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.746495962 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.759207964 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.762456894 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.866333961 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.871128082 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.882536888 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.882616997 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:03.990986109 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:03.994837046 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:04.002568007 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:04.006499052 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:04.114950895 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:04.115042925 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:04.173804045 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:04.174782991 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:04.294712067 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:04.294979095 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:04.521661043 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:04.521882057 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:04.769609928 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:04.769722939 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:05.021670103 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:05.021765947 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:05.269593954 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:05.405116081 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:05.525244951 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:05.525918007 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:05.645921946 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:05.646558046 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:05.766623974 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:05.766817093 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:05.886626005 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:05.888394117 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.008361101 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.012370110 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.132224083 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.132316113 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.252374887 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.252456903 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.372489929 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.376372099 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.496400118 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.500480890 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.620270014 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.624365091 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.744457006 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.748380899 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.868251085 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.872118950 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:06.992079020 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:06.992878914 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:07.112947941 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:07.116389036 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:07.236330986 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:07.238909006 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:07.358920097 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:07.364480019 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:07.525857925 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:07.526029110 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:07.733689070 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:07.734059095 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:07.981650114 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:07.981827974 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:08.229860067 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:08.230072021 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:08.477643967 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:08.477770090 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:08.729538918 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:08.730686903 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:08.977579117 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:08.978955984 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:09.225677967 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:09.225780964 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:09.469687939 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:09.473567009 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:09.717559099 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:09.717694044 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:09.966021061 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:09.966176033 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:10.228971004 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:10.302522898 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:10.302788019 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:10.477583885 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:10.477709055 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:10.721545935 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:10.721652031 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:10.963466883 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:10.965570927 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:10.965676069 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:11.205637932 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:11.205791950 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:11.453521967 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:11.453640938 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:11.680521011 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:11.697542906 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:11.700382948 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:11.925647974 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:11.928389072 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.177609921 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:12.180397987 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.401134968 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.425503969 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:12.428342104 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.673029900 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.815450907 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.952483892 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:12.952686071 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:12.993621111 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:12.993783951 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:13.072424889 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:13.113768101 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:13.113972902 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:13.277596951 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:13.277769089 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:13.481648922 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:13.481895924 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:13.703821898 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:13.733797073 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:13.734512091 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:13.949652910 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:13.950980902 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.182442904 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.197664022 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:14.200577021 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.410376072 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.433677912 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:14.436486006 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.657619953 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:14.657789946 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.905023098 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:14.905904055 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:15.105000019 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:15.149641037 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:15.149811983 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:15.353530884 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:15.353625059 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:15.581202030 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:15.601629972 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:15.601747990 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:15.825592041 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:15.826416016 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:16.055305004 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:16.073643923 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:16.073733091 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:16.301671028 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:16.302448034 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:16.542052984 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:16.553626060 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:16.783555031 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:16.789638996 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:16.998303890 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.033550024 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:17.033826113 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.246172905 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:17.246270895 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.468703032 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.497664928 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:17.497796059 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.694091082 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.713711023 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:17.713861942 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.939805984 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:17.941659927 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:18.156091928 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:18.185621023 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:18.185710907 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:18.405703068 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:18.405853033 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:18.619363070 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:18.653645039 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:18.654361010 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:18.865721941 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:18.868400097 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:19.110902071 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:19.113782883 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:19.356762886 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:19.361641884 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:19.364434958 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:19.601677895 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:19.601682901 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:19.845700979 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:19.845907927 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.053550959 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.093585014 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:20.093760967 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.297748089 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:20.297837019 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.545766115 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.549674034 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:20.747253895 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.793699026 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:20.796489954 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:20.993762016 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:20.993972063 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.202789068 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.241703987 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:21.244379997 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.453684092 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:21.456490040 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.680119038 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.701666117 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:21.701877117 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.925581932 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:21.925734997 CET	49982	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:21.927571058 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:22.045598984 CET	35022	49982	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:23.942358017 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.062268972 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.062347889 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.065571070 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.185357094 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.185425997 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.305190086 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.305293083 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.424998045 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.425151110 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.544900894 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.545003891 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.664860010 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.664973021 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.785397053 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.785528898 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:24.905507088 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:24.905651093 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.025882006 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.026024103 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.146348953 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.146492004 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.266503096 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.266611099 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.386754036 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.386873007 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.506891012 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.506989002 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.626784086 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.626935959 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.746869087 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.747015953 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.867607117 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.867691040 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:25.987528086 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:25.987601042 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.107677937 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.107759953 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.227857113 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.228046894 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.348663092 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.348900080 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.469120026 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.469283104 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.589104891 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.589200974 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.708978891 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.709150076 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.829981089 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.830152035 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:26.950627089 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:26.950793028 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:27.070693970 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:27.070822001 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:27.191104889 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:27.191206932 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:27.311965942 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:27.312135935 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:27.473668098 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:27.473799944 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:27.673652887 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:27.673773050 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:27.913821936 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:27.913921118 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:28.136795044 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:28.157776117 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:28.157929897 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:28.377871037 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:28.377966881 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:28.599086046 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:28.621690989 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:28.624404907 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:28.841728926 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:28.844403982 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.074764967 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.085781097 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:29.088361979 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.294172049 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.317678928 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:29.320380926 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.507366896 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.537632942 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:29.537792921 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.749768972 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:29.749866009 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.970957994 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:29.993727922 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:29.993918896 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.200361013 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.217704058 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:30.217775106 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.419322968 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.441692114 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:30.441890955 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.661672115 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:30.664414883 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.867371082 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:30.909603119 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:30.912002087 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:31.109970093 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:31.112449884 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:31.322804928 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:31.353703976 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:31.356420040 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:31.565735102 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:31.565834045 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:31.809756994 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:31.809989929 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.029470921 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.053694963 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:32.053905010 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.269745111 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:32.269963980 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.489834070 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.513648033 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:32.513756037 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.733789921 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:32.733911991 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.936454058 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:32.977766037 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:32.977921009 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:33.177746058 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:33.177947044 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:33.389182091 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:33.421750069 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:33.421819925 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:33.629800081 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:33.629934072 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:33.848797083 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:33.873811960 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:33.873893976 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.089786053 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:34.089979887 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.283037901 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.333781958 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:34.333998919 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.526032925 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:34.526137114 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.750107050 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.780966043 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:34.781110048 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.986567020 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:34.993731976 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:34.993855000 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:35.229738951 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:35.229832888 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:35.455250978 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:35.473764896 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:35.473855972 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:35.684735060 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:35.697737932 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:35.697870016 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:35.925774097 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:35.925868988 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:36.165854931 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:36.166007996 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:36.413734913 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:36.413852930 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:36.657747030 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:36.657957077 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:36.901634932 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:36.904412031 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:37.145674944 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:37.145797014 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:37.385648012 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:37.385727882 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:37.625622988 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:37.625700951 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:37.869699955 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:37.869784117 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.109925985 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:38.110006094 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.327769041 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.353673935 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:38.353790045 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.549189091 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.569760084 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:38.572396994 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.789776087 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:38.792396069 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:38.987284899 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:39.033730030 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:39.036358118 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:39.223356962 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:39.229733944 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:39.469779968 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:39.469882965 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:39.695385933 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:39.713942051 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:39.716459990 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:39.937797070 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:39.940376043 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:40.135483027 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:40.181747913 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:40.184400082 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:40.377808094 CET	35022	49983	147.185.221.229	192.168.2.10
Dec 16, 2024 07:33:40.377918959 CET	49983	35022	192.168.2.10	147.185.221.229
Dec 16, 2024 07:33:40.621741056 CET	35022	49983	147.185.221.229	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 07:29:47.262314081 CET	53501	53	192.168.2.10	1.1.1.1
Dec 16, 2024 07:29:47.529774904 CET	53	53501	1.1.1.1	192.168.2.10

