Edit tour

Windows Analysis Report
5556.rar.exe

Overview

General Information

Sample name:	5556.rar.exe
Analysis ID:	1575638
MD5:	475813f4cabffe076aefbd618a982512
SHA1:	e2febca085bd5f5ac9aa2313bab17b4565a4024b
SHA256:	ef5c02c221b5cb992728758e29195115a8f5481cf9ca5072a0616f95d00a362c
Tags:	exeNjRATuser-lontze7
Infos:

Detection

Njrat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Njrat

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to log keystrokes (.Net Source)

Creates autostart registry keys with suspicious names

Disables zone checking for all users

Drops PE files to the startup folder

Drops PE files with benign system names

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the windows firewall

Protects its processes via BreakOnTermination flag

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Sigma detected: Windows Binaries Write Suspicious Extensions

Uses an obfuscated file name to hide its real file extension (double extension)

Uses netsh to modify the Windows network and firewall settings

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Startup Folder File Write

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

5556.rar.exe (PID: 5496 cmdline: "C:\Users\user\Desktop\5556.rar.exe" MD5: 475813F4CABFFE076AEFBD618A982512)

lsass.exe (PID: 4904 cmdline: "C:\Users\user\AppData\Roaming\lsass.exe" MD5: 475813F4CABFFE076AEFBD618A982512)

netsh.exe (PID: 5432 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lsass.exe" "lsass.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)

conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

lsass.exe (PID: 5952 cmdline: "C:\Users\user\AppData\Roaming\lsass.exe" .. MD5: 475813F4CABFFE076AEFBD618A982512)

lsass.exe (PID: 4364 cmdline: "C:\Users\user\AppData\Roaming\lsass.exe" .. MD5: 475813F4CABFFE076AEFBD618A982512)

lsass.exe (PID: 280 cmdline: "C:\Users\user\AppData\Roaming\lsass.exe" .. MD5: 475813F4CABFFE076AEFBD618A982512)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Campaign ID": "", "Version": "0.7d", "Install Name": "lsass.exe", "Install Dir": "AppData", "Registry Value": "e67ceec44f16fc357df593d15ca3e96b", "Host": "188.212.158.75", "Port": "5556", "Network Seprator": "|'|'|", "Install Flag": "True"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
5556.rar.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
5556.rar.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4e4a:$a3: Download ERROR 0x4d10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4ca2:$a5: netsh firewall delete allowedprogram "
5556.rar.exe	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d10:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e68:$s3: Executed As 0x4e4a:$s6: Download ERROR
5556.rar.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4d7e:$a1: netsh firewall add allowedprogram 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4ff8:$b1: [TAP] 0x4d10:$c3: cmd.exe /c ping
5556.rar.exe	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d4e:$reg: SEE_MASK_NOZONECHECKS 0x4e26:$msg: Execute ERROR 0x4e82:$msg: Execute ERROR 0x4d10:$ping: cmd.exe /c ping 0 -n 2 & del
5556.rar.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4ca2:$s1: netsh firewall delete allowedprogram 0x4d7e:$s2: netsh firewall add allowedprogram 0x4d10:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e26:$s4: Execute ERROR 0x4e82:$s4: Execute ERROR 0x4e4a:$s5: Download ERROR 0x4fae:$s6: [kl]
Click to see the 1 entries

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Njrat_1	Yara detected Njrat	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4e4a:$a3: Download ERROR 0x4d10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4ca2:$a5: netsh firewall delete allowedprogram "
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d10:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e68:$s3: Executed As 0x4e4a:$s6: Download ERROR
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4d7e:$a1: netsh firewall add allowedprogram 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4ff8:$b1: [TAP] 0x4d10:$c3: cmd.exe /c ping
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d4e:$reg: SEE_MASK_NOZONECHECKS 0x4e26:$msg: Execute ERROR 0x4e82:$msg: Execute ERROR 0x4d10:$ping: cmd.exe /c ping 0 -n 2 & del
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4ca2:$s1: netsh firewall delete allowedprogram 0x4d7e:$s2: netsh firewall add allowedprogram 0x4d10:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e26:$s4: Execute ERROR 0x4e82:$s4: Execute ERROR 0x4e4a:$s5: Download ERROR 0x4fae:$s6: [kl]
C:\Users\user\AppData\Roaming\lsass.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
C:\Users\user\AppData\Roaming\lsass.exe	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4e4a:$a3: Download ERROR 0x4d10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4ca2:$a5: netsh firewall delete allowedprogram "
C:\Users\user\AppData\Roaming\lsass.exe	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d10:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e68:$s3: Executed As 0x4e4a:$s6: Download ERROR
C:\Users\user\AppData\Roaming\lsass.exe	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4d7e:$a1: netsh firewall add allowedprogram 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4ff8:$b1: [TAP] 0x4d10:$c3: cmd.exe /c ping
C:\Users\user\AppData\Roaming\lsass.exe	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d4e:$reg: SEE_MASK_NOZONECHECKS 0x4e26:$msg: Execute ERROR 0x4e82:$msg: Execute ERROR 0x4d10:$ping: cmd.exe /c ping 0 -n 2 & del
C:\Users\user\AppData\Roaming\lsass.exe	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4ca2:$s1: netsh firewall delete allowedprogram 0x4d7e:$s2: netsh firewall add allowedprogram 0x4d10:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e26:$s4: Execute ERROR 0x4e82:$s4: Execute ERROR 0x4e4a:$s5: Download ERROR 0x4fae:$s6: [kl]
Click to see the 7 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x26fee:$a1: get_Registry 0x220b8:$a2: SEE_MASK_NOZONECHECKS 0x280a2:$a2: SEE_MASK_NOZONECHECKS 0x2819e:$a3: Download ERROR 0x28064:$a4: cmd.exe /c ping 0 -n 2 & del " 0x27ff6:$a5: netsh firewall delete allowedprogram "
00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x22108:$a1: netsh firewall add allowedprogram 0x280d2:$a1: netsh firewall add allowedprogram 0x220b8:$a2: SEE_MASK_NOZONECHECKS 0x280a2:$a2: SEE_MASK_NOZONECHECKS 0x2834c:$b1: [TAP] 0x28064:$c3: cmd.exe /c ping
00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x220b8:$reg: SEE_MASK_NOZONECHECKS 0x280a2:$reg: SEE_MASK_NOZONECHECKS 0x2817a:$msg: Execute ERROR 0x281d6:$msg: Execute ERROR 0x28064:$ping: cmd.exe /c ping 0 -n 2 & del
00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3a9a:$a1: get_Registry 0x4b4e:$a2: SEE_MASK_NOZONECHECKS 0x4c4a:$a3: Download ERROR 0x4b10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4aa2:$a5: netsh firewall delete allowedprogram "
00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4b7e:$a1: netsh firewall add allowedprogram 0x4b4e:$a2: SEE_MASK_NOZONECHECKS 0x4df8:$b1: [TAP] 0x4b10:$c3: cmd.exe /c ping
00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4b4e:$reg: SEE_MASK_NOZONECHECKS 0x4c26:$msg: Execute ERROR 0x4c82:$msg: Execute ERROR 0x4b10:$ping: cmd.exe /c ping 0 -n 2 & del
00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: 5556.rar.exe PID: 5496	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: lsass.exe PID: 4904	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.5556.rar.exe.2b64354.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
0.2.5556.rar.exe.2b64354.0.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x1e9a:$a1: get_Registry 0x2f4e:$a2: SEE_MASK_NOZONECHECKS 0x304a:$a3: Download ERROR 0x2f10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x2ea2:$a5: netsh firewall delete allowedprogram "
0.2.5556.rar.exe.2b64354.0.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x2f10:$x1: cmd.exe /c ping 0 -n 2 & del " 0x3068:$s3: Executed As 0x304a:$s6: Download ERROR
0.2.5556.rar.exe.2b64354.0.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x2f7e:$a1: netsh firewall add allowedprogram 0x2f4e:$a2: SEE_MASK_NOZONECHECKS 0x31f8:$b1: [TAP] 0x2f10:$c3: cmd.exe /c ping
0.2.5556.rar.exe.2b64354.0.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x2f4e:$reg: SEE_MASK_NOZONECHECKS 0x3026:$msg: Execute ERROR 0x3082:$msg: Execute ERROR 0x2f10:$ping: cmd.exe /c ping 0 -n 2 & del
0.2.5556.rar.exe.2b64354.0.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x2ea2:$s1: netsh firewall delete allowedprogram 0x2f7e:$s2: netsh firewall add allowedprogram 0x2f10:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x3026:$s4: Execute ERROR 0x3082:$s4: Execute ERROR 0x304a:$s5: Download ERROR 0x31ae:$s6: [kl]
0.0.5556.rar.exe.380000.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
0.0.5556.rar.exe.380000.0.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4e4a:$a3: Download ERROR 0x4d10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4ca2:$a5: netsh firewall delete allowedprogram "
0.0.5556.rar.exe.380000.0.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d10:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e68:$s3: Executed As 0x4e4a:$s6: Download ERROR
0.0.5556.rar.exe.380000.0.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4d7e:$a1: netsh firewall add allowedprogram 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4ff8:$b1: [TAP] 0x4d10:$c3: cmd.exe /c ping
0.0.5556.rar.exe.380000.0.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d4e:$reg: SEE_MASK_NOZONECHECKS 0x4e26:$msg: Execute ERROR 0x4e82:$msg: Execute ERROR 0x4d10:$ping: cmd.exe /c ping 0 -n 2 & del
0.0.5556.rar.exe.380000.0.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4ca2:$s1: netsh firewall delete allowedprogram 0x4d7e:$s2: netsh firewall add allowedprogram 0x4d10:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e26:$s4: Execute ERROR 0x4e82:$s4: Execute ERROR 0x4e4a:$s5: Download ERROR 0x4fae:$s6: [kl]
0.2.5556.rar.exe.2b64354.0.raw.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
0.2.5556.rar.exe.2b64354.0.raw.unpack	Windows_Trojan_Njrat_30f3c220	unknown	unknown	0x3c9a:$a1: get_Registry 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4e4a:$a3: Download ERROR 0x4d10:$a4: cmd.exe /c ping 0 -n 2 & del " 0x4ca2:$a5: netsh firewall delete allowedprogram "
0.2.5556.rar.exe.2b64354.0.raw.unpack	CN_disclosed_20180208_c	Detects malware from disclosed CN malware set	Florian Roth	0x4d10:$x1: cmd.exe /c ping 0 -n 2 & del " 0x4e68:$s3: Executed As 0x4e4a:$s6: Download ERROR
0.2.5556.rar.exe.2b64354.0.raw.unpack	njrat1	Identify njRat	Brian Wallace @botnet_hunter	0x4d7e:$a1: netsh firewall add allowedprogram 0x4d4e:$a2: SEE_MASK_NOZONECHECKS 0x4ff8:$b1: [TAP] 0x4d10:$c3: cmd.exe /c ping
0.2.5556.rar.exe.2b64354.0.raw.unpack	Njrat	detect njRAT in memory	JPCERT/CC Incident Response Group	0x4d4e:$reg: SEE_MASK_NOZONECHECKS 0x4e26:$msg: Execute ERROR 0x4e82:$msg: Execute ERROR 0x4d10:$ping: cmd.exe /c ping 0 -n 2 & del
0.2.5556.rar.exe.2b64354.0.raw.unpack	MALWARE_Win_NjRAT	Detects NjRAT / Bladabindi	ditekSHen	0x4ca2:$s1: netsh firewall delete allowedprogram 0x4d7e:$s2: netsh firewall add allowedprogram 0x4d10:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 63 00 20 00 70 00 69 00 6E 00 67 0x4e26:$s4: Execute ERROR 0x4e82:$s4: Execute ERROR 0x4e4a:$s5: Download ERROR 0x4fae:$s6: [kl]
Click to see the 13 entries

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\5556.rar.exe, ProcessId: 5496, TargetFilename: C:\Users\user\AppData\Roaming\lsass.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Roaming\lsass.exe" , CommandLine: "C:\Users\user\AppData\Roaming\lsass.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\lsass.exe, NewProcessName: C:\Users\user\AppData\Roaming\lsass.exe, OriginalFileName: C:\Users\user\AppData\Roaming\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\5556.rar.exe", ParentImage: C:\Users\user\Desktop\5556.rar.exe, ParentProcessId: 5496, ParentProcessName: 5556.rar.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\lsass.exe" , ProcessId: 4904, ProcessName: lsass.exe

Sigma detected: Windows Binaries Write Suspicious Extensions

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\lsass.exe, ProcessId: 4904, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\lsass.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\lsass.exe, ProcessId: 4904, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e67ceec44f16fc357df593d15ca3e96b

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\lsass.exe, ProcessId: 4904, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\lsass.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\lsass.exe, ProcessId: 4904, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\e67ceec44f16fc357df593d15ca3e96b

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: "C:\Users\user\AppData\Roaming\lsass.exe" , CommandLine: "C:\Users\user\AppData\Roaming\lsass.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\lsass.exe, NewProcessName: C:\Users\user\AppData\Roaming\lsass.exe, OriginalFileName: C:\Users\user\AppData\Roaming\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\5556.rar.exe", ParentImage: C:\Users\user\Desktop\5556.rar.exe, ParentProcessId: 5496, ParentProcessName: 5556.rar.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\lsass.exe" , ProcessId: 4904, ProcessName: lsass.exe

Suricata Signatures

ET MALWARE Bladabindi/njRAT CnC Command (ll)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:36:57.381892+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:37:02.112650+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:06.939751+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:11.769051+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:16.611963+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:21.463298+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:26.348189+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:31.211676+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:36.033958+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:41.026002+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:45.784966+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:50.597895+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:55.443438+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49807	188.212.158.75	5556	TCP
2024-12-16T07:38:00.269136+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:05.115012+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49832	188.212.158.75	5556	TCP
2024-12-16T07:38:09.958841+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:38:14.786492+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:38:19.503639+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:24.066446+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:28.533722+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:33.011762+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:37.165582+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:41.334137+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:45.410279+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:49.425443+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:38:53.332543+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:38:57.256016+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:39:01.036484+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:04.724434+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49977	188.212.158.75	5556	TCP
2024-12-16T07:39:08.381528+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:11.974287+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:15.503052+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50004	188.212.158.75	5556	TCP
2024-12-16T07:39:18.992362+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50011	188.212.158.75	5556	TCP
2024-12-16T07:39:22.458585+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50022	188.212.158.75	5556	TCP
2024-12-16T07:39:25.918148+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50030	188.212.158.75	5556	TCP
2024-12-16T07:39:29.337101+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:32.650882+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:35.973785+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50043	188.212.158.75	5556	TCP
2024-12-16T07:39:39.237172+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:39:42.611090+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:45.937510+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:49.119580+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:52.381069+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:39:55.458893+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:58.544307+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:40:01.659044+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:04.742331+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:07.815544+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:40:10.878173+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:40:13.942109+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:17.099776+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:20.128602+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:23.183069+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:40:26.176634+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:40:29.159134+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:40:32.153283+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:40:35.127258+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:40:38.065383+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:40:41.035015+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:43.982639+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:49.064248+0100	2021176	1	Malware Command and Control Activity Detected	192.168.2.4	50066	188.212.158.75	5556	TCP

ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:36:57.381892+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:37:02.112650+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:06.939751+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:11.769051+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:16.611963+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:21.463298+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:26.348189+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:31.211676+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:36.033958+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:41.026002+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:45.784966+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:50.597895+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:55.443438+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49807	188.212.158.75	5556	TCP
2024-12-16T07:38:00.269136+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:05.115012+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49832	188.212.158.75	5556	TCP
2024-12-16T07:38:09.958841+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:38:14.786492+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:38:19.503639+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:24.066446+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:28.533722+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:33.011762+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:37.165582+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:41.334137+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:45.410279+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:49.425443+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:38:53.332543+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:38:57.256016+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:39:01.036484+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:04.724434+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49977	188.212.158.75	5556	TCP
2024-12-16T07:39:08.381528+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:11.974287+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:15.503052+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50004	188.212.158.75	5556	TCP
2024-12-16T07:39:18.992362+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50011	188.212.158.75	5556	TCP
2024-12-16T07:39:22.458585+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50022	188.212.158.75	5556	TCP
2024-12-16T07:39:25.918148+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50030	188.212.158.75	5556	TCP
2024-12-16T07:39:29.337101+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:32.650882+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:35.973785+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50043	188.212.158.75	5556	TCP
2024-12-16T07:39:39.237172+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:39:42.611090+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:45.937510+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:49.119580+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:52.381069+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:39:55.458893+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:58.544307+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:40:01.659044+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:04.742331+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:07.815544+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:40:10.878173+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:40:13.942109+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:17.099776+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:20.128602+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:23.183069+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:40:26.176634+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:40:29.159134+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:40:32.153283+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:40:35.127258+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:40:38.065383+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:40:41.035015+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:43.982639+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:49.064248+0100	2033132	1	Malware Command and Control Activity Detected	192.168.2.4	50066	188.212.158.75	5556	TCP

ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:37:03.149331+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:27.727197+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:47.832737+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:52.066852+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:38:02.346343+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:02.466183+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:02.892474+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:10.438381+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:38:20.482561+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:26.120517+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.240851+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.362260+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.482401+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:29.133178+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:29.373202+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:29.915061+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:30.034869+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:30.154956+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:33.259516+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:33.522180+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:39.083579+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.222919+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.359974+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.479988+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.837455+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:42.173741+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.293566+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.413835+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.596077+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:43.497040+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:43.616847+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:45.770989+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:46.697150+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:46.817072+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:54.412719+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:38:59.418114+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:38:59.876877+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:39:02.911265+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:03.031493+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:03.405249+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:10.188500+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.308484+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.635447+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.919836+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:11.039657+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:13.175123+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:14.396951+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:14.517444+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:30.262005+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:30.381773+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:30.501591+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:32.894886+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:33.633586+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:33.873290+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:42.988374+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:46.177903+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:49.359163+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:49.478874+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:55.809667+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:55.929432+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:40:02.631336+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:02.751324+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:03.053909+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:03.293744+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:05.342915+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:15.983104+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:16.103206+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:19.500780+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:19.631565+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:19.751452+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:20.607656+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:22.670805+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:22.792173+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:23.542755+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:40:43.490589+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:44.995573+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:46.560451+0100	2825564	1	Malware Command and Control Activity Detected	192.168.2.4	50065	188.212.158.75	5556	TCP

ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:36:57.501651+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:37:02.236564+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:07.060148+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:11.890182+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:16.731831+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:21.586920+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:26.468513+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:31.331698+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:36.153963+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:41.145856+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:45.905041+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:50.717794+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:38:33.135012+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:40:49.183984+0100	2825563	1	Malware Command and Control Activity Detected	192.168.2.4	50066	188.212.158.75	5556	TCP

ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50030	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50022	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49832	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50004	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49977	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50043	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50011	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:17.441745+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:38:52.076554+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:39:41.881192+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:40:01.069760+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:40:07.146451+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:09.978364+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:40:13.163563+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:40:28.583243+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:40:31.562850+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:40:34.560161+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:40:37.414042+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:40:40.225036+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:40:43.490589+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:46.560451+0100	2814860	1	Malware Command and Control Activity Detected	192.168.2.4	50065	188.212.158.75	5556	TCP

ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-16T07:36:57.501651+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:37:02.236564+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:07.060148+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:11.890182+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:16.731831+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:21.586920+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:26.468513+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:31.331698+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:36.153963+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:41.145856+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:45.905041+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:50.717794+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:55.564618+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49807	188.212.158.75	5556	TCP
2024-12-16T07:38:33.135012+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:39:29.457012+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:42.730902+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:46.058030+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:49.239340+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:52.500918+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:39:55.578623+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:40:49.183984+0100	2838486	1	Malware Command and Control Activity Detected	192.168.2.4	50066	188.212.158.75	5556	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 5556.rar.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	Avira: detection malicious, Label: TR/Dropper.Gen7
Source: C:\Users\user\AppData\Roaming\lsass.exe	Avira: detection malicious, Label: TR/Dropper.Gen7

Found malware configuration

Source: 0.0.5556.rar.exe.380000.0.unpack

Malware Configuration Extractor: Njrat {"Campaign ID": "", "Version": "0.7d", "Install Name": "lsass.exe", "Install Dir": "AppData", "Registry Value": "e67ceec44f16fc357df593d15ca3e96b", "Host": "188.212.158.75", "Port": "5556", "Network Seprator": "|'|'|", "Install Flag": "True"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	ReversingLabs: Detection: 94%
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	Virustotal: Detection: 87%	Perma Link
Source: C:\Users\user\AppData\Roaming\lsass.exe	ReversingLabs: Detection: 94%
Source: C:\Users\user\AppData\Roaming\lsass.exe	Virustotal: Detection: 87%	Perma Link

Multi AV Scanner detection for submitted file

Source: 5556.rar.exe	Virustotal: Detection: 87%			Perma Link
Source: 5556.rar.exe	ReversingLabs: Detection: 94%

Yara detected Njrat

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5556.rar.exe, type: SAMPLE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5556.rar.exe PID: 5496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lsass.exe PID: 4904, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\lsass.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 5556.rar.exe

Joe Sandbox ML: detected

Source: 5556.rar.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\5556.rar.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: 5556.rar.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49743 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49743 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49742 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49741 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49771 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49771 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49771 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49795 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49795 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49741 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49795 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49745 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49741 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49743 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49743 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49735 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49771 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49795 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49741 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49795 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49735 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49742 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49738 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49742 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49735 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49745 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49735 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49738 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49742 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49784 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49739 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49739 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49739 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49739 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49743 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49832 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49832 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49745 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49807 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49807 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49738 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49738 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49807 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49784 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49738 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49784 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49784 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49784 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49745 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49740 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49844 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49740 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49817 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49740 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49817 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49740 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49844 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49888 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49844 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49888 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49888 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49817 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49899 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49899 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49899 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49899 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49899 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49877 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49877 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49855 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49855 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49921 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49877 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49921 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49866 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49866 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49866 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49921 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49927 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49927 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49927 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49855 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49949 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49949 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49938 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49949 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49938 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49910 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49910 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49938 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49966 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49910 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49756 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49966 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49756 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:49756 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:49756 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49977 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49977 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49966 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49985 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49985 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49994 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49994 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:49957 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:49957 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49985 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49994 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50004 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50004 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50011 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50011 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50022 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50022 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50030 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50030 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50039 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50039 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50039 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50039 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50042 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50042 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50043 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50042 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50043 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50044 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50044 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50046 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50046 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50046 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50046 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50045 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50045 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50048 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50048 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50045 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50048 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50045 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50049 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50049 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50049 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50051 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50049 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50051 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50044 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50052 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50052 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50051 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50050 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50052 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50050 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:49957 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50054 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50053 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50054 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50053 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50055 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50055 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50056 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50056 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50058 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50058 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50052 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50058 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50059 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50059 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50060 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50060 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50057 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50057 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50057 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50054 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50055 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50062 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50062 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50056 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50059 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50060 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50053 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50065 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50064 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50065 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50064 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50061 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50061 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50065 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50062 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50064 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50064 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50065 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50061 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50063 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50063 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50047 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50047 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50063 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50047 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.4:50047 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.4:50066 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.4:50066 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.4:50066 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.4:50066 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50050 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50047 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50030 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50039 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50045 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50022 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49966 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49832 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50051 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49899 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50004 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49844 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50057 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50049 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49927 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49977 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50046 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50048 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49877 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50056 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49994 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50043 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49910 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50055 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49949 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50042 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49985 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50011 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49957 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49888 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:50058 -> 188.212.158.75:5556
Source: Network traffic	Suricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.4:49866 -> 188.212.158.75:5556

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 188.212.158.75

Source: global traffic

TCP traffic: 192.168.2.4:49735 -> 188.212.158.75:5556

Source: Joe Sandbox View

ASN Name: DIALTELECOMRO DIALTELECOMRO

Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75
Source: unknown	TCP traffic detected without corresponding DNS query: 188.212.158.75

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 5556.rar.exe, kl.cs	.Net Code: VKCodeToUnicode
Source: lsass.exe.0.dr, kl.cs	.Net Code: VKCodeToUnicode
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, kl.cs	.Net Code: VKCodeToUnicode
Source: e67ceec44f16fc357df593d15ca3e96b.exe.1.dr, kl.cs	.Net Code: VKCodeToUnicode

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5556.rar.exe, type: SAMPLE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5556.rar.exe PID: 5496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lsass.exe PID: 4904, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED

Operating System Destruction

Protects its processes via BreakOnTermination flag

Source: C:\Users\user\AppData\Roaming\lsass.exe

Process information set: 01 00 00 00

Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: 5556.rar.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 5556.rar.exe, type: SAMPLE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 5556.rar.exe, type: SAMPLE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 5556.rar.exe, type: SAMPLE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 5556.rar.exe, type: SAMPLE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: Detects malware from disclosed CN malware set Author: Florian Roth
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: Identify njRat Author: Brian Wallace @botnet_hunter
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: Detects NjRAT / Bladabindi Author: ditekSHen

Source: C:\Users\user\AppData\Roaming\lsass.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B5BBC6 NtSetInformationProcess,		1_2_01B5BBC6
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B5BBA4 NtSetInformationProcess,		1_2_01B5BBA4

Source: 5556.rar.exe, 00000000.00000002.1837394364.00000000009EE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamemscorwks.dllT vs 5556.rar.exe

Source: 5556.rar.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 5556.rar.exe, type: SAMPLE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 5556.rar.exe, type: SAMPLE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 5556.rar.exe, type: SAMPLE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 5556.rar.exe, type: SAMPLE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 5556.rar.exe, type: SAMPLE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
Source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED	Matched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi

Source: classification engine

Classification label: mal100.phis.troj.adwa.spyw.evad.winEXE@9/5@0/1

Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B5B876 AdjustTokenPrivileges,		1_2_01B5B876
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B5B83F AdjustTokenPrivileges,		1_2_01B5B83F

Source: C:\Users\user\Desktop\5556.rar.exe

File created: C:\Users\user\AppData\Roaming\lsass.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Roaming\lsass.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Users\user\AppData\Roaming\lsass.exe	Mutant created: \Sessions\1\BaseNamedObjects\e67ceec44f16fc357df593d15ca3e96b
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03

Source: 5556.rar.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 5556.rar.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\5556.rar.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\5556.rar.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 5556.rar.exe	Virustotal: Detection: 87%
Source: 5556.rar.exe	ReversingLabs: Detection: 94%

Source: C:\Users\user\Desktop\5556.rar.exe

File read: C:\Users\user\Desktop\5556.rar.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\5556.rar.exe "C:\Users\user\Desktop\5556.rar.exe"
Source: C:\Users\user\Desktop\5556.rar.exe	Process created: C:\Users\user\AppData\Roaming\lsass.exe "C:\Users\user\AppData\Roaming\lsass.exe"
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lsass.exe" "lsass.exe" ENABLE
Source: C:\Windows\SysWOW64\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\lsass.exe "C:\Users\user\AppData\Roaming\lsass.exe" ..
Source: unknown	Process created: C:\Users\user\AppData\Roaming\lsass.exe "C:\Users\user\AppData\Roaming\lsass.exe" ..
Source: unknown	Process created: C:\Users\user\AppData\Roaming\lsass.exe "C:\Users\user\AppData\Roaming\lsass.exe" ..
Source: C:\Users\user\Desktop\5556.rar.exe	Process created: C:\Users\user\AppData\Roaming\lsass.exe "C:\Users\user\AppData\Roaming\lsass.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lsass.exe" "lsass.exe" ENABLE	Jump to behavior

Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ifmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasmontr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mfc42u.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: authfwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwpolicyiomgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcmonitor.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3cfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dot3api.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: onex.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: eappprxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: fwcfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: hnetmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netshell.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netsetupapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: netiohlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: httpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: activeds.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: polstore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winipsec.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: adsldpc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: nshwfp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2pnetsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: p2p.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rpcnsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: whhelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlancfg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wlanapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wshelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: peerdistsh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wcmapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mobilenetworking.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: mprmsg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Section loaded: uxtheme.dll	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: 5556.rar.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\5556.rar.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: 5556.rar.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: 5556.rar.exe, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: lsass.exe.0.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
Source: e67ceec44f16fc357df593d15ca3e96b.exe.1.dr, OK.cs	.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\5556.rar.exe	Code function: 0_2_00962805 push edi; ret	0_2_00962806
Source: C:\Users\user\Desktop\5556.rar.exe	Code function: 0_2_0096284C push ecx; ret	0_2_0096284E
Source: C:\Users\user\Desktop\5556.rar.exe	Code function: 0_2_00962834 push edi; ret	0_2_00962842
Source: C:\Users\user\Desktop\5556.rar.exe	Code function: 0_2_00962979 push eax; ret	0_2_0096297A
Source: C:\Users\user\Desktop\5556.rar.exe	Code function: 0_2_009627A5 push edi; ret	0_2_009627A6
Source: C:\Users\user\Desktop\5556.rar.exe	Code function: 0_2_00962729 push edi; ret	0_2_0096272A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52834 push edi; ret	1_2_01B52842
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52FB1 push edi; ret	1_2_01B52FB2
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52E30 push eax; ret	1_2_01B52E32
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52979 push eax; ret	1_2_01B5297A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B527A5 push edi; ret	1_2_01B527A6
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52E60 push eax; ret	1_2_01B52E62
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52729 push edi; ret	1_2_01B5272A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52805 push edi; ret	1_2_01B52806
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B52DC7 push edi; ret	1_2_01B52DD2
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 1_2_01B5284C push ecx; ret	1_2_01B5284E
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 7_2_013E2979 push eax; ret	7_2_013E297A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 7_2_013E2834 push edi; ret	7_2_013E2842
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 7_2_013E2729 push edi; ret	7_2_013E272A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 7_2_013E27A5 push edi; ret	7_2_013E27A6
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 7_2_013E284C push ecx; ret	7_2_013E284E
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 7_2_013E2805 push edi; ret	7_2_013E2806
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 8_2_02EB2729 push edi; ret	8_2_02EB272A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 8_2_02EB27A5 push edi; ret	8_2_02EB27A6
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 8_2_02EB2979 push eax; ret	8_2_02EB297A
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 8_2_02EB2834 push edi; ret	8_2_02EB2842
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 8_2_02EB284C push ecx; ret	8_2_02EB284E
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 8_2_02EB2805 push edi; ret	8_2_02EB2806
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 9_2_030E284C push ecx; ret	9_2_030E284E
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 9_2_030E2805 push edi; ret	9_2_030E2806
Source: C:\Users\user\AppData\Roaming\lsass.exe	Code function: 9_2_030E2729 push edi; ret	9_2_030E272A

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Users\user\Desktop\5556.rar.exe

File created: C:\Users\user\AppData\Roaming\lsass.exe

Jump to dropped file

Source: C:\Users\user\Desktop\5556.rar.exe	File created: C:\Users\user\AppData\Roaming\lsass.exe			Jump to dropped file
Source: C:\Users\user\AppData\Roaming\lsass.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe			Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Users\user\AppData\Roaming\lsass.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b

Jump to behavior

Drops PE files to the startup folder

Source: C:\Users\user\AppData\Roaming\lsass.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Jump to dropped file

Source: C:\Users\user\AppData\Roaming\lsass.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses an obfuscated file name to hide its real file extension (double extension)

Source: Possible double extension: rar.exe

Static PE information: 5556.rar.exe

Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\5556.rar.exe	Memory allocated: D20000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Memory allocated: 2B40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\5556.rar.exe	Memory allocated: D90000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 1BF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 3C40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 5C40000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 2DE0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 3480000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 5480000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 2F50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 3640000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 2F50000 memory commit \| memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 3180000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 3840000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Memory allocated: 5840000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\5556.rar.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe	Window / User API: threadDelayed 1617	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Window / User API: threadDelayed 3460	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Window / User API: threadDelayed 4096	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Window / User API: foregroundWindowGot 1755	Jump to behavior

Source: C:\Users\user\Desktop\5556.rar.exe TID: 2992	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe TID: 4124	Thread sleep time: -1617000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe TID: 4124	Thread sleep time: -4096000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe TID: 7080	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe TID: 6064	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe TID: 1748	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\5556.rar.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: lsass.exe, 00000001.00000002.4228259881.0000000001671000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000004.00000003.1908253640.0000000001182000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Roaming\lsass.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\5556.rar.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: 5556.rar.exe, kl.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: 5556.rar.exe, kl.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)
Source: 5556.rar.exe, OK.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)

Source: C:\Users\user\Desktop\5556.rar.exe

Process created: C:\Users\user\AppData\Roaming\lsass.exe "C:\Users\user\AppData\Roaming\lsass.exe"

Jump to behavior

Source: lsass.exe, 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: lsass.exe, 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9

Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\lsass.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\netsh.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Roaming\lsass.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Disables zone checking for all users

Source: C:\Users\user\AppData\Roaming\lsass.exe

Registry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKS

Jump to behavior

Modifies the windows firewall

Source: C:\Users\user\AppData\Roaming\lsass.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lsass.exe" "lsass.exe" ENABLE

Uses netsh to modify the Windows network and firewall settings

Source: C:\Users\user\AppData\Roaming\lsass.exe

Process created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lsass.exe" "lsass.exe" ENABLE

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5556.rar.exe, type: SAMPLE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5556.rar.exe PID: 5496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lsass.exe PID: 4904, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 5556.rar.exe, type: SAMPLE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.5556.rar.exe.380000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.5556.rar.exe.2b64354.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5556.rar.exe PID: 5496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: lsass.exe PID: 4904, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Roaming\lsass.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	221 Registry Run Keys / Startup Folder	1 Access Token Manipulation	21 Masquerading	1 Input Capture	11 Security Software Discovery	Remote Services	1 Input Capture	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	12 Process Injection	31 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	221 Registry Run Keys / Startup Folder	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Process Injection	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Obfuscated Files or Information	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
5556.rar.exe	88%	Virustotal		Browse
5556.rar.exe	95%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
5556.rar.exe	100%	Avira	TR/Dropper.Gen7
5556.rar.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	100%	Avira	TR/Dropper.Gen7
C:\Users\user\AppData\Roaming\lsass.exe	100%	Avira	TR/Dropper.Gen7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\lsass.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	95%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe	88%	Virustotal		Browse
C:\Users\user\AppData\Roaming\lsass.exe	95%	ReversingLabs	ByteCode-MSIL.Backdoor.njRAT
C:\Users\user\AppData\Roaming\lsass.exe	88%	Virustotal		Browse

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
188.212.158.75	unknown	Romania		6910	DIALTELECOMRO	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1575638
Start date and time:	2024-12-16 07:35:39 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	5556.rar.exe
Detection:	MAL
Classification:	mal100.phis.troj.adwa.spyw.evad.winEXE@9/5@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 161 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
01:37:26	API Interceptor	412064x Sleep call for process: lsass.exe modified
06:36:57	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b "C:\Users\user\AppData\Roaming\lsass.exe" ..
06:37:05	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b "C:\Users\user\AppData\Roaming\lsass.exe" ..
06:37:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run e67ceec44f16fc357df593d15ca3e96b "C:\Users\user\AppData\Roaming\lsass.exe" ..
06:37:21	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
DIALTELECOMRO	hax.sh4.elf	Get hash	malicious	Mirai	Browse	93.118.210.183
	rendel#U00e9s_1023200000000000305.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	86.107.36.93
	meerkat.arm5.elf	Get hash	malicious	Mirai	Browse	89.47.221.99
	Objedn#U00e1vka_20248481119000903.img	Get hash	malicious	AgentTesla, GuLoader	Browse	86.107.36.93
	mipsel.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	188.240.230.166
	mpsl.elf	Get hash	malicious	Mirai	Browse	93.114.246.9
	#U00c1raj#U00e1nlat k#U00e9r#U00e9s MOL093478524#U00b7docx.exe	Get hash	malicious	DBatLoader, FormBook	Browse	92.114.2.230
	Amalgamers.exe	Get hash	malicious	AgentTesla	Browse	86.107.36.93
	#U00c1raj#U00e1nlat k#U00e9r#U00e9s 06.11.2024.cmd	Get hash	malicious	DBatLoader, FormBook	Browse	92.114.2.230
	FLITTIGL.EXE.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	86.107.36.93

Process:	C:\Users\user\Desktop\5556.rar.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\lsass.exe.log

Download File

Process:	C:\Users\user\AppData\Roaming\lsass.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	525
Entropy (8bit):	5.259753436570609
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
MD5:	260E01CC001F9C4643CA7A62F395D747
SHA1:	492AD0ACE3A9C8736909866EEA168962D418BE5A
SHA-256:	4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
SHA-512:	01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

Download File

Process:	C:\Users\user\AppData\Roaming\lsass.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24064
Entropy (8bit):	5.511658847706215
Encrypted:	false
SSDEEP:	384:hFHuitNFzA0yUVky2n0Yxga06agwXh/+f1mRvR6JZlbw8hqIusZzZZa:a6F2RNnB+Rpcnuj
MD5:	475813F4CABFFE076AEFBD618A982512
SHA1:	E2FEBCA085BD5F5AC9AA2313BAB17B4565A4024B
SHA-256:	EF5C02C221B5CB992728758E29195115A8F5481CF9CA5072A0616F95D00A362C
SHA-512:	5B253580F9147CA689C076B8F044E26AE37D5A2575C3FD02EC8E67C12CD273EBCC2C31C5631608340AE2D78F1DBE17F128909D4354118B4EF74BA27660C9CA76
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, Author: unknown Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, Author: Florian Roth Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, Author: JPCERT/CC Incident Response Group Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 95% Antivirus: Virustotal, Detection: 88%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.f.................V..........nt... ........@.. ....................................@..................................t..W.......@............................................................................ ............... ..H............text...tT... ...V.................. ..`.rsrc...@............X..............@..@.reloc...............\..............@..B................Pt......H.......,K...(....../....................................................0..........r...p.....r...p...........r...p.....r!..p.....r1..p.....rs..p.....r...p.....r...p.....r...p(.........r...p(.........r...p(.........r...p(.........(....o....s.........s.....................r...p...........s......... ..............r...p..............0..;.......~....o....o....r...p~....(.....o.....o......%(.....(...............,,.......0..D.......~....o....o....r...p~....(....o......(....o.....