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 16, 2024 07:29:47.262314081 CET	192.168.2.10	1.1.1.1	0x7980	Standard query (0)	late-lil.at.ply.gg	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 16, 2024 07:29:31.576926947 CET	1.1.1.1	192.168.2.10	0xd8a0	No error (0)	shed.dual-low.s-part-0035.t-0009.t-msedge.net	s-part-0035.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 16, 2024 07:29:31.576926947 CET	1.1.1.1	192.168.2.10	0xd8a0	No error (0)	s-part-0035.t-0009.t-msedge.net		13.107.246.63	A (IP address)	IN (0x0001)	false
Dec 16, 2024 07:29:47.529774904 CET	1.1.1.1	192.168.2.10	0x7980	No error (0)	late-lil.at.ply.gg		147.185.221.229	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	01:29:34
Start date:	16/12/2024
Path:	C:\Users\user\Desktop\Fast Download.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Fast Download.exe"
Imagebase:	0x5a0000
File size:	27'648 bytes
MD5 hash:	97D80681DAEF809909AC1B1E3B9898BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000000.1300697966.00000000005A2000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen Rule: INDICATOR_SUSPICIOUS_EXE_ASEP_REG_Reverse, Description: Detects file containing reversed ASEP Autorun registry keys, Source: 00000000.00000002.3756289646.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	01:29:44
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\attrib.exe
Wow64 process (32bit):	true
Commandline:	attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
Imagebase:	0x170000
File size:	19'456 bytes
MD5 hash:	0E938DD280E83B1596EC6AA48729C2B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	01:29:44
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\attrib.exe
Wow64 process (32bit):	true
Commandline:	attrib +h +r +s "C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
Imagebase:	0x170000
File size:	19'456 bytes
MD5 hash:	0E938DD280E83B1596EC6AA48729C2B0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	01:29:44
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:29:44
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	18.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	3.5%
Total number of Nodes:	173
Total number of Limit Nodes:	6

Executed Functions

Function 056627D7 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05662857

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 00c7ecb4868255fd73b08973b44973fd852914798555c6bf2089fc5740f655b8
Instruction ID: 3eeedca76e5dc6a4e045e974ddb2416fb0a609894fa4661b8240af9fde9c6c6d
Opcode Fuzzy Hash: 00c7ecb4868255fd73b08973b44973fd852914798555c6bf2089fc5740f655b8
Instruction Fuzzy Hash: 1121D1755097809FDB128F25DC50B52BFF8EF06310F0884DAE9858F663D235D818DB62

Function 0566280E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05662857

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 247dfec67595160ee11e941c4816d606beacb5eb1f1d478812a3c66157ef6865
Instruction ID: 0eb0b307e012188b011dbd4f6cc7661964e0ff0dad2b981c48fb0598a0170fa7
Opcode Fuzzy Hash: 247dfec67595160ee11e941c4816d606beacb5eb1f1d478812a3c66157ef6865
Instruction Fuzzy Hash: 8A111C755006449FDB60CF55D844B66BBE4EF04220F08C4AEDD468BA52D375E818DF61

Function 01160360 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756097641.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1160000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb15f49faf2048fe2147bf05227e6d7b4dc70c6b2c456486725a83825efce8f6
Instruction ID: 27d1c936c9d7513f242af7ad28cb93c06f54dc9369fef89b9bb359617f659e8d
Opcode Fuzzy Hash: bb15f49faf2048fe2147bf05227e6d7b4dc70c6b2c456486725a83825efce8f6
Instruction Fuzzy Hash: C651C230B00200ABDF48FBB59C11BAE76E7ABC9314F144538A505DF7E9DE369D058B90

Function 01160370 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756097641.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1160000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564c85ed03d4f5204fd361e01c448edb9ec24684e56a1a36c30467d87bdbc921
Instruction ID: 179470d0e90e05a16222292f8601fa7ae5cbd8d19af2482f3c5ff9ad472278bc
Opcode Fuzzy Hash: 564c85ed03d4f5204fd361e01c448edb9ec24684e56a1a36c30467d87bdbc921
Instruction Fuzzy Hash: C151C230B00200ABDF48F7B59C11BAE76EB9BC9304F144538A506DF7E9DE369D058B90

Function 01161CD8 Relevance: 1.9, APIs: 1, Instructions: 394
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 01161D12

Memory Dump Source

Source File: 00000000.00000002.3756097641.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1160000_Fast Download.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 8168ebe01a63d4d835ceb6507500648c6c069395345eb2f4a6e6d5657cf4bcc5
Instruction ID: 2694e9feccb58f97e2f08d68f9a76f1edfb6cf2bb2c37b8ade06e374e8a683e6
Opcode Fuzzy Hash: 8168ebe01a63d4d835ceb6507500648c6c069395345eb2f4a6e6d5657cf4bcc5
Instruction Fuzzy Hash: 29F13934B04214CFCB1AFF74D850B5D77B6AF88319B158929D906DB3A8EB369C52CB90

Function 01161CC8 Relevance: 1.8, APIs: 1, Instructions: 330
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 01161D12

Memory Dump Source

Source File: 00000000.00000002.3756097641.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1160000_Fast Download.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 4af2233da7973d3109b63001de571b434cca41ec475196467924c7a94233e47a
Instruction ID: f829182a93ea879f9a56a21c6e79c6c09a0580fd3414fa4644684fb818f79573
Opcode Fuzzy Hash: 4af2233da7973d3109b63001de571b434cca41ec475196467924c7a94233e47a
Instruction Fuzzy Hash: 9CD13834B04204DFCB19FF74D950B5D77B6AF88315B248929D906DB3A9EB329C92CB90

Function 0566131A Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 056613FE

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: cfff762aca2f8065f7687a0b708a7123fb6c71121510be88ec76ce305ef71783
Instruction ID: 6376a8dab4f1ef0e09374d87747530a0769310bfa769e5306d589f000f70e96b
Opcode Fuzzy Hash: cfff762aca2f8065f7687a0b708a7123fb6c71121510be88ec76ce305ef71783
Instruction Fuzzy Hash: A6415D6140E3C16FD7038B358C61AA2BFB4AF47210F0E45CBD8C4CF5A3D6256959D7A2

Function 00B9AF30 Relevance: 1.6, APIs: 1, Instructions: 101
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 00B9AFED

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: f119ca6ca7af2536f8577b4bd0a02f0ca1831d8938ce10378cd5e0e5f7abd02d
Instruction ID: 4770f3eff2d842f28ee89d804d394b328717ebcaa1675eaddae243335b13a7dd
Opcode Fuzzy Hash: f119ca6ca7af2536f8577b4bd0a02f0ca1831d8938ce10378cd5e0e5f7abd02d
Instruction Fuzzy Hash: EF31C4B24043446FEB228B11DC45FA7BFBCEF05324F0885AAE9848B553D325E909CB71

Function 056622E2 Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNEL32(?,00000E24), ref: 056623A9

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 57c67ed0cc4c10f9d3beae92f43db062eaa7931e8a148f0bb4f51da158a258fb
Instruction ID: 8b3ca5c98ea2a1cba0e6ae79fd0232ddf48b6ca83092e36caa811efd11de2c1b
Opcode Fuzzy Hash: 57c67ed0cc4c10f9d3beae92f43db062eaa7931e8a148f0bb4f51da158a258fb
Instruction Fuzzy Hash: 70318172504744AFEB218B51CC44FA7BBFCEF09210F08459AE9859B652D324E908CB61

Function 00B9BCC7 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00B9BD7D

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ddee3bb1a955e42b67d721e21cb2590b19b91268736f51a9e8117f3551b9cbb3
Instruction ID: 1e257ac8adeac41146e160fa4be4f7c776d4de70195d12b2dc1b0036c2dfb298
Opcode Fuzzy Hash: ddee3bb1a955e42b67d721e21cb2590b19b91268736f51a9e8117f3551b9cbb3
Instruction Fuzzy Hash: A33194B1505340AFEB22CF65DD44F62BFF8EF05314F08449AE9858B652D365E909CB71

Function 05660257 Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 0566031E

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 97c7191c9552078e3a3e90f0a886e038519ea2ea3c8f1cc3c687be593d2174b1
Instruction ID: 32a35ec9a5e0bf61a929ab0032161161d7201dd86ac2837675c35e178a4a200a
Opcode Fuzzy Hash: 97c7191c9552078e3a3e90f0a886e038519ea2ea3c8f1cc3c687be593d2174b1
Instruction Fuzzy Hash: 5E317C7510E3C06FD3138B258C65A61BFB4EF47610B0E45CBE8C48F6A3D629A919D7B2

Function 0566108C Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05661153

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 41b26d7b5fc5b0bf3f658e0d3aa1703bbc1f74ab2583169d11103b3fd2d06e5b
Instruction ID: ec0a3266bbff95a25feafa48668c8ad41c130862d9680d1ad46d3161133b93b5
Opcode Fuzzy Hash: 41b26d7b5fc5b0bf3f658e0d3aa1703bbc1f74ab2583169d11103b3fd2d06e5b
Instruction Fuzzy Hash: C83191B2505344BFFB21CB51DC84FA6FBACEF05314F04489AFA489B192D775A908CB61

Function 00B9AE32 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNEL32(?,?), ref: 00B9AED9

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: d331263d6be373b497a808dac11d4399d79b8e742a0798c8abc093838b674788
Instruction ID: 0bd5c0e136c992280b05e6135357e14537a3a580b728b7416215e8353110f476
Opcode Fuzzy Hash: d331263d6be373b497a808dac11d4399d79b8e742a0798c8abc093838b674788
Instruction Fuzzy Hash: B031A4B15097806FEB11CB25DC44B96BFF8EF06310F08849AE944CB292D325E808CB62

Function 05660F84 Relevance: 1.6, APIs: 1, Instructions: 89
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05661021

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: f16178d11434415144a8deedfeb06d60a1cd765d326894e46c1dd6168612314a
Instruction ID: 1b54513e24c398914b1d05cf2662224ab9ed82671dd8f886733d56385b475e15
Opcode Fuzzy Hash: f16178d11434415144a8deedfeb06d60a1cd765d326894e46c1dd6168612314a
Instruction Fuzzy Hash: 8131C5724057806FEB12CF61DC45FA6BFB8EF06314F08849AE9858B553D2259909CBB1

Function 05660880 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05660917

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 31103737f464a094f7abfcdee5cec5d6ed2b6a7d2b5d6a18afe1f7f09aa47009
Instruction ID: 7dce28a9ff59cdc06306fbad8de3afbfdc698b3991636c5ccaa337fdb61abd1a
Opcode Fuzzy Hash: 31103737f464a094f7abfcdee5cec5d6ed2b6a7d2b5d6a18afe1f7f09aa47009
Instruction Fuzzy Hash: F5317372508344AFEB21CB65DC45FA7BFF8EF05224F0885AAE945DB652D364E808CB61

Function 00B9A51A Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9A5B8

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: b134266616b9347715436b4728ff135908fd2106244e587d3475cd4a0729fc3d
Instruction ID: 465df5d6a6ad385463c0038f8d1bd9836d0209b22fc91df3231cbb9c49900389
Opcode Fuzzy Hash: b134266616b9347715436b4728ff135908fd2106244e587d3475cd4a0729fc3d
Instruction Fuzzy Hash: F23195724093806FEB228B61DC54F96BFB8EF06214F0885DBE985CB553D225A908C7B2

Function 00B9B035 Relevance: 1.6, APIs: 1, Instructions: 86windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 00B9B0F1

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: a61ad3940c0f228b02a48d5023018686f82948c74afdb305598cf6ea4b096db8
Instruction ID: 9681315fdaf8ac634a1358e0a66a03af1fad04adc242fac25c76ee5f1eeab71b
Opcode Fuzzy Hash: a61ad3940c0f228b02a48d5023018686f82948c74afdb305598cf6ea4b096db8
Instruction Fuzzy Hash: 3931D472005380AFEB228F60DC45FA2FFB8EF46324F08849EE9854B553D375A808CB65

Function 0566230E Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.KERNEL32(?,00000E24), ref: 056623A9

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f341767dd003b4d944072057ff148328b0d3c9d90cee629230ecebbfe612ca8b
Instruction ID: 3de0d9b113954c50883fbd6c66a6863167d858515aa95608c17046329a083f11
Opcode Fuzzy Hash: f341767dd003b4d944072057ff148328b0d3c9d90cee629230ecebbfe612ca8b
Instruction Fuzzy Hash: 7421BF76500604AFEB21DE15CC80FABBBECEF08214F08855AFA45DBA52D320E808CF61

Function 00B9AB81 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9AC2C

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a53767aaf362663625af66079d155a92b4732ff0863e7dd5ff55086051eaf578
Instruction ID: 853b6793d67ffce50df12662d92eef1995caebbfd72768bdf07f2ad51aca2cfb
Opcode Fuzzy Hash: a53767aaf362663625af66079d155a92b4732ff0863e7dd5ff55086051eaf578
Instruction Fuzzy Hash: B9318075505740AFEB22CB11CC44F92BFF8EF06710F0885DAE9458B652D324E908CBA1

Function 056610AE Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 05661153

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 705def70233a6a99ffd2d1dc8491f86e3e85a2972a02221d4e51a936bb87c97e
Instruction ID: e31cdfce6902b5179235e9bcdc93a08d0ba07b779568f8033bdcf67b9d1b0f53
Opcode Fuzzy Hash: 705def70233a6a99ffd2d1dc8491f86e3e85a2972a02221d4e51a936bb87c97e
Instruction Fuzzy Hash: 9121BF71500204AEFB21DB51DC84FAAFBACEF04714F04885AEA489B681D7B5A909CBB1

Function 00B9BDD4 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9BE69

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: a81b4142dc5eccc68eb4beca596ed61a3d64d3ce5a3f2149b5df93cbf1042e03
Instruction ID: 540cef09bac08ff9669f8ff2ba60f53adb00a7a44315f42b7475414c72baa518
Opcode Fuzzy Hash: a81b4142dc5eccc68eb4beca596ed61a3d64d3ce5a3f2149b5df93cbf1042e03
Instruction Fuzzy Hash: E721FBB54097806FE7128B21DC41BA2BFBCDF06724F0985D6E9848B253D264990DC771

Function 05662581 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05662610

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 1bf6fe6a335e05ad4b792d2af6598ec2b064d0259278cd6179afd6f476fb3a0f
Instruction ID: d53b004e725b0f6f7c6d32caaea4e976e7770f423e736d568bf2ebec25ff9959
Opcode Fuzzy Hash: 1bf6fe6a335e05ad4b792d2af6598ec2b064d0259278cd6179afd6f476fb3a0f
Instruction Fuzzy Hash: 4F216B755093809FDB22CF25DC54BA2BFF8EF06214F0884DAE984CB663D265E849DB61