C:\Users\user\AppData\Roaming\lsass.exe

Download File

Process:	C:\Users\user\Desktop\5556.rar.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	24064
Entropy (8bit):	5.511658847706215
Encrypted:	false
SSDEEP:	384:hFHuitNFzA0yUVky2n0Yxga06agwXh/+f1mRvR6JZlbw8hqIusZzZZa:a6F2RNnB+Rpcnuj
MD5:	475813F4CABFFE076AEFBD618A982512
SHA1:	E2FEBCA085BD5F5AC9AA2313BAB17B4565A4024B
SHA-256:	EF5C02C221B5CB992728758E29195115A8F5481CF9CA5072A0616F95D00A362C
SHA-512:	5B253580F9147CA689C076B8F044E26AE37D5A2575C3FD02EC8E67C12CD273EBCC2C31C5631608340AE2D78F1DBE17F128909D4354118B4EF74BA27660C9CA76
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: unknown Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: Florian Roth Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: JPCERT/CC Incident Response Group Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 95% Antivirus: Virustotal, Detection: 88%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.f.................V..........nt... ........@.. ....................................@..................................t..W.......@............................................................................ ............... ..H............text...tT... ...V.................. ..`.rsrc...@............X..............@..@.reloc...............\..............@..B................Pt......H.......,K...(....../....................................................0..........r...p.....r...p...........r...p.....r!..p.....r1..p.....rs..p.....r...p.....r...p.....r...p(.........r...p(.........r...p(.........r...p(.........(....o....s.........s.....................r...p...........s......... ..............r...p..............0..;.......~....o....o....r...p~....(.....o.....o......%(.....(...............,,.......0..D.......~....o....o....r...p~....(....o......(....o.....

\Device\ConDrv

Download File

Process:	C:\Windows\SysWOW64\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	313
Entropy (8bit):	4.971939296804078
Encrypted:	false
SSDEEP:	6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
MD5:	689E2126A85BF55121488295EE068FA1
SHA1:	09BAAA253A49D80C18326DFBCA106551EBF22DD6
SHA-256:	D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
SHA-512:	C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
Malicious:	false
Preview:	..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.511658847706215
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	5556.rar.exe
File size:	24'064 bytes
MD5:	475813f4cabffe076aefbd618a982512
SHA1:	e2febca085bd5f5ac9aa2313bab17b4565a4024b
SHA256:	ef5c02c221b5cb992728758e29195115a8f5481cf9ca5072a0616f95d00a362c
SHA512:	5b253580f9147ca689c076b8f044e26ae37d5a2575c3fd02ec8e67c12cd273ebcc2c31c5631608340ae2d78f1dbe17f128909d4354118b4ef74ba27660c9ca76
SSDEEP:	384:hFHuitNFzA0yUVky2n0Yxga06agwXh/+f1mRvR6JZlbw8hqIusZzZZa:a6F2RNnB+Rpcnuj
TLSH:	C3B2190E3F698856C5BC167486B5965003B5D1870413EE2FCDC960CBAFB3AD92D8CAF9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r.f.................V..........nt... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x40746e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66AB7299 [Thu Aug 1 11:33:45 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7414	0x57	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x240	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x5474	0x5600	910a9d1ca4988cde5ad9426d1d5e7864	False	0.48846293604651164	data	5.558424897842657	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x240	0x400	0243c9a7f8755f2c2b18037cdad6cc91	False	0.310546875	data	4.966081339698093	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x200	244385a828c8a3fb5ce307bb566c042a	False	0.044921875	data	0.07763316234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x8058	0x1e7	XML 1.0 document, ASCII text, with CRLF line terminators			0.5338809034907598