Function 05662959 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 056629E0

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 009f022c2217101065bbee5d9c75f994ff0afbf3994792ee560a84f770ee7a72
Instruction ID: 73f2e6b5476e65578c84208c130f0e2a740102277d1629d0aed2f202dcbbe89f
Opcode Fuzzy Hash: 009f022c2217101065bbee5d9c75f994ff0afbf3994792ee560a84f770ee7a72
Instruction Fuzzy Hash: 3F21A4B55093806FEB12CB15DC45FA6BFB8EF42214F0884DBE944CF693D264A908C7A1

Function 00B9AC82 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9AD18

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: f3ae86193ce46d721320a72327bfdad3a76635e15b553c07e4b268e3ec09cd2d
Instruction ID: e731d9a9b029bf92e3f45ecd806c575d5ccb351351872eb19663a13b0ba5772f
Opcode Fuzzy Hash: f3ae86193ce46d721320a72327bfdad3a76635e15b553c07e4b268e3ec09cd2d
Instruction Fuzzy Hash: 5021A4B25053806FDB228B11DC44F97BFFCEF45314F08859AE9859B652D264E848CBB1

Function 0566034A Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 056603D6

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 8694a25d76a4bd617eccdc54882ddf6528bd4e39d664477a21c3920e50a27ece
Instruction ID: 47aea5d11b340dbee7ade5fe65a5b30f33d5e18ff4bdaf8bc678709dbcd37337
Opcode Fuzzy Hash: 8694a25d76a4bd617eccdc54882ddf6528bd4e39d664477a21c3920e50a27ece
Instruction Fuzzy Hash: A0219171405380AFEB22CF51DC45FA6FFF8EF05224F08899EE9858B652D375A408CB61

Function 05660A36 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05660ACA

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: d328f7eba262a1097a86648fc2693ebba0738a6fd79b166877add47bf5e3c0a2
Instruction ID: 82553c04fa0e6dee6a37616d5f9232c206186f5a8333225d995aba5a1816d8c2
Opcode Fuzzy Hash: d328f7eba262a1097a86648fc2693ebba0738a6fd79b166877add47bf5e3c0a2
Instruction Fuzzy Hash: 8B21D371409340AFE722CF55DC44F96FFF8EF09224F08859EE9858B652D365E508CBA1

Function 00B9BCFE Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 00B9BD7D

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 8c3ea0fb82203ffc55d95f068c46d27c34b4628bfbcd32a8ad15167886940f9c
Instruction ID: fa4ec6f0048b82e0b251bc7262d61467d39d26e24604fd3c6a080c33b1e23f37
Opcode Fuzzy Hash: 8c3ea0fb82203ffc55d95f068c46d27c34b4628bfbcd32a8ad15167886940f9c
Instruction Fuzzy Hash: 58219271501200AFEB21CF65DD85FA6FBE8EF04314F0889ADE9458B652D775E808CB61

Function 056608A6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05660917

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: d7f5741f2c314a77431bc061c98d7381844ed7a6163ac11e42dd8954a5549b27
Instruction ID: 69e0d05f82e263809a8ea65e4606d960284da3a63ce1f67813538d0936509437
Opcode Fuzzy Hash: d7f5741f2c314a77431bc061c98d7381844ed7a6163ac11e42dd8954a5549b27
Instruction Fuzzy Hash: 1421CF72504204AFFB20DF25DC44FAABBACEF04224F08856AE945DB642D374E808CAA1

Function 0566079A Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 0566082C

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 11ac7f8be759dd970503c9ffaa5d6834164c8d0b06787be3e200cf2b6aa06b47
Instruction ID: 296089a4d1f092fc59782d56c987ba604d7a0450df7cd6cb545074b205043e9c
Opcode Fuzzy Hash: 11ac7f8be759dd970503c9ffaa5d6834164c8d0b06787be3e200cf2b6aa06b47
Instruction Fuzzy Hash: EF219072505740AFEB22CB11DC44FA6BFF8EF05220F08859AE9468B652D364E908CBA1

Function 00B9AF6E Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32(?,00000E24), ref: 00B9AFED

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: cfae6854cc4ded4783f825e5abd90f474c222fcfd8ca74db8f2012622a3d90d5
Instruction ID: b578322679e003c532dfcb2e46d2125dd623382097fd83d4bb79b207b1d4a0ac
Opcode Fuzzy Hash: cfae6854cc4ded4783f825e5abd90f474c222fcfd8ca74db8f2012622a3d90d5
Instruction Fuzzy Hash: A221C6B2500204AEFB219F51DC44FABFBECEF08314F04855AEA45CB652D775E908CAB1

Function 05662A43 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05662ABF

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 572c7d94f7817486d7327e7c5a5cac925210e43d78c6f291f263e4b30b6ffb5b
Instruction ID: 2425d9aa06ea882ce3bf2fa56ea94ab46f70039072d548f028d962ae5625acc9
Opcode Fuzzy Hash: 572c7d94f7817486d7327e7c5a5cac925210e43d78c6f291f263e4b30b6ffb5b
Instruction Fuzzy Hash: 8721A4B55093806FEB22CF51DC44FA6BFB8EF45214F08849BE945CB652D364A908CBA5

Function 05662B27 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05662BA3

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 572c7d94f7817486d7327e7c5a5cac925210e43d78c6f291f263e4b30b6ffb5b
Instruction ID: 9d7c947fc8908b526e651776302b33ae225e9517632f8e78d90546f01e20a4ee
Opcode Fuzzy Hash: 572c7d94f7817486d7327e7c5a5cac925210e43d78c6f291f263e4b30b6ffb5b
Instruction Fuzzy Hash: BB21D4754093806FEB22CF11DC44FA6BFB8EF45214F08849BE944CB652D364A908CBA5

Function 00B9AE66 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNEL32(?,?), ref: 00B9AED9

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 92b2a8594427b2a3d1bae954a93caa39cffa62dc11672ffbe2cc3ce3561d8c1f
Instruction ID: 2ea7c03fb76b899d1dab682d2675568d8042cad33dab3123c56cc21a740df4bf
Opcode Fuzzy Hash: 92b2a8594427b2a3d1bae954a93caa39cffa62dc11672ffbe2cc3ce3561d8c1f
Instruction Fuzzy Hash: 38218071501204AFEB20DF65DD85BA6FBE8EF04324F1884AAE9448B641D775E808CAA6

Function 05660CCD Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05660D50

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 3072824f83a12a442ca0e6120f661a659323c6a9a8d65acb55174c9e119aa503
Instruction ID: 8ff21040b45b524ebdf5c992cdfc6dd465061bd58451d78c682522809707198f
Opcode Fuzzy Hash: 3072824f83a12a442ca0e6120f661a659323c6a9a8d65acb55174c9e119aa503
Instruction Fuzzy Hash: 5821AAB54093806FEB12CB51DC44F96FFB8EF46224F0885DBE9449F653C364A548CB61

Function 056600E2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05660161

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: b534fb93e95fa0b257262253833ea8b7d5569deb8a5317b9e73ed0ba08a333e8
Instruction ID: aabc3a79454c9ce0afc5505f2156b67c07abc8f68e02d8354787d3efff4fdf02
Opcode Fuzzy Hash: b534fb93e95fa0b257262253833ea8b7d5569deb8a5317b9e73ed0ba08a333e8
Instruction Fuzzy Hash: 4021A472405340AFEB22CF51DC44F97FFB8EF45224F08849AE9458B652C335A408CBB1