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50030	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50022	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49832	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50004	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49977	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50043	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50011	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:36:40.941155+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:36:57.381892+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:36:57.381892+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:36:57.501651+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:36:57.501651+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49735	188.212.158.75	5556	TCP
2024-12-16T07:37:02.112650+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:02.112650+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:02.236564+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:02.236564+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:03.149331+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49738	188.212.158.75	5556	TCP
2024-12-16T07:37:06.939751+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:06.939751+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:07.060148+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:07.060148+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49739	188.212.158.75	5556	TCP
2024-12-16T07:37:11.769051+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:11.769051+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:11.890182+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:11.890182+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49740	188.212.158.75	5556	TCP
2024-12-16T07:37:16.611963+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:16.611963+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:16.731831+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:16.731831+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49741	188.212.158.75	5556	TCP
2024-12-16T07:37:21.463298+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:21.463298+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:21.586920+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:21.586920+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49742	188.212.158.75	5556	TCP
2024-12-16T07:37:26.348189+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:26.348189+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:26.468513+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:26.468513+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:27.727197+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49743	188.212.158.75	5556	TCP
2024-12-16T07:37:31.211676+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:31.211676+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:31.331698+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:31.331698+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49745	188.212.158.75	5556	TCP
2024-12-16T07:37:36.033958+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:36.033958+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:36.153963+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:36.153963+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49756	188.212.158.75	5556	TCP
2024-12-16T07:37:41.026002+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:41.026002+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:41.145856+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:41.145856+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49771	188.212.158.75	5556	TCP
2024-12-16T07:37:45.784966+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:45.784966+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:45.905041+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:45.905041+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:47.832737+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49784	188.212.158.75	5556	TCP
2024-12-16T07:37:50.597895+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:50.597895+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:50.717794+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:50.717794+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:52.066852+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49795	188.212.158.75	5556	TCP
2024-12-16T07:37:55.443438+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49807	188.212.158.75	5556	TCP
2024-12-16T07:37:55.443438+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49807	188.212.158.75	5556	TCP
2024-12-16T07:37:55.564618+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49807	188.212.158.75	5556	TCP
2024-12-16T07:38:00.269136+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:00.269136+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:02.346343+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:02.466183+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:02.892474+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49817	188.212.158.75	5556	TCP
2024-12-16T07:38:05.115012+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49832	188.212.158.75	5556	TCP
2024-12-16T07:38:05.115012+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49832	188.212.158.75	5556	TCP
2024-12-16T07:38:09.958841+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:38:09.958841+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:38:10.438381+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49844	188.212.158.75	5556	TCP
2024-12-16T07:38:14.786492+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:38:14.786492+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:38:17.441745+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49855	188.212.158.75	5556	TCP
2024-12-16T07:38:19.503639+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:19.503639+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:20.482561+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49866	188.212.158.75	5556	TCP
2024-12-16T07:38:24.066446+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:24.066446+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.120517+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.240851+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.362260+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:26.482401+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49877	188.212.158.75	5556	TCP
2024-12-16T07:38:28.533722+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:28.533722+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:29.133178+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:29.373202+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:29.915061+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:30.034869+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:30.154956+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49888	188.212.158.75	5556	TCP
2024-12-16T07:38:33.011762+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:33.011762+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:33.135012+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:33.135012+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:33.259516+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:33.522180+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49899	188.212.158.75	5556	TCP
2024-12-16T07:38:37.165582+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:37.165582+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.083579+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.222919+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.359974+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.479988+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:39.837455+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49910	188.212.158.75	5556	TCP
2024-12-16T07:38:41.334137+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:41.334137+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.173741+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.293566+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.413835+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:42.596077+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:43.497040+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:43.616847+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49921	188.212.158.75	5556	TCP
2024-12-16T07:38:45.410279+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:45.410279+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:45.770989+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:46.697150+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:46.817072+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49927	188.212.158.75	5556	TCP
2024-12-16T07:38:49.425443+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:38:49.425443+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:38:52.076554+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	49938	188.212.158.75	5556	TCP
2024-12-16T07:38:53.332543+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:38:53.332543+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:38:54.412719+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49949	188.212.158.75	5556	TCP
2024-12-16T07:38:57.256016+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:38:57.256016+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:38:59.418114+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:38:59.876877+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49957	188.212.158.75	5556	TCP
2024-12-16T07:39:01.036484+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:01.036484+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:02.911265+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:03.031493+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:03.405249+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49966	188.212.158.75	5556	TCP
2024-12-16T07:39:04.724434+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49977	188.212.158.75	5556	TCP
2024-12-16T07:39:04.724434+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49977	188.212.158.75	5556	TCP
2024-12-16T07:39:08.381528+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:08.381528+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.188500+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.308484+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.635447+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:10.919836+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:11.039657+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49985	188.212.158.75	5556	TCP
2024-12-16T07:39:11.974287+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:11.974287+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:13.175123+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:14.396951+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:14.517444+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	49994	188.212.158.75	5556	TCP
2024-12-16T07:39:15.503052+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50004	188.212.158.75	5556	TCP
2024-12-16T07:39:15.503052+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50004	188.212.158.75	5556	TCP
2024-12-16T07:39:18.992362+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50011	188.212.158.75	5556	TCP
2024-12-16T07:39:18.992362+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50011	188.212.158.75	5556	TCP
2024-12-16T07:39:22.458585+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50022	188.212.158.75	5556	TCP
2024-12-16T07:39:22.458585+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50022	188.212.158.75	5556	TCP
2024-12-16T07:39:25.918148+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50030	188.212.158.75	5556	TCP
2024-12-16T07:39:25.918148+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50030	188.212.158.75	5556	TCP
2024-12-16T07:39:29.337101+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:29.337101+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:29.457012+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:30.262005+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:30.381773+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:30.501591+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50039	188.212.158.75	5556	TCP
2024-12-16T07:39:32.650882+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:32.650882+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:32.894886+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:33.633586+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:33.873290+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50042	188.212.158.75	5556	TCP
2024-12-16T07:39:35.973785+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50043	188.212.158.75	5556	TCP
2024-12-16T07:39:35.973785+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50043	188.212.158.75	5556	TCP
2024-12-16T07:39:39.237172+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:39:39.237172+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:39:41.881192+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50044	188.212.158.75	5556	TCP
2024-12-16T07:39:42.611090+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:42.611090+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:42.730902+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:42.988374+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50045	188.212.158.75	5556	TCP
2024-12-16T07:39:45.937510+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:45.937510+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:46.058030+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:46.177903+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50046	188.212.158.75	5556	TCP
2024-12-16T07:39:49.119580+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:49.119580+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:49.239340+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:49.359163+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:49.478874+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50047	188.212.158.75	5556	TCP
2024-12-16T07:39:52.381069+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:39:52.381069+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:39:52.500918+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50048	188.212.158.75	5556	TCP
2024-12-16T07:39:55.458893+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:55.458893+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:55.578623+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:55.809667+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:55.929432+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50049	188.212.158.75	5556	TCP
2024-12-16T07:39:58.544307+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:39:58.544307+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:40:01.069760+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50050	188.212.158.75	5556	TCP
2024-12-16T07:40:01.659044+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:01.659044+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:02.631336+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:02.751324+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:03.053909+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:03.293744+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50051	188.212.158.75	5556	TCP
2024-12-16T07:40:04.742331+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:04.742331+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:05.342915+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:07.146451+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50052	188.212.158.75	5556	TCP
2024-12-16T07:40:07.815544+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:40:07.815544+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:40:09.978364+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50053	188.212.158.75	5556	TCP
2024-12-16T07:40:10.878173+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:40:10.878173+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:40:13.163563+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50054	188.212.158.75	5556	TCP
2024-12-16T07:40:13.942109+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:13.942109+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:15.983104+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:16.103206+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50055	188.212.158.75	5556	TCP
2024-12-16T07:40:17.099776+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:17.099776+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:19.500780+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:19.631565+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:19.751452+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50056	188.212.158.75	5556	TCP
2024-12-16T07:40:20.128602+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:20.128602+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:20.607656+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:22.670805+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:22.792173+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50057	188.212.158.75	5556	TCP
2024-12-16T07:40:23.183069+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:40:23.183069+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:40:23.542755+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50058	188.212.158.75	5556	TCP
2024-12-16T07:40:26.176634+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:40:26.176634+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:40:28.583243+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50059	188.212.158.75	5556	TCP
2024-12-16T07:40:29.159134+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:40:29.159134+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:40:31.562850+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50060	188.212.158.75	5556	TCP
2024-12-16T07:40:32.153283+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:40:32.153283+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:40:34.560161+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50061	188.212.158.75	5556	TCP
2024-12-16T07:40:35.127258+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:40:35.127258+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:40:37.414042+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50062	188.212.158.75	5556	TCP
2024-12-16T07:40:38.065383+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:40:38.065383+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:40:40.225036+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50063	188.212.158.75	5556	TCP
2024-12-16T07:40:41.035015+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:41.035015+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:43.490589+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:43.490589+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50064	188.212.158.75	5556	TCP
2024-12-16T07:40:43.982639+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:43.982639+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:44.995573+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:46.560451+0100	2825564	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)	1	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:46.560451+0100	2814860	ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)	1	192.168.2.4	50065	188.212.158.75	5556	TCP
2024-12-16T07:40:49.064248+0100	2033132	ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)	1	192.168.2.4	50066	188.212.158.75	5556	TCP
2024-12-16T07:40:49.064248+0100	2021176	ET MALWARE Bladabindi/njRAT CnC Command (ll)	1	192.168.2.4	50066	188.212.158.75	5556	TCP
2024-12-16T07:40:49.183984+0100	2825563	ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)	1	192.168.2.4	50066	188.212.158.75	5556	TCP
2024-12-16T07:40:49.183984+0100	2838486	ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)	1	192.168.2.4	50066	188.212.158.75	5556	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 16, 2024 07:36:57.154419899 CET	49735	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:36:57.274142981 CET	5556	49735	188.212.158.75	192.168.2.4
Dec 16, 2024 07:36:57.274216890 CET	49735	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:36:57.381891966 CET	49735	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:36:57.501600027 CET	5556	49735	188.212.158.75	192.168.2.4
Dec 16, 2024 07:36:57.501651049 CET	49735	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:36:57.621334076 CET	5556	49735	188.212.158.75	192.168.2.4
Dec 16, 2024 07:36:59.980710030 CET	5556	49735	188.212.158.75	192.168.2.4
Dec 16, 2024 07:36:59.980784893 CET	49735	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:01.988898039 CET	49735	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:01.989402056 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:02.108752012 CET	5556	49735	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:02.109163046 CET	5556	49738	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:02.109323025 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:02.112649918 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:02.233254910 CET	5556	49738	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:02.236563921 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:02.356415033 CET	5556	49738	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:03.149331093 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:03.269165993 CET	5556	49738	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:04.806638956 CET	5556	49738	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:04.806747913 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:06.816827059 CET	49738	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:06.817195892 CET	49739	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:06.936522007 CET	5556	49738	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:06.936834097 CET	5556	49739	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:06.936908007 CET	49739	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:06.939750910 CET	49739	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:07.060039043 CET	5556	49739	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:07.060148001 CET	49739	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:07.179846048 CET	5556	49739	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:09.635133982 CET	5556	49739	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:09.635210991 CET	49739	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:11.644534111 CET	49739	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:11.646143913 CET	49740	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:11.764324903 CET	5556	49739	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:11.765876055 CET	5556	49740	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:11.765984058 CET	49740	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:11.769051075 CET	49740	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:11.890069962 CET	5556	49740	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:11.890182018 CET	49740	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:12.010195971 CET	5556	49740	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:14.482635975 CET	5556	49740	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:14.482753992 CET	49740	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:16.488221884 CET	49740	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:16.488723040 CET	49741	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:16.607938051 CET	5556	49740	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:16.608504057 CET	5556	49741	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:16.608566046 CET	49741	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:16.611963034 CET	49741	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:16.731662989 CET	5556	49741	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:16.731831074 CET	49741	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:16.851573944 CET	5556	49741	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:19.307292938 CET	5556	49741	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:19.307362080 CET	49741	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:21.316498041 CET	49741	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:21.316847086 CET	49742	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:21.436438084 CET	5556	49741	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:21.436623096 CET	5556	49742	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:21.438858032 CET	49742	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:21.463298082 CET	49742	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:21.583026886 CET	5556	49742	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:21.586920023 CET	49742	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:21.706903934 CET	5556	49742	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:24.219496012 CET	5556	49742	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:24.219786882 CET	49742	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:26.222644091 CET	49742	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:26.223081112 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:26.342425108 CET	5556	49742	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:26.342808008 CET	5556	49743	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:26.344542027 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:26.348189116 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:26.467967987 CET	5556	49743	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:26.468513012 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:26.588300943 CET	5556	49743	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:27.727196932 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:27.846951008 CET	5556	49743	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:29.061152935 CET	5556	49743	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:29.064589977 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:31.067276001 CET	49743	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:31.074990988 CET	49745	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:31.187228918 CET	5556	49743	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:31.194803953 CET	5556	49745	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:31.194886923 CET	49745	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:31.211675882 CET	49745	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:31.331542015 CET	5556	49745	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:31.331697941 CET	49745	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:31.451631069 CET	5556	49745	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:33.905601025 CET	5556	49745	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:33.908601046 CET	49745	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:35.910085917 CET	49745	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:35.910660028 CET	49756	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:36.029948950 CET	5556	49745	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:36.030391932 CET	5556	49756	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:36.030724049 CET	49756	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:36.033957958 CET	49756	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:36.153784990 CET	5556	49756	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:36.153963089 CET	49756	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:36.273746014 CET	5556	49756	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:38.749104023 CET	5556	49756	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:38.749188900 CET	49756	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:40.844474077 CET	49756	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:40.845138073 CET	49771	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:40.964185953 CET	5556	49756	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:40.964806080 CET	5556	49771	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:40.964920044 CET	49771	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:41.026001930 CET	49771	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:41.145755053 CET	5556	49771	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:41.145855904 CET	49771	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:41.265692949 CET	5556	49771	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:43.654051065 CET	5556	49771	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:43.654179096 CET	49771	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:45.660161972 CET	49771	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:45.660847902 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:45.780128002 CET	5556	49771	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:45.780531883 CET	5556	49784	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:45.780632973 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:45.784965992 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:45.904876947 CET	5556	49784	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:45.905040979 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:46.024983883 CET	5556	49784	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:47.832736969 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:47.953032970 CET	5556	49784	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:48.465754032 CET	5556	49784	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:48.465898037 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:50.472719908 CET	49784	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:50.473350048 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:50.593462944 CET	5556	49784	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:50.593513012 CET	5556	49795	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:50.593636036 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:50.597894907 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:50.717689037 CET	5556	49795	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:50.717793941 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:50.839057922 CET	5556	49795	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:52.066852093 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:52.186877966 CET	5556	49795	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:53.312402964 CET	5556	49795	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:53.312478065 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:55.316966057 CET	49795	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:55.317598104 CET	49807	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:55.436610937 CET	5556	49795	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:55.437314034 CET	5556	49807	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:55.437433004 CET	49807	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:55.443438053 CET	49807	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:55.563369036 CET	5556	49807	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:55.564618111 CET	49807	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:37:55.684483051 CET	5556	49807	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:58.138092995 CET	5556	49807	188.212.158.75	192.168.2.4
Dec 16, 2024 07:37:58.138288975 CET	49807	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.144481897 CET	49807	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.145035028 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.264303923 CET	5556	49807	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.264725924 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.264880896 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.269135952 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.390549898 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.392261982 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.512183905 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.512408972 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.632213116 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.632493973 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.752444983 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.752768993 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.874567986 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.874640942 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:00.994455099 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:00.994623899 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.114834070 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.114990950 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.234730959 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.236991882 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.357784033 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.357862949 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.477659941 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.479290962 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.599203110 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.599340916 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.719724894 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.719856977 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.839766979 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:01.840074062 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:01.960206985 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:02.346343040 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:02.466095924 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:02.466182947 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:02.585851908 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:02.892473936 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:02.984473944 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:02.984568119 CET	49817	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:03.012128115 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:03.104379892 CET	5556	49817	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:04.991030931 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.110999107 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.111099958 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.115011930 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.234719038 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.234833956 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.354545116 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.354754925 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.474416971 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.474507093 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.594201088 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.594260931 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.713920116 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.714051962 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.833730936 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.833959103 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:05.954420090 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:05.954492092 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.074331999 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.074712992 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.194593906 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.194670916 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.314526081 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.314620018 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.434724092 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.434993982 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.554824114 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.554960966 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.674741983 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.674880981 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.794539928 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.794627905 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:06.914294958 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:06.914359093 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.034135103 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.034203053 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.153955936 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.154016972 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.273823023 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.273911953 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.393659115 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.393755913 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.513592958 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.513876915 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.633745909 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.633832932 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.753851891 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.753978014 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.828423977 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.828509092 CET	49832	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:07.873703003 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:07.948448896 CET	5556	49832	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:09.832899094 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:09.952723980 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:09.952852011 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:09.958841085 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.078686953 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.078795910 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.198560953 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.198683977 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.318491936 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.318559885 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.438318968 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.438380957 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.558051109 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.558171988 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.677920103 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.678117037 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.797952890 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.798032045 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:10.917792082 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:10.917977095 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.037758112 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.037828922 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.157560110 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.157763004 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.277482033 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.277610064 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.397347927 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.397438049 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.517342091 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.517409086 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.637186050 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.637377977 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.757333994 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.757428885 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.877315044 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.877531052 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:11.997359991 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:11.997493982 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.117424011 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.119137049 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.239257097 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.243236065 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.363296986 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.364775896 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.484536886 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.486033916 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.605741978 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.605839968 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.658523083 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.659013033 CET	49844	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:12.725572109 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:12.778863907 CET	5556	49844	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:14.660871983 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:14.780590057 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:14.783371925 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:14.786492109 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:14.906260967 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:14.906693935 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.026612043 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.030713081 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.150470972 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.150554895 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.270355940 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.270432949 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.390384912 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.390640974 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.510617018 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.510742903 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.630527020 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.630649090 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.750324965 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.750432014 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.870124102 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.870194912 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:15.990082979 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:15.990149975 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.110011101 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.111728907 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.231494904 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.236608982 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.356698990 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.359381914 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.479243040 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.479731083 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.599540949 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.600610971 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.720339060 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.720746994 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.840538979 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.841629982 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:16.961426973 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:16.961515903 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:17.081362009 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:17.082170963 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:17.201901913 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:17.202121973 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:17.321856022 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:17.321932077 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:17.441668034 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:17.441745043 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:17.502490044 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:17.502594948 CET	49855	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:17.561403036 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:17.622337103 CET	5556	49855	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:19.380896091 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:19.500699043 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:19.500804901 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:19.503638983 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:19.623334885 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:19.623404026 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:19.743097067 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:20.482561111 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:20.716156006 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:20.716270924 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:20.838459969 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:20.838591099 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:20.958323956 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:20.958405018 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.078227997 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.078318119 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.198009014 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.199773073 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.319643021 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.323184013 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.442972898 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.444591999 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.564349890 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.564446926 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.684199095 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.684269905 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.804020882 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.807068110 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:21.927623987 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:21.928206921 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:22.047883987 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:22.048844099 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:22.168618917 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:22.168697119 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:22.187664032 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:22.187809944 CET	49866	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:22.288450003 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:22.308037043 CET	5556	49866	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:23.942905903 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.062840939 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.062984943 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.066446066 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.186193943 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.186841011 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.306711912 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.307501078 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.427272081 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.427659988 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.547405958 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.547996044 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.667800903 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.667907953 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.788212061 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.789681911 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:24.910201073 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:24.910269976 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.030689955 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.031996965 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.151820898 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.151912928 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.271826029 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.275382996 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.395246029 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.396693945 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.516462088 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.516678095 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.636328936 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.638919115 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.758897066 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.760798931 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:25.880661011 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:25.880728006 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:26.000566959 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.000669003 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:26.120429993 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.120517015 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:26.240792990 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.240850925 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:26.361951113 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.362260103 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:26.482310057 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.482400894 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:26.602205992 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.768372059 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:26.768459082 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.410244942 CET	49877	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.411179066 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.529987097 CET	5556	49877	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:28.530877113 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:28.531028986 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.533721924 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.653413057 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:28.653548956 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.773407936 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:28.773590088 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:28.893312931 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:28.893450022 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:29.013187885 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:29.013281107 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:29.133017063 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:29.133177996 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:29.253185987 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:29.253273964 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:29.373059034 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:29.373202085 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:29.492993116 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:29.915060997 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.034785986 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.034868956 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.154633045 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.154956102 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.274705887 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.274888992 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.394604921 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.394725084 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.514462948 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.514624119 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.634368896 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.634649038 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.754503012 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.754632950 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.874430895 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.874644041 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:30.994541883 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:30.994626999 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:31.114729881 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:31.118968010 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:31.237116098 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:31.238754034 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:31.238842010 CET	49888	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:31.358681917 CET	5556	49888	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:32.786178112 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:32.905843019 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:32.905946970 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.011761904 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.134938002 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:33.135011911 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.259438038 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:33.259516001 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.522119999 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:33.522180080 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.643502951 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:33.643563986 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.763540030 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:33.763623953 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:33.883455038 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:33.883569956 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.003395081 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.003501892 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.124012947 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.125751972 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.245825052 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.245922089 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.365722895 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.366624117 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.486844063 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.486983061 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.606781006 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.606864929 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.726608992 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.726707935 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.846446991 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.846625090 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:34.966387033 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:34.968357086 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.088159084 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.088598013 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.208362103 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.208446026 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.328237057 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.328299046 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.447993040 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.448079109 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.568300009 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.568375111 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.610110044 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.610228062 CET	49899	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:35.688035965 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:35.729974985 CET	5556	49899	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.039434910 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.159198999 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.159341097 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.165581942 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.285263062 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.285366058 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.405055046 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.405214071 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.524981022 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.525064945 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.644818068 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.644933939 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.764741898 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.764834881 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:37.884644985 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:37.884773016 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.004561901 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.004647970 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.124600887 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.124804020 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.244489908 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.244642019 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.364433050 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.364500046 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.484256983 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.484330893 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.604156017 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.604355097 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.724124908 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.724265099 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.843977928 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.844044924 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:38.963713884 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:38.963793993 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.083493948 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.083579063 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.203413010 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.222918987 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.342794895 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.359973907 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.479907036 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.479988098 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.599759102 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.837455034 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.878283024 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.878350973 CET	49910	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:39.957627058 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:39.998150110 CET	5556	49910	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.210437059 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.330116987 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.330250025 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.334136963 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.453799963 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.453883886 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.573585033 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.573674917 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.693432093 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.693694115 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.813486099 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.813566923 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:41.933208942 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:41.933310032 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:42.053934097 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:42.053999901 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:42.173675060 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:42.173741102 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:42.293422937 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:42.293565989 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:42.413763046 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:42.413835049 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:42.533529997 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:42.596076965 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:42.715821028 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:43.497040033 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:43.616770983 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:43.616847038 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:43.925976992 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:43.948519945 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:43.948684931 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:44.045720100 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:44.045838118 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:44.049815893 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:44.049880028 CET	49921	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:44.068440914 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:44.165632010 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:44.169564962 CET	5556	49921	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:45.285650015 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:45.405606031 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:45.407113075 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:45.410279036 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:45.529998064 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:45.531006098 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:45.650695086 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:45.650784016 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:45.770504951 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:45.770988941 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:45.890830994 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:46.697149992 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:46.816885948 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:46.817071915 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:46.936971903 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:46.937052011 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.056914091 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.057004929 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.176883936 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.178850889 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.298789978 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.298865080 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.418792963 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.419015884 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.538947105 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.539954901 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.659709930 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.660475016 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.780497074 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.780647039 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:47.900300980 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:47.900413990 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:48.020176888 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:48.020385027 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:48.140173912 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:48.140657902 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:48.143824100 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:48.143912077 CET	49927	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:48.260520935 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:48.263674974 CET	5556	49927	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:49.302418947 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:49.422295094 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:49.422424078 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:49.425442934 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:49.545253992 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:49.545320034 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:49.665003061 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:49.665128946 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:49.784878016 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:49.785166979 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:49.904891014 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:49.905090094 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.024797916 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.024908066 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.148320913 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.148503065 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.269911051 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.270071030 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.389853001 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.392667055 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.512454987 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.512643099 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.632384062 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.632663012 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.752455950 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.752564907 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.872386932 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.872695923 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:50.992671967 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:50.996684074 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.116456032 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.116635084 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.236381054 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.236511946 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.356187105 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.356302023 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.476200104 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.476495028 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.596492052 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.596612930 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.716402054 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.716532946 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.836318016 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.836539984 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:51.956357956 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:51.956469059 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:52.076340914 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:52.076554060 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:52.125992060 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:52.126085997 CET	49938	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:52.196839094 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:52.245857000 CET	5556	49938	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.207940102 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.327877998 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.328027010 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.332542896 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.452280998 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.452421904 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.572346926 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.572459936 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.692267895 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.692383051 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.812207937 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.812302113 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:53.932148933 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:53.932220936 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.051935911 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.052059889 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.171917915 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.172811985 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.292646885 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.292879105 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.412622929 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.412719011 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.532464027 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.532788992 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.654922009 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.656631947 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.776456118 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.776647091 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:54.896408081 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:54.896545887 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.016273022 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.016745090 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.136395931 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.136790037 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.256576061 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.256663084 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.376439095 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.376521111 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.496386051 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.496579885 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.616683960 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.617260933 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.737072945 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.737176895 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.856887102 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.856977940 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:55.976783037 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:55.976861000 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:56.018210888 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:56.018280983 CET	49949	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:56.096707106 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:56.138015032 CET	5556	49949	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.035762072 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.252775908 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.252856016 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.256016016 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.375827074 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.375896931 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.495603085 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.495671034 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.615360975 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.615417004 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.735131979 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.735199928 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.854892969 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.854967117 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:57.974654913 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:57.974723101 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.094527960 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.094654083 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.214507103 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.214960098 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.334791899 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.335700989 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.455472946 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.455631971 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.575439930 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.575521946 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.695343971 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.695712090 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.815392971 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.816345930 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:58.936067104 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:58.936645985 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.056469917 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:59.056730986 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.176640034 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:59.178051949 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.298119068 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:59.298209906 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.418025970 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:59.418113947 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.537964106 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:59.876877069 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.956000090 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:38:59.956063032 CET	49957	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:38:59.996786118 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:00.075823069 CET	5556	49957	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:00.912967920 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.033269882 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.033627033 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.036484003 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.156672955 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.157008886 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.276844978 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.280822039 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.401667118 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.401768923 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.521646976 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.521749973 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.641592979 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.644705057 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.764543056 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.764637947 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:01.884474039 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:01.884629011 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.004535913 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.004743099 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.124453068 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.124872923 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.244612932 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.244807005 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.366254091 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.366337061 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.486583948 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.486705065 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.607212067 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.607405901 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:02.727220058 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:02.911264896 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:03.031291962 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:03.031492949 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:03.151397943 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:03.405249119 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:03.525223970 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:03.525300980 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:03.645029068 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:03.645092010 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:03.721070051 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:03.721136093 CET	49966	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:03.764817953 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:03.840873003 CET	5556	49966	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:04.598639965 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:04.718550920 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:04.720678091 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:04.724433899 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:04.844125032 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:04.844624996 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:04.964792967 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:04.965742111 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.085591078 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.087532043 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.207880020 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.208129883 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.329659939 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.329869986 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.454215050 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.454360008 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.576776028 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.576919079 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.699697971 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.699893951 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.820554018 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.820723057 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:05.940383911 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:05.940872908 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.060617924 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.060769081 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.180701017 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.180852890 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.300570965 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.300966024 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.420902967 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.421030045 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.540750027 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.541579008 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.661320925 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.661478996 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.781167030 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.784668922 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:06.904383898 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:06.904679060 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:07.024818897 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:07.025058985 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:07.144814014 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:07.145709991 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:07.266854048 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:07.266999006 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:07.386823893 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:07.386941910 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:07.426835060 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:07.426912069 CET	49977	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:07.507533073 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:07.546680927 CET	5556	49977	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.254452944 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.374202967 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.376737118 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.381527901 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.501368046 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.501460075 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.621243954 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.622395992 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.742902040 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.742983103 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.862787008 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.864662886 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:08.984386921 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:08.984659910 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.104490042 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.104651928 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.224447012 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.224514008 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.344424009 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.344527960 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.468187094 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.468261003 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.588035107 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.588112116 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.708702087 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.708795071 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.828500986 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.828571081 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:09.948563099 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:09.948668003 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:10.068429947 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:10.068588018 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:10.188404083 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:10.188499928 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:10.308427095 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:10.308484077 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:10.428253889 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:10.635447025 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:10.755481958 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:10.919836044 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:11.039593935 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:11.039657116 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:11.083780050 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:11.083841085 CET	49985	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:11.159653902 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:11.203509092 CET	5556	49985	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:11.848228931 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:11.967984915 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:11.971050024 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:11.974287033 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.094140053 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.095035076 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.214754105 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.214821100 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.334557056 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.334642887 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.454440117 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.454516888 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.574301004 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.574400902 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.694494009 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.694616079 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.814574957 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.814764023 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:12.934969902 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:12.935071945 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:13.055155993 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:13.055233955 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:13.175040007 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:13.175122976 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:13.295233965 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:13.296716928 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:13.416735888 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:13.418695927 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:13.538513899 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:14.396950960 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:14.517376900 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:14.517443895 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:14.637461901 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:14.637523890 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:14.661755085 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:14.661825895 CET	49994	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:14.757276058 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:14.781536102 CET	5556	49994	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:15.379518032 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:15.499290943 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:15.499427080 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:15.503051996 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:15.622777939 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:15.624653101 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:15.745918989 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:15.748684883 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:15.870011091 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:15.872668982 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:15.992477894 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:15.995170116 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.114844084 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.116631985 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.236327887 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.236443996 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.356895924 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.357021093 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.476731062 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.476802111 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.596506119 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.596587896 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.716336966 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.716417074 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.836278915 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.836513996 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:16.956243992 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:16.956382990 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.076096058 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.076180935 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.195890903 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.195976019 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.315793037 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.315865040 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.435619116 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.435741901 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.555510044 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.555587053 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.675357103 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.675417900 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.795140982 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.795207024 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:17.914999008 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:17.915086985 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:18.034861088 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:18.034977913 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:18.154671907 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:18.154759884 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:18.190960884 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:18.191056967 CET	50004	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:18.274715900 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:18.310826063 CET	5556	50004	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:18.864491940 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:18.984411955 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:18.988507986 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:18.992362022 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.112212896 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.114855051 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.234729052 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.234805107 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.355022907 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.355125904 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.475001097 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.475087881 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.595107079 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.595252991 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.715276003 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.715364933 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.835185051 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.835268974 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:19.955089092 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:19.955173969 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.075073957 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.075185061 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.195081949 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.195219040 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.315074921 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.315340996 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.435182095 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.435332060 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.555172920 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.555525064 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.675438881 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.675616026 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.795492887 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.795654058 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:20.916398048 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:20.916579008 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.037086964 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.037329912 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.157215118 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.157298088 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.277769089 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.277873993 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.397607088 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.397746086 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.517545938 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.517613888 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.638905048 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.638994932 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.707149029 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.707223892 CET	50011	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:21.759052992 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:21.826946020 CET	5556	50011	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:22.333082914 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:22.452845097 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:22.452965975 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:22.458585024 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:22.578485966 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:22.578562021 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:22.698359966 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:22.698451042 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:22.818233967 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:22.818319082 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:22.938038111 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:22.938158035 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.059606075 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.059731960 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.179433107 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.179529905 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.299282074 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.300652981 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.420408010 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.420689106 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.540433884 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.540514946 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.660398960 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.660512924 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.780348063 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.780448914 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:23.900214911 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:23.900289059 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.020087957 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.024666071 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.144722939 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.147703886 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.267587900 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.267676115 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.387516975 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.387614965 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.507474899 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.507549047 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.627370119 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.627449989 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.747523069 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.747612000 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.867675066 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.867759943 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:24.987879038 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:24.988081932 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:25.108143091 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:25.108221054 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:25.177824974 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:25.177903891 CET	50022	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:25.227955103 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:25.297739029 CET	5556	50022	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:25.789031982 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:25.908972025 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:25.912697077 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:25.918148041 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.037996054 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.039557934 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.159523010 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.160902023 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.280781031 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.281013966 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.400934935 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.401026011 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.520886898 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.520987034 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.640719891 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.640791893 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.760545015 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.760708094 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:26.880697966 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:26.881077051 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.000895023 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.000998020 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.120672941 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.120881081 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.240617990 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.242021084 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.361753941 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.361920118 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.481630087 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.481755972 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.601470947 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.601538897 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.721190929 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.721265078 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.840984106 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.841053009 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:27.961224079 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:27.961333990 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.081235886 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.081394911 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.201288939 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.201374054 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.321250916 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.321418047 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.441472054 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.441553116 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.562175989 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.562238932 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.651907921 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.651978970 CET	50030	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:28.681982994 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:28.771713018 CET	5556	50030	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:29.193635941 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:29.313863993 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:29.315186024 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:29.337100983 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:29.456857920 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:29.457011938 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:29.577037096 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.262005091 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:30.381699085 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.381772995 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:30.501480103 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.501590967 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:30.621238947 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.621309996 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:30.741906881 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.742028952 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:30.861849070 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.862030983 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:30.981785059 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:30.981849909 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.101622105 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.101701021 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.221462965 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.221568108 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.341378927 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.344717026 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.464518070 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.464639902 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.584916115 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.584985971 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.704628944 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.707633018 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.827435970 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.828674078 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:31.948482037 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:31.948666096 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:32.003801107 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:32.004452944 CET	50039	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:32.068373919 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:32.127055883 CET	5556	50039	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:32.525743961 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:32.645482063 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:32.645579100 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:32.650882006 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:32.773860931 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:32.773930073 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:32.894659996 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:32.894886017 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:33.014637947 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:33.633585930 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:33.753319025 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:33.753403902 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:33.873198032 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:33.873290062 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:33.994149923 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:33.994257927 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.114505053 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.115228891 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.234982967 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.236881971 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.356719017 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.356933117 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.476804972 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.476917982 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.596832037 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.596944094 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.716737032 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.716824055 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:34.907257080 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:34.907352924 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.028080940 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.028156996 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.148334026 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.148525953 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.269025087 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.269098043 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.375423908 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.375510931 CET	50042	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.388787985 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.495539904 CET	5556	50042	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.851440907 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.971343994 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:35.971419096 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:35.973784924 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.093688965 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.093851089 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.213609934 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.213696957 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.334111929 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.334181070 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.453922987 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.454081059 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.573770046 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.573838949 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.693664074 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.693758965 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.813477039 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.813556910 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:36.933257103 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:36.933348894 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.053210974 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.053303957 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.174065113 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.174139023 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.293916941 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.293999910 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.413764954 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.414165974 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.534071922 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.534338951 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.654017925 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.654126883 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.773962021 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.774048090 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:37.893737078 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:37.893908024 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.013727903 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.013966084 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.133721113 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.133795977 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.253549099 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.253638029 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.373337030 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.373413086 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.493273973 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.493376017 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.613172054 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.613270998 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.660176039 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.660250902 CET	50043	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:38.733223915 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:38.780237913 CET	5556	50043	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.113919020 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.233840942 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.233956099 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.237171888 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.356980085 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.357050896 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.476835966 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.480715036 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.600442886 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.600547075 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.720247984 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.720484972 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.840173960 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.840248108 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:39.959928989 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:39.960779905 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.080600023 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.080694914 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.200423002 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.201800108 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.321574926 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.321666956 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.441334009 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.441422939 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.561094999 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.561167955 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.680874109 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.680947065 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.801145077 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.801338911 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:40.920948029 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:40.921144009 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.040868998 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.040961981 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.160598040 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.160676003 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.280647993 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.280848026 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.400592089 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.400757074 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.520483017 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.520553112 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.640259027 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.640324116 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.760143042 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.760332108 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:41.881124973 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:41.881191969 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.000999928 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.001065969 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.005105972 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.005167007 CET	50044	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.120764971 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.124876022 CET	5556	50044	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.436999083 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.558228016 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.558502913 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.611089945 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.730823994 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.730901957 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:42.850615978 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:42.988373995 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.108207941 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.108273029 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.228101969 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.228168011 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.347852945 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.347910881 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.467562914 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.467628956 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.587260962 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.587394953 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.707133055 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.707209110 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.826942921 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.827049971 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:43.946795940 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:43.946953058 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.066728115 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.066816092 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.186585903 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.186707973 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.306519985 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.308675051 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.428384066 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.428740025 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.548485994 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.548677921 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.668365955 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.668682098 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.788469076 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.788655996 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:44.908363104 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:44.908442020 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:45.028103113 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:45.028681040 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:45.148446083 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:45.148547888 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:45.254234076 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:45.254347086 CET	50045	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:45.268395901 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:45.374043941 CET	5556	50045	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:45.703744888 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:45.823698997 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:45.823803902 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:45.937510014 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.057948112 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.058029890 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.177839041 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.177902937 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.297781944 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.297842026 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.417571068 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.417732000 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.537384033 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.537480116 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.657413006 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.657485008 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.777206898 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.777298927 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:46.896956921 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:46.897077084 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.016813040 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.017026901 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.136986017 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.137079000 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.256859064 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.256928921 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.376579046 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.376681089 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.496362925 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.496588945 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.616312027 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.616389990 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.736151934 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.736238003 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.855921984 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.856000900 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:47.975680113 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:47.975764036 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:48.112085104 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.112216949 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:48.232116938 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.232376099 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:48.352195024 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.352272987 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:48.472064018 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.472150087 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:48.519884109 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.519958973 CET	50046	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:48.591869116 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.639674902 CET	5556	50046	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:48.882478952 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.002207041 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.002329111 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.119580030 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.239264011 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.239340067 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.359105110 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.359163046 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.478820086 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.478873968 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.598613977 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.598695993 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.718400002 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.718503952 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.838627100 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.838705063 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:49.958803892 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:49.958883047 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.078632116 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.078814030 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.198582888 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.198694944 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.318619013 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.318739891 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.438740015 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.438823938 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.558485031 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.558588982 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.678899050 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.678973913 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.798702002 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.800461054 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:50.920161963 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:50.922688007 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.042363882 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.042762995 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.162542105 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.162633896 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.282464027 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.282543898 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.402482033 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.402549982 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.522233009 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.522319078 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.642095089 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.642278910 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.725935936 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.726033926 CET	50047	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:51.761970997 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:51.845743895 CET	5556	50047	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.067241907 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.206617117 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.206717968 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.381068945 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.500850916 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.500917912 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.620649099 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.620735884 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.740473986 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.740556002 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.860338926 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.860637903 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:52.980458975 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:52.980778933 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.100660086 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.100888968 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.220729113 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.220819950 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.340579987 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.340712070 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.460478067 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.464812994 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.584580898 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.588473082 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.708209038 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.708314896 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.828222036 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.828804016 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:53.948633909 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:53.952827930 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.074455023 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.076880932 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.196978092 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.200792074 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.320715904 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.320805073 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.441530943 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.441629887 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.563370943 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.563441992 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.683373928 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.683456898 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.803360939 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.803467989 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.911669970 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:54.911761045 CET	50048	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:54.923221111 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:55.031582117 CET	5556	50048	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:55.243757010 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:55.363689899 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:55.363789082 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:55.458893061 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:55.578553915 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:55.578623056 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:55.698262930 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:55.809667110 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:55.929378986 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:55.929431915 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.049143076 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.049262047 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.169015884 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.169116020 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.288892984 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.289150953 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.408987999 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.409318924 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.529593945 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.529773951 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.649466991 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.649538994 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.769269943 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.769412994 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:56.889319897 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:56.889414072 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.009202003 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.009361982 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.129136086 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.129277945 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.249275923 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.249480009 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.369338989 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.369561911 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.489379883 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.489480019 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.610766888 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.610903978 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.730633974 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.730714083 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.850621939 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.850697994 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:57.970474005 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:57.970621109 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.090662956 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.090739965 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.104624987 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.104696035 CET	50049	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.210433006 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.224566936 CET	5556	50049	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.421196938 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.540970087 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.541229963 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.544306993 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.670568943 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.670731068 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.790416002 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.790486097 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:58.910176992 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:58.910269022 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.029970884 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.030050993 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.149799109 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.149981976 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.269798040 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.269952059 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.390141964 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.390290976 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.510056019 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.510155916 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.629968882 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.630105019 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.749954939 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.750137091 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.870038033 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.870132923 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:39:59.990000963 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:39:59.990086079 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.110322952 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.110404968 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.230325937 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.230403900 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.350122929 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.350183964 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.469933033 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.470010042 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.589771032 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.589899063 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.709661961 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.709888935 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.829653025 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.829782963 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:00.949740887 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:00.949858904 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.069605112 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.069760084 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.189497948 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.189567089 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.259876013 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.259993076 CET	50050	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.309931993 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.379707098 CET	5556	50050	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.535995007 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.655982018 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.656126022 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.659044027 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.778851986 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.778939962 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:01.898845911 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:01.899002075 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:02.018940926 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:02.019195080 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:02.139036894 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:02.139256001 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:02.259450912 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:02.259722948 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:02.380436897 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:02.631335974 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:02.751250029 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:02.751323938 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:02.871155024 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.053909063 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.173887968 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.173954964 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.293678999 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.293744087 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.413579941 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.413819075 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.533689976 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.533987045 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.653851032 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.653943062 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.773736000 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.773802042 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:03.893569946 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:03.893672943 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.015430927 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.015676975 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.136318922 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.136559963 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.257436991 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.257586956 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.350842953 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.351031065 CET	50051	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.377620935 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.470886946 CET	5556	50051	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.615297079 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.735111952 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.735378981 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.742331028 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.862166882 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.862412930 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:04.982239008 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:04.982338905 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.102148056 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.102350950 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.222075939 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.222162008 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.342796087 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.342915058 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.462718010 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.462905884 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.582763910 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.583014011 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.702744007 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.702960968 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.822714090 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.822958946 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:05.942833900 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:05.942943096 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.062856913 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.063098907 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.183568954 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.183830023 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.303977966 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.304058075 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.423841000 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.423918009 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.543677092 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.543759108 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.663523912 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.663758039 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.783582926 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.783715010 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:06.903655052 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:06.903858900 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.026344061 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.026520967 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.146358013 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.146450996 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.266292095 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.266586065 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.386456013 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.386534929 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.451169968 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.451231003 CET	50052	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.506263018 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.571363926 CET	5556	50052	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.692305088 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.812685966 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.812942028 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.815543890 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:07.935250998 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:07.935450077 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.055267096 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.055382013 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.175189018 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.175394058 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.296291113 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.296406031 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.535394907 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.535597086 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.656095982 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.656181097 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.775867939 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.776016951 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:08.895785093 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:08.895879984 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.015600920 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.015714884 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.135432959 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.135560036 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.255300999 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.255398035 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.375518084 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.375628948 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.495862961 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.495953083 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.615746021 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.615853071 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.736458063 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.736543894 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.857304096 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.857399940 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:09.978234053 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:09.978363991 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.100886106 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.100986958 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.223035097 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.223258972 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.342961073 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.343142033 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.463294983 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.463399887 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.524930000 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.525053024 CET	50053	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.583395004 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.644691944 CET	5556	50053	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.754487038 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.875207901 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.875298977 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.878173113 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:10.997948885 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:10.998044014 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.117885113 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.117990017 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.237741947 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.237863064 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.360554934 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.360738993 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.480654001 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.480829954 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.600610018 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.600743055 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.720526934 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.720669031 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.841326952 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.841417074 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:11.961178064 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:11.961340904 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.081150055 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.081280947 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.201122046 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.201291084 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.321079969 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.321377039 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.442399025 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.442514896 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.562263012 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.562463999 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.682243109 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.682403088 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.803405046 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.803514957 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:12.923329115 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:12.923631907 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.043510914 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.043603897 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.163466930 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.163563013 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.283389091 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.283601046 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.403536081 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.403708935 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.523838043 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.523963928 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.604804993 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.604932070 CET	50054	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.643827915 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.724653006 CET	5556	50054	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.817728996 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.937611103 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:13.937706947 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:13.942109108 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.061830997 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.061990976 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.182478905 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.182599068 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.302484989 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.302561998 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.422308922 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.422379971 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.542125940 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.542191029 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.663439035 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.663535118 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.783457994 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.783567905 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:14.903274059 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:14.903388977 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.023228884 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.023293972 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.143076897 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.143269062 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.263142109 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.263358116 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.383233070 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.383467913 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.503344059 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.503504038 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.623248100 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.623334885 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.743083954 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.743199110 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.863029957 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.863130093 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:15.982979059 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:15.983103991 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:16.103054047 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:16.103205919 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:16.223366976 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:16.631910086 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:16.631964922 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:16.975897074 CET	50055	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:16.976994038 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.095690012 CET	5556	50055	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.096719980 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.096797943 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.099776030 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.219784975 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.220228910 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.340015888 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.340215921 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.459994078 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.460093021 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.579893112 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.580219984 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.700053930 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.700124979 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.819914103 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.820271015 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:17.940078974 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:17.940515995 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.060319901 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.060429096 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.180248022 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.180517912 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.300862074 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.300920010 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.420665026 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.420737028 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.540458918 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.540514946 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.660197020 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.660604000 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.780435085 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.780607939 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:18.900803089 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:18.900893927 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.020657063 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.020731926 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.140682936 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.140753984 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.260612011 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.260716915 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.380588055 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.380784988 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.500593901 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.500780106 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.620698929 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.631565094 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.751311064 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.751451969 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.788748980 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.788805962 CET	50056	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:19.871408939 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.908834934 CET	5556	50056	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:19.988945961 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.108871937 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.108952999 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.128602028 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.248322964 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.248384953 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.368052006 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.368124008 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.487816095 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.487881899 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.607597113 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.607656002 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.727320910 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.727451086 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.847147942 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.847259045 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:20.967128038 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:20.967319965 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.087161064 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.087232113 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.207164049 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.207245111 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.327025890 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.327142954 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.447101116 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.447325945 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.567281961 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.568099022 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.687746048 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.690844059 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.810683966 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.812829971 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:21.932691097 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:21.933446884 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.053319931 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.053711891 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.173655987 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.173835993 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.293699026 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.294764042 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.414546013 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.414654970 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.534439087 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.534734964 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.654712915 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.670804977 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.792118073 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.792172909 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.856636047 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.856777906 CET	50057	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:22.911920071 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:22.976519108 CET	5556	50057	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.048568964 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.168595076 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.169641972 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.183068991 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.302874088 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.302932024 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.422780991 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.422862053 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.542682886 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.542754889 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.662699938 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.662868977 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.782954931 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.783205986 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:23.903067112 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:23.903300047 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.023282051 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.023459911 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.143357992 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.143436909 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.263341904 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.263521910 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.383379936 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.383670092 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.545922041 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.548863888 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.720669031 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.724905968 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.845470905 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.848922014 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:24.968662977 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:24.968756914 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.088635921 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.092802048 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.212666035 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.217099905 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.337029934 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.340961933 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.460949898 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.461045980 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.580931902 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.581144094 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.701066017 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.701268911 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.821264982 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.821403027 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.885442019 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:25.885674000 CET	50058	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:25.941284895 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.005511999 CET	5556	50058	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.053553104 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.173415899 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.173557997 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.176634073 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.296493053 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.296689987 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.416821957 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.417212963 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.537188053 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.537477970 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.657294989 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.657496929 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.779472113 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.779551983 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:26.899394035 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:26.899940968 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.019818068 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.019969940 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.140696049 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.141977072 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.262043953 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.262162924 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.382796049 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.382942915 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.502938032 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.503175974 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.623375893 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.623447895 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.743424892 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.743608952 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.863511086 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.863653898 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:27.983403921 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:27.983488083 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.103368044 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.103442907 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.223256111 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.223337889 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.343126059 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.343334913 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.463149071 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.463351965 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.583117962 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.583242893 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.703105927 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.703299999 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.823105097 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.823291063 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.886981010 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:28.887082100 CET	50059	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:28.943033934 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.006854057 CET	5556	50059	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.036127090 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.155996084 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.156196117 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.159133911 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.278898954 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.278983116 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.398933887 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.399039030 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.518802881 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.518964052 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.638859034 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.639070988 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.758979082 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.759232044 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.879196882 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.879333019 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:29.999171019 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:29.999247074 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.119302988 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.119407892 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.239206076 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.239409924 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.359384060 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.359540939 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.479351044 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.479424000 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.599225044 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.599330902 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.719156981 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.719324112 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.839138031 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.839359999 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:30.959309101 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:30.959433079 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.079287052 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.079354048 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.199333906 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.199407101 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.319294930 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.319360971 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.439228058 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.439865112 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.560517073 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.562849998 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.682758093 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.683363914 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.803198099 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.803291082 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.870235920 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.870302916 CET	50060	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:31.923031092 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:31.990045071 CET	5556	50060	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.020174980 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.140295029 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.144779921 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.153283119 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.273102999 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.275791883 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.395692110 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.395852089 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.515697956 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.515894890 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.635693073 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.635835886 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.755573988 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.755666018 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.875371933 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.875453949 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:32.995213985 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:32.995300055 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.115284920 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.115370035 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.235445023 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.235641003 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.355463982 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.355643988 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.475435019 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.475703001 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.595760107 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.595977068 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.715759993 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.715840101 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.835591078 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.835747957 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:33.955537081 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:33.955666065 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.075643063 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.075728893 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.195657015 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.195734024 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.316164970 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.316380024 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.436350107 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.436589956 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.559871912 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.560161114 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.679934025 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.680038929 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.799788952 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.800112009 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.869893074 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.870045900 CET	50061	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:34.919753075 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:34.989816904 CET	5556	50061	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.004549980 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.124408007 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.124526978 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.127258062 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.247411966 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.247474909 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.369338989 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.369455099 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.489097118 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.489178896 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.609503984 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.609625101 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.731273890 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.731374979 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.851149082 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.851371050 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:35.971304893 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:35.971550941 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.091345072 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.091413021 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.211190939 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.211558104 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.331382990 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.331465006 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.452186108 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.452259064 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.573193073 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.573407888 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.693593979 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.693671942 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.813477039 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.813676119 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:36.933466911 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:36.933650970 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.053725004 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.053885937 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.173912048 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.174037933 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.293946981 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.294019938 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.413916111 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.414041996 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.533787012 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.533863068 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.653594971 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.653804064 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.773572922 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.773711920 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.820579052 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.820841074 CET	50062	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:37.893491030 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.940694094 CET	5556	50062	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:37.942096949 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.061996937 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.062165022 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.065382957 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.185241938 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.185343981 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.305737972 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.305969954 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.425795078 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.425888062 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.545646906 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.545805931 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.665697098 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.665775061 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.785547018 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.785677910 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:38.905445099 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:38.905575991 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.025422096 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.025522947 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.145318985 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.145550013 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.265240908 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.265561104 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.385262966 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.385411024 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.505215883 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.505413055 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.625108957 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.625181913 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.744941950 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.745028019 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.864758015 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.864835978 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:39.984592915 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:39.984777927 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.104844093 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.104932070 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.224946976 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.225035906 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.344851017 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.345124960 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.464931965 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.465182066 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.584944010 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.585020065 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.704747915 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.704981089 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.784461975 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.784529924 CET	50063	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:40.824750900 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.904908895 CET	5556	50063	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:40.912004948 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.031740904 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.031862974 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.035015106 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.154669046 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.154867887 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.274765015 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.274966002 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.394712925 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.394782066 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.514513969 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.514594078 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.634251118 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.634330034 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.755012989 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.755170107 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.876236916 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.876333952 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:41.996167898 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:41.996247053 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.116149902 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.116276979 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.236054897 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.236155033 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.355907917 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.356075048 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.475927114 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.476097107 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.596090078 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.596304893 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.716308117 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.716376066 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.836278915 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.836426973 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:42.956146955 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:42.956258059 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.076127052 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.076239109 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.196012974 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.196146011 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.315972090 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.316076040 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.435838938 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.490588903 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.610373974 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.611350060 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.729444027 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.731074095 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.731102943 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.847865105 CET	50064	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.848287106 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.850775003 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.967664003 CET	5556	50064	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.967979908 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:43.968116999 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:43.982639074 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.102370024 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.102477074 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.222296953 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.222410917 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.342092991 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.345412016 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.465200901 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.468853951 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.588841915 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.592787981 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.712467909 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.712909937 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.832600117 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.832798004 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:44.952537060 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:44.995573044 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.115714073 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.116827965 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.236543894 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.236681938 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.356347084 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.358330011 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.478032112 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.478288889 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.598057985 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.598411083 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.718269110 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.718435049 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.838140011 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.838263035 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:45.958051920 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:45.959348917 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:46.079205990 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.079336882 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:46.199202061 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.199286938 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:46.319164991 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.319338083 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:46.439239025 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.439351082 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:46.560357094 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.560451031 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:46.680250883 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.699876070 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:46.700114965 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:48.941826105 CET	50065	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:48.942513943 CET	50066	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:49.061605930 CET	5556	50065	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:49.062189102 CET	5556	50066	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:49.062339067 CET	50066	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:49.064248085 CET	50066	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:49.183932066 CET	5556	50066	188.212.158.75	192.168.2.4
Dec 16, 2024 07:40:49.183984041 CET	50066	5556	192.168.2.4	188.212.158.75
Dec 16, 2024 07:40:49.303745985 CET	5556	50066	188.212.158.75	192.168.2.4