Function 00B9ABB2 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9AC2C

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b60268c3e4fd5aea730e6ef8c81e5ae9e85f4df0dc4acce6ad2697d80d248ae3
Instruction ID: 70415cd2f99a1553ac7dbc8b9cf45c96c3e226aca78a2f409eaa93159811afad
Opcode Fuzzy Hash: b60268c3e4fd5aea730e6ef8c81e5ae9e85f4df0dc4acce6ad2697d80d248ae3
Instruction Fuzzy Hash: C8219075500604AFEB21CF15DC84FA6BBFCEF04714F0885AAE945CB651D764E808CAB6

Function 00B9A54E Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9A5B8

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: d4944c10d5f97cbdc1c1251ab469415f25cff0200c9967a4d790eec0bbf4d6ab
Instruction ID: 0402621d11cf54cd4016b45317da3dcb99c26e25c953eea14e405e7e1636f803
Opcode Fuzzy Hash: d4944c10d5f97cbdc1c1251ab469415f25cff0200c9967a4d790eec0bbf4d6ab
Instruction Fuzzy Hash: FE11A272500204AFEB21CF55DC84FAAB7ECEF14314F04856AE945CB651D775E8488BB6

Function 056624BB Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05662537

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: b177d93f9f8ed5d2d9e910103532896093c3f3ddc1d1cfbe18c7d313bb83ac77
Instruction ID: ae77c6b9a5a5c596cadcef71c928bfbeb29db4087aed1c1e6532f2cbb572308a
Opcode Fuzzy Hash: b177d93f9f8ed5d2d9e910103532896093c3f3ddc1d1cfbe18c7d313bb83ac77
Instruction Fuzzy Hash: 2E21C3754093806FEB22CF51DC44FA6BFB8EF45214F08849BE9449B652C374A508CBA6

Function 0566036A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 056603D6

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 38a3dbaa57729b1ee3484184ba241305cba61d2437bc3550ea538614a8d6dcc8
Instruction ID: b59d577daef2d47a69199f3fbd8907edab23b56b4e13586191a8fd386e050f15
Opcode Fuzzy Hash: 38a3dbaa57729b1ee3484184ba241305cba61d2437bc3550ea538614a8d6dcc8
Instruction Fuzzy Hash: BA21A171501200AFEB21DF55DD45FA6FBE8EF08324F04896EEA458B652D376E409CB61

Function 05660A56 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNEL32 ref: 05660ACA

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 60be45c2c7f5ad9eb1639d4282586579aa56538341784956027c5f50598c2241
Instruction ID: 3af8524613b0780afd542931dc0605ed57350cc40a1e522ef399ef1593055438
Opcode Fuzzy Hash: 60be45c2c7f5ad9eb1639d4282586579aa56538341784956027c5f50598c2241
Instruction Fuzzy Hash: CE21DE71401204AFEB21CF55DD48FA6FBE8EF08324F04856AE9458BA82D376E408CBA1

Function 0566125E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 056612DA

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 41528b4e417e1b05c4a9fe4e6c8adf023b82cd294e38a2a3a3c31172ecc4e368
Instruction ID: f25f5d5660f46123dfb4a56b46aa0f1bde1afa65fad6b5a759f06fff29565f7d
Opcode Fuzzy Hash: 41528b4e417e1b05c4a9fe4e6c8adf023b82cd294e38a2a3a3c31172ecc4e368
Instruction Fuzzy Hash: B2219F75408380AFDB228F51DC44B62BFF8EF06210F0885DAE9858B663D375E818DB61

Function 00B9B076 Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 00B9B0F1

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: 31f3dfaa5754b2fcaf8988a5e61d98ee2fa933503285d2ab3bf16cbc95591c90
Instruction ID: b7b2cfbfab009f3cb4164754329e639ee08bc59672862d01604bc7401c25ffe5
Opcode Fuzzy Hash: 31f3dfaa5754b2fcaf8988a5e61d98ee2fa933503285d2ab3bf16cbc95591c90
Instruction Fuzzy Hash: 8821AF72401200AFEF218F51ED41FA6FBE8EF04714F1885AAEE455A691D375E808DBA5

Function 056615FA Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 05661683

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b1f339912ef01cfd66e0166f657b003ab4217ea0a5e3b1adda3f4b83b16165ef
Instruction ID: 783dde32fb34c18eb5ce47844b18ffaa0c214dc051ae903696a0b52bce07715b
Opcode Fuzzy Hash: b1f339912ef01cfd66e0166f657b003ab4217ea0a5e3b1adda3f4b83b16165ef
Instruction Fuzzy Hash: DA11D3714053406FE721CB11DC85FA6FFB8EF46720F08809AFA449B692D2B5A948CBA5

Function 00B9ACA6 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9AD18

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 358421e04550973935ef746639fbd00f57aef612b14af80accf98a6409f3c82b
Instruction ID: 27209ae6cff7dab8504c0afeba55e2d4538ac920a4ab2fb8d2d9eb8fce1bbc63
Opcode Fuzzy Hash: 358421e04550973935ef746639fbd00f57aef612b14af80accf98a6409f3c82b
Instruction Fuzzy Hash: A0119376500604AFEF218E11DC40FA7FBECEF04715F1885AAED459BA51D765E808CAB2

Function 00B9A46A Relevance: 1.6, APIs: 1, Instructions: 65comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00B9A4DC

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: acb943cb630149a40bf738c249098fbb4cc33f0bfaad0a9374c9f8126b772da7
Instruction ID: e7624a972153a2a72c69db055488ac6328f04e1cf8a7b07dd2cdd4d4fd79db54
Opcode Fuzzy Hash: acb943cb630149a40bf738c249098fbb4cc33f0bfaad0a9374c9f8126b772da7
Instruction Fuzzy Hash: CE216D754093C09FDB128B25DC54692BFB4EF47314F0984DBD9848F2A3D2759908DBA2

Function 056607BA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 0566082C

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: df834dc47102a4e526ce63ca5bd1976efec84244802305ce9780ecfd94f78006
Instruction ID: 7667174333d5a5483f57ee551741ef214d19466e83cebd1775adfd12e80d5cd6
Opcode Fuzzy Hash: df834dc47102a4e526ce63ca5bd1976efec84244802305ce9780ecfd94f78006
Instruction Fuzzy Hash: F511B172500600AFEB61CF51DC44FA6FBE8EF04624F08856AE9468BB52D364E808CAF1

Function 05660FC2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05661021

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: be69ee7565f7cee0de0f066409bb8ebc4eb792656ebd2295e3f03da8c147da19
Instruction ID: 6a912e21ee4b1249d7280a027b55e3652bfd2bf6d62c2fb4b60261258cb2cb7b
Opcode Fuzzy Hash: be69ee7565f7cee0de0f066409bb8ebc4eb792656ebd2295e3f03da8c147da19
Instruction Fuzzy Hash: 0911D072500244AFEB21CF51DC44FAABBA8EF04624F08C46AE9458BA51D775E808CBB1

Function 05662A66 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05662ABF

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: e48c73f1f7b25671dbbfb377452bd7e3b2332eadf72605268e577144ce6b8cf5
Instruction ID: e93ac10924e1e4adc4ec04be1c65e08bd4fe4c7a3a2bf80f04da68ba24bda28a
Opcode Fuzzy Hash: e48c73f1f7b25671dbbfb377452bd7e3b2332eadf72605268e577144ce6b8cf5
Instruction Fuzzy Hash: 8411C176500204AFEB21CF55DC84FAABBA8EF04324F08C96AED058B641D775E848CFB5