Target ID:	0
Start time:	01:36:39
Start date:	16/12/2024
Path:	C:\Users\user\Desktop\5556.rar.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\5556.rar.exe"
Imagebase:	0x380000
File size:	24'064 bytes
MD5 hash:	475813F4CABFFE076AEFBD618A982512
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000002.1837863185.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, Author: unknown Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.1770794894.0000000000382000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	01:36:46
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Roaming\lsass.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lsass.exe"
Imagebase:	0xf40000
File size:	24'064 bytes
MD5 hash:	475813F4CABFFE076AEFBD618A982512
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000001.00000002.4229641773.0000000003C41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: Joe Security Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: unknown Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: Florian Roth Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: Brian Wallace @botnet_hunter Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: JPCERT/CC Incident Response Group Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\lsass.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 95%, ReversingLabs Detection: 88%, Virustotal, Browse
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	01:36:52
Start date:	16/12/2024
Path:	C:\Windows\SysWOW64\netsh.exe
Wow64 process (32bit):	true
Commandline:	netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\lsass.exe" "lsass.exe" ENABLE
Imagebase:	0x1560000
File size:	82'432 bytes
MD5 hash:	4E89A1A088BE715D6C946E55AB07C7DF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	01:36:52
Start date:	16/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	01:37:05
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Roaming\lsass.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lsass.exe" ..
Imagebase:	0x7d0000
File size:	24'064 bytes
MD5 hash:	475813F4CABFFE076AEFBD618A982512
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	01:37:13
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Roaming\lsass.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lsass.exe" ..
Imagebase:	0x900000
File size:	24'064 bytes
MD5 hash:	475813F4CABFFE076AEFBD618A982512
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	01:37:21
Start date:	16/12/2024
Path:	C:\Users\user\AppData\Roaming\lsass.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\lsass.exe" ..
Imagebase:	0xb30000
File size:	24'064 bytes
MD5 hash:	475813F4CABFFE076AEFBD618A982512
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	47
Total number of Limit Nodes:	2