Function 05662B4A Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05662BA3

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: e48c73f1f7b25671dbbfb377452bd7e3b2332eadf72605268e577144ce6b8cf5
Instruction ID: 118bdbd6bcccf5ca081cc10920ad6e0d6b141196469ac126a2414ec816950b5e
Opcode Fuzzy Hash: e48c73f1f7b25671dbbfb377452bd7e3b2332eadf72605268e577144ce6b8cf5
Instruction Fuzzy Hash: 5511C479500204AFEB21CF55DC44FAABBA8EF04324F08C4AAED458B641D775E808CBB5

Function 00B9B3CB Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B9B436

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4b1fa24d8163a06c19546a86815716cbee25423d57003766e7a3c3eea5c84107
Instruction ID: ac06ee8ab83f31ae1224721e266971265852e10f386a7915c4bdbbf6d63b0606
Opcode Fuzzy Hash: 4b1fa24d8163a06c19546a86815716cbee25423d57003766e7a3c3eea5c84107
Instruction Fuzzy Hash: 13117271409780AFDB228F51DC44A62FFF4EF4A310F0888DEE9858B663D375A818DB61

Function 0566298A Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 056629E0

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 574f0048df475169816a5574a7e91abf167666b7ec986305036d6e39b233723c
Instruction ID: ee97919d2ed6e19b773c3870a240959c351dc0bb7aaf269c74fa73cbfa74fb81
Opcode Fuzzy Hash: 574f0048df475169816a5574a7e91abf167666b7ec986305036d6e39b233723c
Instruction Fuzzy Hash: 9C11E375501200AFEB21CF16DC44BAABBA8EF44224F08C56AED05CB641D775E808CAA5

Function 05660102 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05660161

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 2d7a6c3eead25b1579457cc4c7855375fe47bd66db112a59c0f885520f7dfeca
Instruction ID: b2e699b25c7eafe15482f91f31cb4827f772c0e78d3ea157e1461f49181ef120
Opcode Fuzzy Hash: 2d7a6c3eead25b1579457cc4c7855375fe47bd66db112a59c0f885520f7dfeca
Instruction Fuzzy Hash: A0119176400204AFEB21CF91DC44FA6FBE8EF44724F08896AEA458BA51D375E409CBB5

Function 056624DE Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05662537

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 2f4fc4ab409f0dc055e1f6801e08aafd3187e1f0ef21dbf70babac8e68bbb7d0
Instruction ID: dae1a3c8cf2022b02d064c95a9c5aab5121c7c5d8e6a36ef9bb8b15a2e890f10
Opcode Fuzzy Hash: 2f4fc4ab409f0dc055e1f6801e08aafd3187e1f0ef21dbf70babac8e68bbb7d0
Instruction Fuzzy Hash: CE11A375400204AFEB21CF55DC44FA6FBA8EF44324F08C45AED459B641D375E509CBB5

Function 05660CFA Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 05660D50

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: da8b3951977d11f3aac7460c050b7a73113c39fd21824e335e53d6c9b696b8b5
Instruction ID: e8fae8e0975be88e6244b0a3432339a8fdc8a29cedcf24a5cedbb9255bec54ad
Opcode Fuzzy Hash: da8b3951977d11f3aac7460c050b7a73113c39fd21824e335e53d6c9b696b8b5
Instruction Fuzzy Hash: 5E11C275400204AFEB21CF55DC84FA6BBA8EF44324F08C5AAED448F641D375A409CBB5

Function 0566161A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,00000E24), ref: 05661683

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 33b2518f9fb936fd7ce259d0bef3ca7d25d718bc54a3eddbf14f1587857cee73
Instruction ID: c65eb1a7ba3d0d8ebead17e09c0a9baec00656b054dbed9c060a819d47c91029
Opcode Fuzzy Hash: 33b2518f9fb936fd7ce259d0bef3ca7d25d718bc54a3eddbf14f1587857cee73
Instruction Fuzzy Hash: 3D11CE75501200AEEB20DB11DC81FB6FBA8DF05724F08C19AEE458A781D6B9A948CAA5

Function 056625BA Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05662610

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 553a1f5c2b9cfe64ac121c4f02278dae0869bb4f0a305ca4ef53476cf83f3ba5
Instruction ID: e9958350322baa1f320a8c4b0eaa0a8fd3eed6af4a259299fbc6695d555b75bd
Opcode Fuzzy Hash: 553a1f5c2b9cfe64ac121c4f02278dae0869bb4f0a305ca4ef53476cf83f3ba5
Instruction Fuzzy Hash: A9113A795042449FDB20CF55D894FA2FBE8EF04610F08C4AADD49CBA62D375E848DFA1

Function 00B9A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 00B9A0D5

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: a40d9bd8d16ecb8468d8c6bb3bb813f04e18819b94ef7611b0c211d04c2eca29
Instruction ID: 646b5dd22508680d06b9d1e90669e38ea81b999aad1dbba887fa49b496e22719
Opcode Fuzzy Hash: a40d9bd8d16ecb8468d8c6bb3bb813f04e18819b94ef7611b0c211d04c2eca29
Instruction Fuzzy Hash: 2C11BF75409380AFDB22CF11DC44B52FFF4EF46224F0888DAED849B552C275A808DBA2

Function 00B9BE16 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,00000E24,B43DCBD4,00000000,00000000,00000000,00000000), ref: 00B9BE69

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: dfa9804c81d186fe3582c58e93309bfd075ee2277e0cb6bf4e117936aa0106bc
Instruction ID: e3fb1c7c46cd152b600a3fc969cad20405ed1bb3ae4b63b99e75f437147b6608
Opcode Fuzzy Hash: dfa9804c81d186fe3582c58e93309bfd075ee2277e0cb6bf4e117936aa0106bc
Instruction Fuzzy Hash: 5C01C471500604AEEB208B05ED84FA6BBECDF04724F18C4A6EE058B652D364E8088AA5

Function 00B9B298 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,?), ref: 00B9B2EF

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: IdleInputWait
String ID:
API String ID: 2200289081-0
Opcode ID: 38277039287b60d586733f8af111bd638569242e81c01d279e1991f4a1b3b10a
Instruction ID: 365e43f1174dc94fbf1d1d34a35936c9d3b0f5e5890a6681dde707e313d99260
Opcode Fuzzy Hash: 38277039287b60d586733f8af111bd638569242e81c01d279e1991f4a1b3b10a
Instruction Fuzzy Hash: AB115E754493809FDB11CF55DD84B56BFE8EF46220F0984EAED858B262D279A808CB62

Function 00B9AAFC Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,B43DCBD4,00000000,?,?,?,?,?,?,?,?,6CF23C58), ref: 00B9AB50

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: bdd9c4d253c36695b16f0334606d78718074ba9f73530146fe9def07b94aca6c
Instruction ID: c9cbb5631470671d6b19b882fc49ec977c7424de806465c2422bf9c8ce296fcc
Opcode Fuzzy Hash: bdd9c4d253c36695b16f0334606d78718074ba9f73530146fe9def07b94aca6c
Instruction Fuzzy Hash: 96116171409384AFDB128B15DC44B62FFF8DF46724F0984DAED858B663D265A908CBB2

Function 0566128E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 056612DA

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 546a9ef867949167e46c3639c6dee23f035f244bcfc7d9ec4afa4ab0b6f4ee32
Instruction ID: 94a75b018bd111f2131f460d764b2e826006599583cfb7e5a8d7fa84a98378ac
Opcode Fuzzy Hash: 546a9ef867949167e46c3639c6dee23f035f244bcfc7d9ec4afa4ab0b6f4ee32
Instruction Fuzzy Hash: 381182354006449FDB20CF55D884B66FBE5FF05310F08C59ADD468BA12D376E458DF61

Function 056613AE Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 056613FE

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: f269130924d98d55a9829ecc4c8bac06d7737b31cc2d2b049e905cf6414dbac4
Instruction ID: a64b022e0e757877174bee60f9d59fa6fe8b9bee06b453a1b6d7ea10e2c0ab6b
Opcode Fuzzy Hash: f269130924d98d55a9829ecc4c8bac06d7737b31cc2d2b049e905cf6414dbac4
Instruction Fuzzy Hash: 72017171500200ABD750DF16DC45B66FBE8EB88A20F14855AED099BB41D731F915CBE6

Function 00B9B3F2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B9B436

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ed46f82d6dabce314bb95b6cf4a8fb94068c102d868b8fa840b4561531864c2d
Instruction ID: 6c7d9e56263c3a7b22e94276f03adf66fec50bd5cb76963da4bf3821c2d9a1ce
Opcode Fuzzy Hash: ed46f82d6dabce314bb95b6cf4a8fb94068c102d868b8fa840b4561531864c2d
Instruction Fuzzy Hash: 16016132400600DFDB21CF55D944B56FBE0EF08714F08C9AADE854A752D376E418EF62

Function 056602CE Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 0566031E

Memory Dump Source

Source File: 00000000.00000002.3757700578.0000000005660000.00000040.00000800.00020000.00000000.sdmp, Offset: 05660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5660000_Fast Download.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0946000430ba0d382b6bc60f46a5e96928f0a76e12967520e444b14775aee44d
Instruction ID: 5085b06d0c4453e140300bd24b588c08b63c74a5968af6a33f3d83f86bd87ef2
Opcode Fuzzy Hash: 0946000430ba0d382b6bc60f46a5e96928f0a76e12967520e444b14775aee44d
Instruction Fuzzy Hash: 3401A271500200ABD250DF16CC46F66FBE8FB88A20F14815AED089BB41D771F915CBE6

Function 00B9A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 00B9A0D5

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 8e8f3bbc529e64cf22560f45b16fab27495941d08c0833150c125e4310084c83
Instruction ID: 521c6092b45a6f41a4aba542f0a0e882f57f72623ee2f1e68961fe33e6d3d483
Opcode Fuzzy Hash: 8e8f3bbc529e64cf22560f45b16fab27495941d08c0833150c125e4310084c83
Instruction Fuzzy Hash: CA01BC364006409FDB20CF55D884B62FBE0EF05324F08C8AADE499B652D376E808DFA2

Function 00B9B2BA Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

WaitForInputIdle.USER32(?,?), ref: 00B9B2EF

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: IdleInputWait
String ID:
API String ID: 2200289081-0
Opcode ID: 407e810f8b648f805196f368fdef4b79ffb3fa5a495676d881e39d6de20d5eae
Instruction ID: c828c991cdc274e91535a7fe13e21ce6037ac1d2cd0e965936b828ec26568381
Opcode Fuzzy Hash: 407e810f8b648f805196f368fdef4b79ffb3fa5a495676d881e39d6de20d5eae
Instruction Fuzzy Hash: A6017C754042409FDB10CF56E984B65FBE4EF04320F08C4EADD498B652D37AE804DEA6

Function 00B9A4AA Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 00B9A4DC

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: f4e300338af52e3b1af22fa4d5e607e6b2474caacb45f18286265248d09e62fa
Instruction ID: d37c26e62f4e9e419b4c102462959686757283da72d12bdc1988f08a4472def7
Opcode Fuzzy Hash: f4e300338af52e3b1af22fa4d5e607e6b2474caacb45f18286265248d09e62fa
Instruction Fuzzy Hash: 14018B759002409FEB10CF15D888761FBE4EF44320F08C4EADD498F742D27AE808DEA2

Function 00B9AB1E Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(?,B43DCBD4,00000000,?,?,?,?,?,?,?,?,6CF23C58), ref: 00B9AB50

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 4246a363289a6e852baf7ae4b5d3eb98aba973905c56c566a22933bf455fc0b1
Instruction ID: 93c249ed01dcd910ab5cc2b5ed5580970f74c628b55e60f0f1b9e9768bcac753
Opcode Fuzzy Hash: 4246a363289a6e852baf7ae4b5d3eb98aba973905c56c566a22933bf455fc0b1
Instruction Fuzzy Hash: 8AF0AF758042449FDB108F05D885761FBE4EF04324F08C0EADE494BB62D3B9E808CEE2

Function 00B9A23C Relevance: 1.3, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,B43DCBD4,00000000,?,?,?,?,?,?,?,?,6CF23C58), ref: 00B9A290

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: b84f7cef3df71c6741eb393b262bb523058793741771457f403b141089ed59b7
Instruction ID: b0e45544df9909cf10d29459a1cb7281303dda29b87daaae9145d7f934278566
Opcode Fuzzy Hash: b84f7cef3df71c6741eb393b262bb523058793741771457f403b141089ed59b7
Instruction Fuzzy Hash: 2911C275509380AFDB11CF55DC84B52BFE8EF42320F0884EBED858B652D275A808CBA2

Function 00B9A25E Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,B43DCBD4,00000000,?,?,?,?,?,?,?,?,6CF23C58), ref: 00B9A290

Memory Dump Source

Source File: 00000000.00000002.3754839911.0000000000B9A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b9a000_Fast Download.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 41f25518ddc1ee3d95bcb672e99cbab3e4c3fccc1014d9ab39e04583a91cbbdc
Instruction ID: 248eb395fac75826fcc7edca98878f9a5fac3e431c6ab378fb76f549a1fbe77e
Opcode Fuzzy Hash: 41f25518ddc1ee3d95bcb672e99cbab3e4c3fccc1014d9ab39e04583a91cbbdc
Instruction Fuzzy Hash: 85018F755052409FDB10CF55D8857A6FBE4DF05320F08C4EBDD498FA52D27AE808DEA2

Function 011F07DC Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756270883.00000000011F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11f0000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8971cc977d8f20bbffaea791e626e18a08618ccc22093095a7eb317ba2fda6ed
Instruction ID: b981f14d5e8f572b34aad3b681f1d668da86d70023b4a4793957839ea4599b39
Opcode Fuzzy Hash: 8971cc977d8f20bbffaea791e626e18a08618ccc22093095a7eb317ba2fda6ed
Instruction Fuzzy Hash: D4213A31509780CFDB178B24D950B51BFB1AF4B318F1985EED4898FAA3C33A8846DB51

Function 05701E30 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3757739906.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba3f305157a0ee93b242bd5c901caadf8d69400eb04db9ad9778406f813b4fc
Instruction ID: b9127f73d20a7dbfcf23479888fc40c182fa81c4b91117781ae07dd3a45b1a69
Opcode Fuzzy Hash: dba3f305157a0ee93b242bd5c901caadf8d69400eb04db9ad9778406f813b4fc
Instruction Fuzzy Hash: 5511CCB5908341AFD350CF19D840A5BFBE4FB88664F04895EF998D7311D235E904CFA2