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00E60258 Relevance: 6.5, Strings: 5, Instructions: 278
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 00E60363
M\k^, xrefs: 00E6034F, 00E60354
-\k^, xrefs: 00E60415, 00E6041A
=\k^, xrefs: 00E603B2, 00E603B7
2k, xrefs: 00E603C1

Memory Dump Source

Source File: 00000000.00000002.1837763934.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_5556.jbxd

Similarity

API ID:
String ID: -\k^$2k$2k$=\k^$M\k^
API String ID: 0-243541282
Opcode ID: fbc19c5aaac57c1a691716149acde80d707519b16ba8ec362bf555047df393d6
Instruction ID: 35ecaa7369ec03023d580d23520f092007a60856e5219b558968c780f5e9fe60
Opcode Fuzzy Hash: fbc19c5aaac57c1a691716149acde80d707519b16ba8ec362bf555047df393d6
Instruction Fuzzy Hash: 75B1BF38B003008FC714EB39E65566D77E3BB8935CB108429D8069B799EF3A9C86DB65

Function 00E60249 Relevance: 6.5, Strings: 5, Instructions: 277
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 00E60363
M\k^, xrefs: 00E6034F, 00E60354
-\k^, xrefs: 00E60415, 00E6041A
=\k^, xrefs: 00E603B2, 00E603B7
2k, xrefs: 00E603C1

Memory Dump Source

Source File: 00000000.00000002.1837763934.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_5556.jbxd

Similarity

API ID:
String ID: -\k^$2k$2k$=\k^$M\k^
API String ID: 0-243541282
Opcode ID: 026b95c0e8974a4aff20ee4d52ab6355621f6939581b5987eb5308d5f28a01a8
Instruction ID: 30263e60660536ce690064e8d607ae255a59b4f6e7b364f8cf7f328fb30cc325
Opcode Fuzzy Hash: 026b95c0e8974a4aff20ee4d52ab6355621f6939581b5987eb5308d5f28a01a8
Instruction Fuzzy Hash: A1B1B138B003008FC715EB38E65566D77E3BF8931CB108469D8069B799EF3A9C86DB65

Function 00E602A5 Relevance: 6.5, Strings: 5, Instructions: 251
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 00E60363
M\k^, xrefs: 00E6034F, 00E60354
-\k^, xrefs: 00E60415, 00E6041A
=\k^, xrefs: 00E603B2, 00E603B7
2k, xrefs: 00E603C1

Memory Dump Source

Source File: 00000000.00000002.1837763934.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_5556.jbxd

Similarity

API ID:
String ID: -\k^$2k$2k$=\k^$M\k^
API String ID: 0-243541282
Opcode ID: 6ed2202b457d9171ebe1c77d1a2af7b7b3043481f2bacc5104eb801dbee96fc5
Instruction ID: dc1c642641da65c667e8e85b170d21edb263b5dda3536a82c88b2070defa1eb5
Opcode Fuzzy Hash: 6ed2202b457d9171ebe1c77d1a2af7b7b3043481f2bacc5104eb801dbee96fc5
Instruction Fuzzy Hash: 97A1B138B003008FC715EB38E65566D77E3BB8931CB108429D8069B7A9EF369C86DB65

Function 0096A94F Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0096AA05

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: f8ebe81fc59cf561ec23643deca8e11fb5424dec51edbc8e9a224cc4e8944892
Instruction ID: 65f99830edce42f6516399ae0bda8938402bff3f21b765ffbe5c71cba8af23b4
Opcode Fuzzy Hash: f8ebe81fc59cf561ec23643deca8e11fb5424dec51edbc8e9a224cc4e8944892
Instruction Fuzzy Hash: 9931B0B1504380AFE722CF25DD44B66BFF8EF06314F08849AE9849B262D375E909CB71

Function 0096A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0096A6B9

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: f46839f61e50c11dabe6ce51ed3117a9b62a442343646bae1dba1fe49d0bcfa5
Instruction ID: 025cbf85800b3ed62db15958b916148e177de14b312f98127af320ae71535c8b
Opcode Fuzzy Hash: f46839f61e50c11dabe6ce51ed3117a9b62a442343646bae1dba1fe49d0bcfa5
Instruction Fuzzy Hash: D13193B55093845FE712CB25DD85B96BFF8EF06310F08849AE984CB292D375E909CB72

Function 0096A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096A40C

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a2ec6d8cb7dddfc2525be6edfc40b924b798c1c026e740560993d2b5c5260100
Instruction ID: afb6ffdf5ec27b698e5e9b6cc91aeb30f50c5836f03e36fd2749a6a307fe2100
Opcode Fuzzy Hash: a2ec6d8cb7dddfc2525be6edfc40b924b798c1c026e740560993d2b5c5260100
Instruction Fuzzy Hash: 77318E75504784AFE722CF15CC84F96BBFCEF06310F08849AE9459B2A2D364E909CB72

Function 0096AA5C Relevance: 1.6, APIs: 1, Instructions: 79
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096AAF1

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 4063774ee35b8e500f8c02ad4bd73303e46cea9df4560af9c30a735463e5ccbf
Instruction ID: 8ca5344057148a82b013ac7e19b188bbebcc4992574e1d454adddc3277c3b3fc
Opcode Fuzzy Hash: 4063774ee35b8e500f8c02ad4bd73303e46cea9df4560af9c30a735463e5ccbf
Instruction Fuzzy Hash: 1021F8B54053846FE7128F25DC81BA6BFBCEF07324F0985D6E9448B2A3D264AD09CB75

Function 0096A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096A4F8

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4939d14f424a90892abcc93990d6a32c8df21d9c13e26ecf3203b77a916bfb27
Instruction ID: 559158b245d9284af202f457e59351c08fce62645f17e3bbcc5b13dd128a6ce1
Opcode Fuzzy Hash: 4939d14f424a90892abcc93990d6a32c8df21d9c13e26ecf3203b77a916bfb27
Instruction Fuzzy Hash: C02190765043846FD722CF15DC44FA7BFBCEF46220F08849AE985DB652D264E948CB72

Function 0096A986 Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0096AA05

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 309065b5537470faf15bdc7ca84be5f096bdabb743746b17becae930e43b0a9b
Instruction ID: 507cba3e2ec8dcfa063443daf6e4b74a19ecd802979a1f580fdda2e264cb34c7
Opcode Fuzzy Hash: 309065b5537470faf15bdc7ca84be5f096bdabb743746b17becae930e43b0a9b
Instruction Fuzzy Hash: 0B21A171500304AFE720CF65DD45B66FBE8EF04320F18886AE9459B652D375E808CB72

Function 0096A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0096A6B9

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: c194703f15d6bb6fe4976b2d87bca02fecd52bb08b30a17095bddb8285038167
Instruction ID: f693f5023beb21b52b0368b9df3e2c93311c731eef6f18f91987f3e98e80cca1
Opcode Fuzzy Hash: c194703f15d6bb6fe4976b2d87bca02fecd52bb08b30a17095bddb8285038167
Instruction Fuzzy Hash: 1121F2756002409FE720CF25DD85BA6FBE8EF04320F08886AE9489B741D374E808CA72

Function 0096AC0E Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096AC8D

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 24cbeb26ef5cc057a9c2e98676c106d30fb461ec6619d7c87f6a0141b74c7191
Instruction ID: 49712540136bbf92cfc3c1da095b1aec06314a0e8fab2d1cb543cc5d775aef6e
Opcode Fuzzy Hash: 24cbeb26ef5cc057a9c2e98676c106d30fb461ec6619d7c87f6a0141b74c7191
Instruction Fuzzy Hash: 3C21D472404384AFD722CF55DC44F97BFB8EF45310F08889AE9859B552C239A908CB72

Function 0096A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096A40C

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e0765ee9b4c7e60249c217bc78f3e66089a6cc64b114662fbd24363a458f77c9
Instruction ID: 3c1e8697c3abc88d6b3ade9314cf3670af7e8df047d630921fb192c1a8409bec
Opcode Fuzzy Hash: e0765ee9b4c7e60249c217bc78f3e66089a6cc64b114662fbd24363a458f77c9
Instruction Fuzzy Hash: 99218E766007049FE721CF15CD88FA6B7ECEF04720F0484AAE9459B751D774E909CA72

Function 0096A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096A4F8

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8d113d0d712dbdac37656d2574401a4772c5a7e00821d8bb0d70a25737058fc6
Instruction ID: 294304a178c84d436f27fa4281a7cbb329b0715da46815fe2fa23ab4102ba7fb
Opcode Fuzzy Hash: 8d113d0d712dbdac37656d2574401a4772c5a7e00821d8bb0d70a25737058fc6
Instruction Fuzzy Hash: F911BE76500304AFEB21CF15DD45FAABBECEF04724F04845AED4A9A651D774E808CAB2

Function 0096A2D2 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(?), ref: 0096A330

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: d4653c5bcfabed5c7bf9e2f8214c8f08e8cc6c564e89504c431f3f330139c0f2
Instruction ID: 9d1641c31ec804683b55d186a7b7888eb7aa3a58de04d5c577d1b5f9850bfd2a
Opcode Fuzzy Hash: d4653c5bcfabed5c7bf9e2f8214c8f08e8cc6c564e89504c431f3f330139c0f2
Instruction Fuzzy Hash: 5421297540E3C09FD7138B25DC54A62BFB49F07224F0980DBED848F2A3D269A808DB72

Function 0096AE30 Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0096AE8C

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 0175f9a3b1fde20405c70170e00a8a50486f96fad9211b5b87cd5dafde407cb7
Instruction ID: 9ad012db5bde407a01d510e6761ca0ba5aaa5aa7c3e11f8ecd554d3c0961960a
Opcode Fuzzy Hash: 0175f9a3b1fde20405c70170e00a8a50486f96fad9211b5b87cd5dafde407cb7
Instruction Fuzzy Hash: 351163755093805FD712CF25DC94B52BFB8DF46220F0884EAED49CB252D275E908CB62

Function 0096AC2E Relevance: 1.6, APIs: 1, Instructions: 60
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096AC8D

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 0626039db956d56bd9ccdc1bb957b9e8bfcf2ae88d70e33c10ae7a2f2343bcaf
Instruction ID: e08011f8fa995f33443a249557d8cf64fb606095d87d2dc2d25010de28b565f7
Opcode Fuzzy Hash: 0626039db956d56bd9ccdc1bb957b9e8bfcf2ae88d70e33c10ae7a2f2343bcaf
Instruction Fuzzy Hash: C011C472500304AFEB21CF55DD44FAAFBE8EF44324F14886AE9459B651D379A508CBB2

Function 0096AA9E Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,9BDEDD94,00000000,00000000,00000000,00000000), ref: 0096AAF1

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 62199b4463df9340d003e488d7d5e537ed8a3a85a8ecb56a473a0cda068279a5
Instruction ID: 23698e52dcfd5d4dc0e1eac144e2b12332b8b250367232f83b35bcf67dd4be44
Opcode Fuzzy Hash: 62199b4463df9340d003e488d7d5e537ed8a3a85a8ecb56a473a0cda068279a5
Instruction Fuzzy Hash: 4401C475500304AEE7218F15DD89BAAB79CDF44724F14C496ED049B741D378A908CAB6

Function 0096AE52 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 0096AE8C

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: d529a5f68e65856ea2b0755cb4066180b7af8666b7fd3ac506b0583ec8d4608a
Instruction ID: d988721150d7683cba75005ce9f78f175ef14620904180fbafaa718b8d30b007
Opcode Fuzzy Hash: d529a5f68e65856ea2b0755cb4066180b7af8666b7fd3ac506b0583ec8d4608a
Instruction Fuzzy Hash: 4C0192756002408FEB11CF15D988766FBE8EF44320F08C4AADD09DB642D779E808CF62

Function 0096A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0096A330

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 6e7ac7ff39478ba69be2590d2677a0e05ca6f0456ccf5971c8288b206aba8de3
Instruction ID: 52dab4c05de93cfd79e836bac8d43ebd8e6eeecdc664e208ce23da75b13f2abe
Opcode Fuzzy Hash: 6e7ac7ff39478ba69be2590d2677a0e05ca6f0456ccf5971c8288b206aba8de3
Instruction Fuzzy Hash: 55F0AF35904240CFDB108F09D988B61FBE4EF44324F08C09ADD495B752D3B9E808DEA2

Function 0096A710 Relevance: 1.3, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0096A780

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 9cf015b0bfaa3006adadc8498f0936a7a0c46266752627878d95418df8f388cd
Instruction ID: 9fdf8793784e16054b957a3968824ef0a7da0c70562890e93dc3bb83fc2ade78
Opcode Fuzzy Hash: 9cf015b0bfaa3006adadc8498f0936a7a0c46266752627878d95418df8f388cd
Instruction Fuzzy Hash: AE21D5B55043809FD7128F15DC85752BFB8EF12320F0984DBED458B293D2359909CB62

Function 0096A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 0096A780

Memory Dump Source

Source File: 00000000.00000002.1837232265.000000000096A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_96a000_5556.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 41cffb3cf1b7f13d61117f19c4269bfeaecfc238e6c31412ff0a2506346dbf7c
Instruction ID: 2c4323a65a27c2759f78d9b056d5cc796cbe9a31575a3e4dd8d1d406e3e58e10
Opcode Fuzzy Hash: 41cffb3cf1b7f13d61117f19c4269bfeaecfc238e6c31412ff0a2506346dbf7c
Instruction Fuzzy Hash: 000184759002408FEB108F15D989765FBE4EF44320F08C4ABDD499B756D279E808CEA2

Function 00E606D1 Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837763934.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 831ad862c4636e3679bba671c02beb54c99e3783498e4b478c3f1104846749b4
Instruction ID: e48007d185cfec3c01d4bfa71eeee926a9b627da41750426fb83c4f1a9d2b395
Opcode Fuzzy Hash: 831ad862c4636e3679bba671c02beb54c99e3783498e4b478c3f1104846749b4
Instruction Fuzzy Hash: A9A17138B043008FC719EB78D655B6D3BE3BB8930CB204069D5069B7A9EF399C42DB55

Function 00E60080 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837763934.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4476cdff7273235e2ab214c1047d96bd83c88752089ea1d89549b3ec6d559788
Instruction ID: ecdd22d6d2c19d5dcef57f725b6f782d885ebc4eb674ed17becf77f71ef7039c
Opcode Fuzzy Hash: 4476cdff7273235e2ab214c1047d96bd83c88752089ea1d89549b3ec6d559788
Instruction Fuzzy Hash: FF414478A05242CFC704FB38E759889B7E2BF8420C741C929E0444BB6DDB346D8ADB96

Function 00D805DF Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837677648.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d80000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b67e1bf7851ec46e8a5d2ac121638ad85baf99bc7ef3415f3131185af47f53bf
Instruction ID: 8f27fcc3a7132c9048076a39d35d02ce319f641c4b3a08f7a066b50ace936d91
Opcode Fuzzy Hash: b67e1bf7851ec46e8a5d2ac121638ad85baf99bc7ef3415f3131185af47f53bf
Instruction Fuzzy Hash: C001DB765093805FD7128F05AC44862FFF8EF4663070984AFEC4D8B653D2697909CB71

Function 00E60006 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837763934.0000000000E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e60000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca4d6470de1392b72ad5e4ad37cda093810ff4fccf7d16c6f10f7f1cbb4ec317
Instruction ID: 4d75257768eb13cdcdd2879df909ac730f559b906de695251d329006d4b243f5
Opcode Fuzzy Hash: ca4d6470de1392b72ad5e4ad37cda093810ff4fccf7d16c6f10f7f1cbb4ec317
Instruction Fuzzy Hash: 2D013F5595E3D15FE34387711C64294BFB16E43614B4E82C7C494CB5B3E34C491E9BA3

Function 00D80606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837677648.0000000000D80000.00000040.00000020.00020000.00000000.sdmp, Offset: 00D80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_d80000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9581d6d1d867ed20c39986b66172473329c46f64ec558ea0889d181aca1f094d
Instruction ID: e6a0cfc9fdc2adec4a3e1471cc9f3d711403eeb50a973bf5287905a7d8f17989
Opcode Fuzzy Hash: 9581d6d1d867ed20c39986b66172473329c46f64ec558ea0889d181aca1f094d
Instruction Fuzzy Hash: F2E092B66007444B9650CF0AEC85452F7D8EB88630708C07FDC0D8B701E67AB508CAB5

Function 009623F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837217080.0000000000962000.00000040.00000800.00020000.00000000.sdmp, Offset: 00962000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_962000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b99e7bc57e7322deb38c6a1c9fed2d099dec6d2d34ba364d3c866d0d43d09d9
Instruction ID: 482617ccd98a679209baab1e73a6176177d1ab6848adf48ba915e6071b20faa7
Opcode Fuzzy Hash: 0b99e7bc57e7322deb38c6a1c9fed2d099dec6d2d34ba364d3c866d0d43d09d9
Instruction Fuzzy Hash: 80D05E79209AD14FD3269F1CC6A8BA537D8BF51714F4A44F9A800CBB73CB68D985D601

Function 009623BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1837217080.0000000000962000.00000040.00000800.00020000.00000000.sdmp, Offset: 00962000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_962000_5556.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffb0e7d8bda8434d89af9fc414babb4c161a26b3c83d11b6f423bc9057021ae
Instruction ID: 5ff34d3b28964f64564e4929091eac9e29fc21a3d8af69829aded6f7298a292e
Opcode Fuzzy Hash: 5ffb0e7d8bda8434d89af9fc414babb4c161a26b3c83d11b6f423bc9057021ae
Instruction Fuzzy Hash: 3ED05E343406814BC725DF0CC6D4F5937D8AF40B15F0648E9AC108B762C7A8D9C0DA00

Analysis Process: lsass.exePID: 4904, Parent PID: 5496COMMON

Execution Graph

Execution Coverage:	17.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	6.8%
Total number of Nodes:	147
Total number of Limit Nodes:	7

Executed Functions

Function 01B5B83F Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01B5B8BF

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 1d0564dbf9716cd11aa3c12ca7fa1a11e8ee05636cbfcb318c5c575cfa400a99
Instruction ID: ee66d3ce8db65719320d508649a32fe5fe4e8bdab86e7385f60b76d0a8185bd6
Opcode Fuzzy Hash: 1d0564dbf9716cd11aa3c12ca7fa1a11e8ee05636cbfcb318c5c575cfa400a99
Instruction Fuzzy Hash: B721D1765093849FEB238F25DD44B52BFF4EF06310F0884DAE9858B163D375A908CB62

Function 01B5B876 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 01B5B8BF

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 859f2559d8d31bc7ce2374b670d87f7d5843c82b0d7fbd4675f3aa26a2efddca
Instruction ID: c558b7e7265016581000f423d64e53ffd7d4f6ec1d69d87d0b86748993169dd1
Opcode Fuzzy Hash: 859f2559d8d31bc7ce2374b670d87f7d5843c82b0d7fbd4675f3aa26a2efddca
Instruction Fuzzy Hash: 9811A0366002049FEB21CF19DA44B62FBE5EF04220F08C4AAED458B652D335E418CB61

Function 01B5BBA4 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL ref: 01B5BC01

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: 838a144d84b5c66d64b6bddc066acbb84c95779649d2f7ec3e1c043b216f3f57
Instruction ID: 5fffa270468feee5eb337b9e6a1a90bcb00bca33984fadadc68f6c7b24f9cbea
Opcode Fuzzy Hash: 838a144d84b5c66d64b6bddc066acbb84c95779649d2f7ec3e1c043b216f3f57
Instruction Fuzzy Hash: 4011AC71408380AFDB228F15DD45A62FFB4EF06220F09C49AEE844B663D275A918CB62

Function 01B5BBC6 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL ref: 01B5BC01

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: InformationProcess
String ID:
API String ID: 1801817001-0
Opcode ID: d68be085d3661109e503dad230e3f95ee21fada529e94de7f6d13ab97118763b
Instruction ID: b9b996b5ac7dbe0f07e7a08b80a72b4a97912bdea845e583e7204bd966ed9060
Opcode Fuzzy Hash: d68be085d3661109e503dad230e3f95ee21fada529e94de7f6d13ab97118763b
Instruction Fuzzy Hash: EB018F754002449FDB618F09DA88B61FBE5EF44320F08C49ADD854B652D775E458CBA2

Function 05DF0CD8 Relevance: 1.6, APIs: 1, Instructions: 110
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 05DF0CFF

Memory Dump Source

Source File: 00000001.00000002.4231124043.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5df0000_lsass.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 028f74079791b933c23473a0dd81a6121764119380651e075116c48287024072
Instruction ID: a811e982b37b61e3be87dc09f322a6ad3248b927e30816431a84500ad411942e
Opcode Fuzzy Hash: 028f74079791b933c23473a0dd81a6121764119380651e075116c48287024072
Instruction Fuzzy Hash: 30415135A002048FCB08DF79D9885ADB7F2EF88214F15847AD909DB35ADB39DD45CBA1

Function 05DF0CC9 Relevance: 1.6, APIs: 1, Instructions: 106
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 05DF0CFF

Memory Dump Source

Source File: 00000001.00000002.4231124043.0000000005DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5df0000_lsass.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 912743489939bfab20f110128a849b1c88f03ce7847fb5def5491654f50d66c8
Instruction ID: 6c342daf426d26de312d07f3b8e35d25f5f7e52418c0913f8c262e8165c11673
Opcode Fuzzy Hash: 912743489939bfab20f110128a849b1c88f03ce7847fb5def5491654f50d66c8
Instruction Fuzzy Hash: D2416234A002058FCB54DF79C988699B7F2EF88204F15847AD90AEB35AEB35DD45CBA0

Function 05E6275A Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 05E62821

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: b95e05c7df2f9c7dedb6fbc962793939462d40542b7ba9f484c0f11301ad98c6
Instruction ID: 7174345b712eeded6716d81bf794f227b7e8bc1248695e04fa6d7e658e68415d
Opcode Fuzzy Hash: b95e05c7df2f9c7dedb6fbc962793939462d40542b7ba9f484c0f11301ad98c6
Instruction Fuzzy Hash: 09318F76504344AFE721CB65CD84FA7BBFCEF05214F08899AE9859B662D324E908CB71

Function 05E609D7 Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 05E60A9E

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: ba5493d3d234edcc4d2de20c3fab8a34ea79ea11826a23579ca30147a4a851d1
Instruction ID: c44eaf29512370c5f2744cd24f7a9ba4714b96db3f50d7181f5a5fe6a87e856a
Opcode Fuzzy Hash: ba5493d3d234edcc4d2de20c3fab8a34ea79ea11826a23579ca30147a4a851d1
Instruction Fuzzy Hash: 4A318B7510E3C06FD3138B258C65A61BFB4EF47614F0E85CBD8C48B6A3D629A909C7B2

Function 05E61796 Relevance: 1.6, APIs: 1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 05E61856

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: b2182c02f6a80378fe83b0f9d1c1a76710275bb25ec65f65fbd760f26e256aeb
Instruction ID: 45f44de85ccb4b6580c25e2baf42c066f75dda5d3c8e32a14ca5d66413097e2e
Opcode Fuzzy Hash: b2182c02f6a80378fe83b0f9d1c1a76710275bb25ec65f65fbd760f26e256aeb
Instruction Fuzzy Hash: 01318E7150D3C16FD3138B358C61AA2BFB8AF47210F1984DBD8C4DF5A3D225A959C7A2

Function 01B5A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 01B5A6B9

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: df03b18e79ad3df57f4a0ef03ade2c3fbee6ab5d68ec2378164bb8196e1bee5c
Instruction ID: 9ef45a0d6ac3abbbcd0af649fc3f0ab2c935ce2856da9d4f25f94a1832bd9629
Opcode Fuzzy Hash: df03b18e79ad3df57f4a0ef03ade2c3fbee6ab5d68ec2378164bb8196e1bee5c
Instruction Fuzzy Hash: 5931B3755093805FE712CB25DD85B96BFF8EF06210F08849AE984DB293D374E909CB71

Function 05E60EF0 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05E60F87

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 488b5c079fcccd0ef8786c4b440ff008b4ac95f84bb302a6093fc7a76b8efd4c
Instruction ID: 5e90ace598cbe7a34e3deec18e1e11f2473343fd6fda53526668a615ab61dc23
Opcode Fuzzy Hash: 488b5c079fcccd0ef8786c4b440ff008b4ac95f84bb302a6093fc7a76b8efd4c
Instruction Fuzzy Hash: 9431B172504385AFE721CB64DC45FA7BFE8EF05214F0888AAE984DB652D334A908CB71

Function 01B5A8A4 Relevance: 1.6, APIs: 1, Instructions: 87
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 01B5A945

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d63ee38fe314808234ed9d41823922dd55d2cc9a02fc0bcabe5afae45cb6d0f1
Instruction ID: 8af578176b0c8daa14a36f28248aa870bb1febb10bc3cdb1933d0bf4c8a97ec2
Opcode Fuzzy Hash: d63ee38fe314808234ed9d41823922dd55d2cc9a02fc0bcabe5afae45cb6d0f1
Instruction Fuzzy Hash: 7A21D272404344AFE7228B55CC44FA7BFFCEF05210F0489AAE9849B652D374E909CB71

Function 01B5BAAC Relevance: 1.6, APIs: 1, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5BB40

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: f412d59983c8687d97cdb8d683eff42326e59ab2ddc2d2d001edd897e6e0cc9e
Instruction ID: 0ef9872b6959d016ba93b13de5f7a1995057d41495f49396328c9ab2e3370914
Opcode Fuzzy Hash: f412d59983c8687d97cdb8d683eff42326e59ab2ddc2d2d001edd897e6e0cc9e
Instruction Fuzzy Hash: 5021F6B25093805FE7128B25DD45BA6BFB8EF06324F0884DBE844CF193D264AA09CB71

Function 01B5A98D Relevance: 1.6, APIs: 1, Instructions: 86
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 01B5AA49

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: 5679576fc36391d3f10ae776b2baf2e4b72924264d59a7df84e11c443c166f5f
Instruction ID: 352bffe2351c3d98cf368ade93007f6e14b5b279220357c86042a2d4d80ac906
Opcode Fuzzy Hash: 5679576fc36391d3f10ae776b2baf2e4b72924264d59a7df84e11c443c166f5f
Instruction Fuzzy Hash: C231D471005384AFEB22CF60CD45FA6FFB8EF06324F18889AE9849B553D275A509CB75

Function 01B5AEC5 Relevance: 1.6, APIs: 1, Instructions: 86
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01B5AF69

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1e79f4d94fdc6c365e6eb00f8c2a6341bb2301ae388744881c4cc42f6c672478
Instruction ID: 9c4d14df6fcd1a9e81dbd365612eb8046da41e430f1f649ffa770c36735e8096
Opcode Fuzzy Hash: 1e79f4d94fdc6c365e6eb00f8c2a6341bb2301ae388744881c4cc42f6c672478
Instruction Fuzzy Hash: BD319EB1504344AFE721CF25DD84F56FBF8EF05210F0888AAE9859B692D375E908CB71

Function 05E62786 Relevance: 1.6, APIs: 1, Instructions: 86
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 05E62821

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: d30c5f2ca0a42f87c9497545c711c8b77354a993ab113c552d81a4505e50bf7c
Instruction ID: 21306db0c0f7683d58cab7f58495618a2cfa6b5406d04876ea1fab784f1167ba
Opcode Fuzzy Hash: d30c5f2ca0a42f87c9497545c711c8b77354a993ab113c552d81a4505e50bf7c
Instruction Fuzzy Hash: DD219E76500204AFEB31DE55CD84FA7BBECEF08354F04886AEA85D7651D734E5088A71

Function 01B5A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5A40C

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3ece93f763d9f5a1f4a7d8eb2281c58e313e1a52477d60a5401cdaf8325aaad8
Instruction ID: 7b2e1778ca7154dff9f757ca04811296ad6129f8027609856d2a452bd01862ee
Opcode Fuzzy Hash: 3ece93f763d9f5a1f4a7d8eb2281c58e313e1a52477d60a5401cdaf8325aaad8
Instruction Fuzzy Hash: A031AE75104384AFE722CF25CC84F92BFF8EF06210F08859AE9859B292D364E908CB71

Function 05E614FC Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E61599

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 883093c4538c710f793c47beec00e0f1c3a7151e72df07edacf29e26f3e0335a
Instruction ID: ac66daf5a50a4328369a1efcbd1488ae2253452a0545084cc7bf0d83aaffebb0
Opcode Fuzzy Hash: 883093c4538c710f793c47beec00e0f1c3a7151e72df07edacf29e26f3e0335a
Instruction Fuzzy Hash: E52137725043406FE722CF55DC45FA7FBB8EF06320F0488AAE9858B152D334A908CB75

Function 05E629F9 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05E62A88

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 5c115a2919007be84b4b2b797284d720a5651728e2a323429d0b7870afdbb8c0
Instruction ID: d673fbf4b2dacf90307b46591c2fa048d776e1f0fbdaf20360ad730eedba8179
Opcode Fuzzy Hash: 5c115a2919007be84b4b2b797284d720a5651728e2a323429d0b7870afdbb8c0
Instruction Fuzzy Hash: A2215E795093849FEB22CF25DC44B62BFF8EF06254F0984DAE984CB163D275E909CB61

Function 01B5AFC0 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5B055

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 5e8c44492a789b75112b4d67b243334dbaa4af217714f50d289230c909a280c4
Instruction ID: 5187f5096c0316290de5e0e8b5eb1a68ce6e209f565257076fd445c573d4f4a6
Opcode Fuzzy Hash: 5e8c44492a789b75112b4d67b243334dbaa4af217714f50d289230c909a280c4
Instruction Fuzzy Hash: 1C21F8B54053846FE7128B15DD41BA2BFBCEF06324F0985D6ED808B2A3D264AA09C775

Function 01B5A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5A4F8

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 9e5a91ade88ac583922b42ed43486049fdf6a6e2849ef56187bd562e86195827
Instruction ID: c6c252c6791590c3b56273574cefb49fbd339eb96e312e699d87bb9ef9d7c0ce
Opcode Fuzzy Hash: 9e5a91ade88ac583922b42ed43486049fdf6a6e2849ef56187bd562e86195827
Instruction Fuzzy Hash: 0921B0761043846FE7228F65DD44FA7BFBCEF06220F08859AE985DB652C364E908C771

Function 05E60ACA Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05E60B56

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 79e000778ca59dbcec09cf2cba5c4de542ab942e8652df2e2e56c72af50decdd
Instruction ID: a0f0bdc5aa2e6f454fede9223732b71f2902d290012622145cd34acbdc655e7b
Opcode Fuzzy Hash: 79e000778ca59dbcec09cf2cba5c4de542ab942e8652df2e2e56c72af50decdd
Instruction Fuzzy Hash: 6321BD71404380AFE721CF55DD45FA6FFB8EF05224F08889EE9858B652C275A508CB62

Function 05E610A6 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 05E6113A

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: f32591976fdcc01481a95ac70a54734a40b99723e11af2e1895a1db8cd32a974
Instruction ID: 47da3d4b61be57f85d565cd0fdfeb42bd03f060db61c7543eee7aa00a89570d1
Opcode Fuzzy Hash: f32591976fdcc01481a95ac70a54734a40b99723e11af2e1895a1db8cd32a974
Instruction Fuzzy Hash: 3521AD71404384AFE722CB55DD45FA6FFF8EF09224F04889EE9848B652D375B908CB62

Function 01B5AEEA Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 01B5AF69

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: ece3fbb98d1e5d46e5f080764ff2c77a506fdb883a74c8aa8128182c68a1fce7
Instruction ID: 45c377bc2f6ebb089fc653268633054953315497c62c4a40dc69d5f575b18185
Opcode Fuzzy Hash: ece3fbb98d1e5d46e5f080764ff2c77a506fdb883a74c8aa8128182c68a1fce7
Instruction Fuzzy Hash: 4B219FB1500304AFE721DF29DD85B66FBE8EF08220F0489A9EE45DB691D375E408CA71

Function 05E60DFE Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E60E9C

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: fb94a0380c34238b76c5ec9fd8e611c95d26f27c4f7cd461e88b9c6a39060fb5
Instruction ID: cf63430d92dd48e4279bac7ce6da444e28b1b5bbc750850f5ede16c00687db5e
Opcode Fuzzy Hash: fb94a0380c34238b76c5ec9fd8e611c95d26f27c4f7cd461e88b9c6a39060fb5
Instruction Fuzzy Hash: 4621AE76509384AFE722CB15CD44F67BFF8EF45310F08889AE9859B692D364E908CB71

Function 05E60F16 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05E60F87

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 156f97600f000e6c09ed5f70ddece20bae36358ee92037e805599dfa18977fb6
Instruction ID: 3c8ad0ce46d62a1313d483f573872a793cf642c5d5847c6bc75464711f574143
Opcode Fuzzy Hash: 156f97600f000e6c09ed5f70ddece20bae36358ee92037e805599dfa18977fb6
Instruction Fuzzy Hash: A121C272500215AFE720DF69DD49FAABBECEF44224F04886AF944DB641D774E5088AB2

Function 01B5A8C6 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 01B5A945

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 77b2732af753c37511d4b198116e1fddf50a01e2d8d4420fc4a854435e30e52a
Instruction ID: 8931fe4d89e9bee910ac3e56cc5b786a165c69f4f6240d7d68df366b702b5de1
Opcode Fuzzy Hash: 77b2732af753c37511d4b198116e1fddf50a01e2d8d4420fc4a854435e30e52a
Instruction Fuzzy Hash: 8721F276400204AFE7319F29CD44FAAFBECEF04220F04855AEE449B651D734E4088A71

Function 05E62D93 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E62E0F

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 1ae30760aaff97f1e182431d17c21f67ee571bc07bc1833e8c3aefc19f3ddc1a
Instruction ID: dcd7bc2be06540e3e0379ec925ed6c7a3445e40540bdba5a96547266ad3d39de
Opcode Fuzzy Hash: 1ae30760aaff97f1e182431d17c21f67ee571bc07bc1833e8c3aefc19f3ddc1a
Instruction Fuzzy Hash: 6C21D4755043846FE722CF25DC44FAABFB8EF45224F08C4ABE985DB152D274A908CB71

Function 05E62E77 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E62EF3

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 1ae30760aaff97f1e182431d17c21f67ee571bc07bc1833e8c3aefc19f3ddc1a
Instruction ID: 9a004570521cd945b91216584740d47a5618e19e4dc0ecbd51aa2459227739ce
Opcode Fuzzy Hash: 1ae30760aaff97f1e182431d17c21f67ee571bc07bc1833e8c3aefc19f3ddc1a
Instruction Fuzzy Hash: 7121D4755053846FE722CF15DC44FAABFB8EF45224F08C4AAF984DB192D274A908CBB5

Function 01B5B623 Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01B5B6A2

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: f3d0c3557411962dfdb77f149ee11ca4c6f6cfb6263657a151303efcec7c5c48
Instruction ID: 312c0300d56bf850a967d625438ae4514f77983a0826c1b0d4f41a4142209ebd
Opcode Fuzzy Hash: f3d0c3557411962dfdb77f149ee11ca4c6f6cfb6263657a151303efcec7c5c48
Instruction Fuzzy Hash: C72160B25053805FE752CB25DD45B52BFE8EF06214F0984DAE984CB163D274D908CB61

Function 01B5A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 01B5A6B9

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 3c40c41faf67d79a466e33fc21c0c38aad7dca311c215f5388bc2e10a6193028
Instruction ID: d28adf76df9557b77b86d20b64cd501b6461f1dc16adcd57d54a8ef6f486e776
Opcode Fuzzy Hash: 3c40c41faf67d79a466e33fc21c0c38aad7dca311c215f5388bc2e10a6193028
Instruction Fuzzy Hash: 7C21D0756002049FF720CF29DD85BA6FBE8EF04220F0488A9ED459B741D774E808CA71

Function 05E6133D Relevance: 1.6, APIs: 1, Instructions: 72COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E613C0

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 22c6ff1914c3f29c024afbc692409378a33ee1cd3ff2dfe07d9101fd72271922
Instruction ID: 7c5affb7bb96cfde81d0dab705d0f6bcaf2983b0acc275012ebc45e84f5f0cbd
Opcode Fuzzy Hash: 22c6ff1914c3f29c024afbc692409378a33ee1cd3ff2dfe07d9101fd72271922
Instruction Fuzzy Hash: 5E2195714093846FE722CB55DC44B56BFB8EF46224F0884DAE9849B152C378A948C771

Function 05E60862 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E608E1

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: aa1f17b0cac272a21e796cb64ed9f1c12459cd7bba0eb0d805456366bd3ab35d
Instruction ID: bf3bb5b7e70b6f3102895c95a8f63719320fe164166b3690cbd8318a8f43265b
Opcode Fuzzy Hash: aa1f17b0cac272a21e796cb64ed9f1c12459cd7bba0eb0d805456366bd3ab35d
Instruction Fuzzy Hash: 4221A471505384AFE722CF55DD44FA7BFF8EF45314F08889AE9849B552C274A508CB71

Function 01B5A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5A40C

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0df229a2f4113953450bc2dca15e1f50a409d141320d317603980e17d930e15a
Instruction ID: 2b4a7953d8d5ddeb404da650f0a4acbfff4e9c22b5dbbf63706a785b5591337b
Opcode Fuzzy Hash: 0df229a2f4113953450bc2dca15e1f50a409d141320d317603980e17d930e15a
Instruction Fuzzy Hash: E621AE752002049FE721CF69CD88FA6BBECEF04624F04C5AAED459B652D774E908CA71

Function 05E62933 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E629AF

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 36ff55f8dd8896286441784a2b2c71f931b920b40f1b315da9eb3b38c483938e
Instruction ID: 48a3d843a26526621a94b4ddf8623ecce0c6e004b31f9db07370150d875aeb54
Opcode Fuzzy Hash: 36ff55f8dd8896286441784a2b2c71f931b920b40f1b315da9eb3b38c483938e
Instruction Fuzzy Hash: C021F3714093846FE722CF15CC44FA6BFB8EF45314F08C8AAE9849B152C274A908C771

Function 05E616D7 Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05E61756

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: d1e98c63a71c36af4263d220f86614eb5dac20ac5a7f67877260f48027e78899
Instruction ID: 405ab938a957f4030b1f5664538d9ec639b93ff032ca85d022fa3b41472e9241
Opcode Fuzzy Hash: d1e98c63a71c36af4263d220f86614eb5dac20ac5a7f67877260f48027e78899
Instruction Fuzzy Hash: 0F21C5750093809FDB22CF60DC44A62BFF4FF06320F0984DAE9858F162D375A909DB61

Function 05E60AEA Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 05E60B56

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 3f96686d7b8b4b2bfdf6ae0bcb79eedcfd5fa21dc0db13564dea22a69ba6d6d7
Instruction ID: 63960130e9e8ff384c695dc20fcb324b84bc8df762e3b8a33956e3e03188eb8a
Opcode Fuzzy Hash: 3f96686d7b8b4b2bfdf6ae0bcb79eedcfd5fa21dc0db13564dea22a69ba6d6d7
Instruction Fuzzy Hash: 6D219F71500204AFEB21DF55DD49FA6FBE9EF08328F04C86EE9858B651D375A508CB72

Function 05E610C6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 05E6113A

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: aade2faccd79704318cf6cf1624f7ca5876db698f86eb7ede5de081db07108d4
Instruction ID: 414540edbfb1ff3a15966f27deace975768e6fe32b47fd08360f4eb1ec800ff3
Opcode Fuzzy Hash: aade2faccd79704318cf6cf1624f7ca5876db698f86eb7ede5de081db07108d4
Instruction Fuzzy Hash: 7321A171500344AFEB22CF55DD45FAAFBE9EF08224F048459E9858B751D375F508CBA2

Function 01B5BD78 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01B5BDEE

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4eb97b740ea06f1534f77f8d645322aee4ea6bcae214659faf5cbc18f8940169
Instruction ID: 8b12b746933136969deabaccf2d94c1385964f3b5af9b43942ed28a3cb021dd6
Opcode Fuzzy Hash: 4eb97b740ea06f1534f77f8d645322aee4ea6bcae214659faf5cbc18f8940169
Instruction Fuzzy Hash: 3D21A471409380AFDB228F54DD44B62FFF4EF4A310F0988DAED858B163C275A918DB61

Function 01B5A9CE Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(?,00000E24), ref: 01B5AA49

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: MessageSendTimeout
String ID:
API String ID: 1599653421-0
Opcode ID: 874a6b3b6a79106827924ac862096d34597bf6634bfc5da6b8ad9bde1bcbe7c9
Instruction ID: f8a31a68b30e777e811ce6bb49ce424ef54b9bafe9536ad4a8892e4756f461bc
Opcode Fuzzy Hash: 874a6b3b6a79106827924ac862096d34597bf6634bfc5da6b8ad9bde1bcbe7c9
Instruction Fuzzy Hash: 13210231100200AFEB319F24CE44FA6FBA8EF04320F04899AFE459B651C375B508CBB1

Function 05E61A72 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 05E61AFB

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1ca4cf2a0fbcbf978d652c79651a097f29063babd4676b062f3536845851b3db
Instruction ID: c6200395007f42d3bf05a43dc6b431ffb39d150d048658199777bce957f6c18b
Opcode Fuzzy Hash: 1ca4cf2a0fbcbf978d652c79651a097f29063babd4676b062f3536845851b3db
Instruction Fuzzy Hash: 15110671004344AFE721CB15DD85FA6FFB8DF45320F04849AF9449B292D274B948CB72

Function 01B5A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5A4F8

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: caf51cc37495950d8453048e86eeee3a39dab720b2a3c6eb6e919f891f4c6109
Instruction ID: 6e9885c761e35c84a53d5cf5133c9c9f61206a77e854892b174542a64e600066
Opcode Fuzzy Hash: caf51cc37495950d8453048e86eeee3a39dab720b2a3c6eb6e919f891f4c6109
Instruction Fuzzy Hash: D911E176100304AFE7218F25DD44FA6BBECEF04224F04859AED459B741D374E808CAB1

Function 05E60E2A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E60E9C

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 97f2cf0077c49a0c78fb7e136b71a0110e5bbdd16805ea994b67c104097444d6
Instruction ID: 8c941b145661826b8f8434efb9f44f89cdb5dba263baef415c62eb1ad1139ad8
Opcode Fuzzy Hash: 97f2cf0077c49a0c78fb7e136b71a0110e5bbdd16805ea994b67c104097444d6
Instruction Fuzzy Hash: 8311AF76500214AFEB31CF15DD48FA6BBE8EF04664F04C45AE9858B651D774E908CAB1

Function 01B5AE00 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 01B5AE6A

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: 9e95065aa649e2d19d43be39558e797b5d0fd3ea5c0301ee8d0cb6cb0aa14996
Instruction ID: 45dfb622124701b61d4fac803e4376b14d32aa5ca0dbe7e528e1d1bb5c679d28
Opcode Fuzzy Hash: 9e95065aa649e2d19d43be39558e797b5d0fd3ea5c0301ee8d0cb6cb0aa14996
Instruction Fuzzy Hash: FB117F716053809FE761CF29DC85B96BFE8EF45220F0884AAED85DB652D274E908CB61

Function 05E6153A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E61599

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: e03b52e50ac5126f081d2ab8d927af576a1647aa031f39bdc859ac400fff1242
Instruction ID: 54ff6a2b3110f817bf390615d2e5365fa532ec7bab36e4229db2bf19269f0084
Opcode Fuzzy Hash: e03b52e50ac5126f081d2ab8d927af576a1647aa031f39bdc859ac400fff1242
Instruction Fuzzy Hash: CC119076500204AFEB21CF55DD45FAAFBE8EF44324F04C86AE9868B651D774E908CBB1

Function 05E62DB6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E62E0F

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 6ff26eb218f94b36524f220871938d9c7a70700645bf0dcbf25f0565e9498ca9
Instruction ID: 751a97681e120b162192e90d0e0b2684ed03d2d245a3f6f75b4d46bacac2a846
Opcode Fuzzy Hash: 6ff26eb218f94b36524f220871938d9c7a70700645bf0dcbf25f0565e9498ca9
Instruction Fuzzy Hash: 2B1104755002049FEB21CF15DD44BAAB7E8EF44724F08C46AEE45CB641D774E908CAB1

Function 05E62E9A Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E62EF3

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 6ff26eb218f94b36524f220871938d9c7a70700645bf0dcbf25f0565e9498ca9
Instruction ID: c02752a71bd15dfea3884350cde77d6700d8ded10cc6aaf33c5a741c66bb2281
Opcode Fuzzy Hash: 6ff26eb218f94b36524f220871938d9c7a70700645bf0dcbf25f0565e9498ca9
Instruction Fuzzy Hash: 2411EF76500204AFEB21CF15DD44BAAB7A8EF44324F04C86AEE44DB641D774A9088AB5

Function 01B5BAEA Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5BB40

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: d6dd69a42b3a1d0599e73dc688595414b72a0cc4d9b867fc9cd4bb597cb4944c
Instruction ID: 488f3fc7afe30a21303e4a9e2bb9b183cc3aecd8658187be6eeb71449e06b4d4
Opcode Fuzzy Hash: d6dd69a42b3a1d0599e73dc688595414b72a0cc4d9b867fc9cd4bb597cb4944c
Instruction Fuzzy Hash: D611E372500204AFEB61CF19DE45BAAB7DCEF44224F14C4AAFD44CB645D7B8A9088AB1

Function 05E60882 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E608E1

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f140a0f9751c8f11405e8ab4efd016937a386d97eee09c0f2827d0f4cf47089c
Instruction ID: 5726a4ead07cbbd4677c7847e955d42b4f0ddee70712a32cfa1bd730cb2baf44
Opcode Fuzzy Hash: f140a0f9751c8f11405e8ab4efd016937a386d97eee09c0f2827d0f4cf47089c
Instruction Fuzzy Hash: 8711C472500304AFEB21CF55DD48FAAFBE9EF44324F04C8AAE9859B651D374A508CBB1

Function 05E62956 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E629AF

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 0ae1e447a18f1e23c15059e17048e5e38ba88cbbcf3bb345b9510b6b71c682af
Instruction ID: ec026a47fa4bb2ea85bf677041027108d4e9c6ef848116bc40b1c28f4e6ade66
Opcode Fuzzy Hash: 0ae1e447a18f1e23c15059e17048e5e38ba88cbbcf3bb345b9510b6b71c682af
Instruction Fuzzy Hash: 6611C176500304AFE721CF55DD44BAAB7A8EF44324F14C86AEA848B641D674A508CBB5

Function 01B5AC8D Relevance: 1.6, APIs: 1, Instructions: 57comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 01B5ACEC

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 5619f206d3e4440258a107c9dcd6032822e3aec1cd22a4bfe6ef5c2723cc443b
Instruction ID: 0ce39c3ef965d6978b0624b2dfb8bf6e7fa535288d403f79cbd5101559555ce5
Opcode Fuzzy Hash: 5619f206d3e4440258a107c9dcd6032822e3aec1cd22a4bfe6ef5c2723cc443b
Instruction Fuzzy Hash: E41160715093C06FDB128B25DC44B92BFB4DF46220F0884DAED848F193C275A508CB62

Function 05E6136A Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

shutdown.WS2_32(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 05E613C0

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: shutdown
String ID:
API String ID: 2510479042-0
Opcode ID: 708a39a3fbe44cb9e1fbea6e3f93dff028a149fee6c7f96399ca41a3f1c83a02
Instruction ID: 0e99fe0747b14e3857e62c092337c2c6c76e92711f85dcea78dabe77c29dee86
Opcode Fuzzy Hash: 708a39a3fbe44cb9e1fbea6e3f93dff028a149fee6c7f96399ca41a3f1c83a02
Instruction Fuzzy Hash: D9112575940204AFEB21CF15DD84FAAF7ECEF44324F04C4AAED458B641D378A908CAB1

Function 01B5A2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 01B5A330

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 3724ca01a715a140756f9e51829a5f94a447ea84b5fdc5ec2fc6a2ed939680d2
Instruction ID: 87220ae5a06ded9ad2581a43e8d7720365f8e096a0c09fede2eb0e0155e147d3
Opcode Fuzzy Hash: 3724ca01a715a140756f9e51829a5f94a447ea84b5fdc5ec2fc6a2ed939680d2
Instruction Fuzzy Hash: 70118F714093C06FDB238B25DC54B62BFB8DF47224F0980CBED848B263C265A908D772

Function 05E619BD Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

CoGetObjectContext.COMBASE(?,?), ref: 05E61A2F

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ContextObject
String ID:
API String ID: 3343934925-0
Opcode ID: 1be0fbaa842267230de96d777d4a120c343f201ed7f61abb63fb2081d8b907fa
Instruction ID: f6de21bcfc01a52a3b818bb8d8c5eaaa388ecede2d6d37efe437628193383771
Opcode Fuzzy Hash: 1be0fbaa842267230de96d777d4a120c343f201ed7f61abb63fb2