Function 011F0814 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756270883.00000000011F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11f0000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd3639e23ba91a538b3f05c50013a6f039f65d88d36c98b87e9ac197530b5483
Instruction ID: c9c318ca7d12027f19bc917c40812657fc5cb9d67121dd92fade41d7abb6939e
Opcode Fuzzy Hash: cd3639e23ba91a538b3f05c50013a6f039f65d88d36c98b87e9ac197530b5483
Instruction Fuzzy Hash: 3A11D630A04640DFD719CB14D940B66BBE6AB8C708F24C9ACFA491B653C77BD813CA81

Function 00BAAF48 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3754899951.0000000000BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_baa000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 246e371e170eabdb067a90be14cb67a4d637852aec58cbedeb5c939f577882fc
Instruction ID: a563fe96f7d4e93c1dc97ca0e043a0031cf93c66070ae14f54077691ff6c4ecd
Opcode Fuzzy Hash: 246e371e170eabdb067a90be14cb67a4d637852aec58cbedeb5c939f577882fc
Instruction Fuzzy Hash: 0311FAB5908301AFD350CF09DC40E5BFBE8EB88660F04891EF95997711D235E9088FA2

Function 05701CD4 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3757739906.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2af60d5e661976c6a2ac3702a610922bd01fcefbe750829a41f2e59523001b61
Instruction ID: 49496f3bc014817a4fd6c7e21655c04d9b71bb99d0d728b2b70a8b85c88c6032
Opcode Fuzzy Hash: 2af60d5e661976c6a2ac3702a610922bd01fcefbe750829a41f2e59523001b61
Instruction Fuzzy Hash: 4411FAB5908301AFD350CF09DC80E5BFBE8EB88660F04881EF95997711D235E9088FA2

Function 011F05DF Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756270883.00000000011F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11f0000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2063c8a679a74efed290cc4fadc649b8d12f17fd456ba93c1be87d5fea4a862
Instruction ID: c59f649cd0a17083631f574f2e2ac3e190ed69a7506fa6ae49f98c1dec3d0b61
Opcode Fuzzy Hash: f2063c8a679a74efed290cc4fadc649b8d12f17fd456ba93c1be87d5fea4a862
Instruction Fuzzy Hash: 48018B755097806FD7118F05AC50863FFF8DF8663070984DFE84987A52D225A808CB72

Function 011F08D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756270883.00000000011F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11f0000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b37cd60603e03a6a813dd205d6952d3fbcfb37318c7041c0da74c17324a107b
Instruction ID: 56ef5be6a080e776b3b39287f916ce32bee1d45a47f08e1f1f95d571a3c76405
Opcode Fuzzy Hash: 5b37cd60603e03a6a813dd205d6952d3fbcfb37318c7041c0da74c17324a107b
Instruction Fuzzy Hash: 90F01D35504644DFC706CF04D580B15FBA2EB89718F24CAADE94917753C737D813DA81

Function 011F0606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3756270883.00000000011F0000.00000040.00000020.00020000.00000000.sdmp, Offset: 011F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_11f0000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 936b7564390b6c36b1a4214a98863e3d7d31ab0f1fbdfd7e17768f420b35780d
Instruction ID: efe8b116a655f5eabfb37122d471365a0c9365f42d45109cdfd72f389d6ae0a7
Opcode Fuzzy Hash: 936b7564390b6c36b1a4214a98863e3d7d31ab0f1fbdfd7e17768f420b35780d
Instruction Fuzzy Hash: EBE092B66006005BD650CF0AFC41452F7D8EB84630708C47FDC0D8BB01D275B508CEE5

Function 00BAAF97 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3754899951.0000000000BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BAA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_baa000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c6eb3594e98f3bbc2425d3d6d9048ca75889f2cb7335462a46bf5f858259999
Instruction ID: 1ba3a745e5982902d4dd2d2c2752619997c15cdac8237a585db7aecbf6922840
Opcode Fuzzy Hash: 6c6eb3594e98f3bbc2425d3d6d9048ca75889f2cb7335462a46bf5f858259999
Instruction Fuzzy Hash: 8FE0D8B254020467D2108E069C45F62FB98DB44A30F08C557ED095B701D176B9048EF5

Function 05701747 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3757739906.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a211787877fc8d1e82d20a99c69a29c7082c72138b707f880b76b7e93a5720dc
Instruction ID: 87e8e2f19f66f2c39864b7cf30ae4fee88775d674a9bfd994b4169ac880a1fd9
Opcode Fuzzy Hash: a211787877fc8d1e82d20a99c69a29c7082c72138b707f880b76b7e93a5720dc
Instruction Fuzzy Hash: 2DE0D8B254020067D2109E069C45F53FB98DB40A30F08C457ED091B701D176B514CEE6

Function 05701D23 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3757739906.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afce14e68ad0c0823fb03aba9e881d5ca9ff7281dbd59c0a4a14e107939e8eeb
Instruction ID: fa44ca2ca342d7ef05f405e64a46f8f17ab93934749e4195467d9fdfc89440b8
Opcode Fuzzy Hash: afce14e68ad0c0823fb03aba9e881d5ca9ff7281dbd59c0a4a14e107939e8eeb
Instruction Fuzzy Hash: 69E0D8B254030467D2509E069C45F53FB98DB40A30F08C457ED091B702D176B5048EF6

Function 05701E9B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3757739906.0000000005700000.00000040.00000800.00020000.00000000.sdmp, Offset: 05700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5700000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1bfde21cdd32993bd29cd29df279be20cc207c230f9f3c7ed84a89964511f7ba
Instruction ID: 8953099734a45afbaf3fde4537ae230b1dac5a399f536f597c648028529c648e
Opcode Fuzzy Hash: 1bfde21cdd32993bd29cd29df279be20cc207c230f9f3c7ed84a89964511f7ba
Instruction Fuzzy Hash: 09E0D8B254030067D3108E069C45F52FB98DB44A30F08C467ED085B741D176B5148EE6

Function 00B923F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3754820096.0000000000B92000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B92000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b92000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba3703b2e03c716bce5a3ad1187793b5843d492f7ba0d1ea40a0e7eace352813
Instruction ID: 626a4ee155a86523d7bb9d3c3f848852d82fbf95b2b54c6677d1977002f242be
Opcode Fuzzy Hash: ba3703b2e03c716bce5a3ad1187793b5843d492f7ba0d1ea40a0e7eace352813
Instruction Fuzzy Hash: 8DD05E796056C15FD7169B1CC1A5F9537D4AB61718F4A84F9A8008B763C768D981D600

Function 00B923BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3754820096.0000000000B92000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B92000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_b92000_Fast Download.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b902c5eed4629093a086bf34b1b37c51023b2515c200fad29551bd307aa09450
Instruction ID: e76fbc0716c50c2f9b6aa92c3bc51783498c10250c59a501dddea02952f96788
Opcode Fuzzy Hash: b902c5eed4629093a086bf34b1b37c51023b2515c200fad29551bd307aa09450
Instruction Fuzzy Hash: 0DD05E346042814FCB25DB0CD2D4F593BD4EF40714F0644F8AC108B762C7A8D8C0CA00

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Fast Download.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Njrat

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
Fast Download.exe

Function 01161CD8 Relevance: 1.9, APIs: 1, Instructions: 394
COMMON

Function 01161CC8 Relevance: 1.8, APIs: 1, Instructions: 330
COMMON

Function 0566131A Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Function 00B9AF30 Relevance: 1.6, APIs: 1, Instructions: 101
registryCOMMON

Function 056622E2 Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Function 00B9BCC7 Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Function 05660257 Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Function 0566108C Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Function 00B9AE32 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Function 05660F84 Relevance: 1.6, APIs: 1, Instructions: 89
timeCOMMON

Function 05660880 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON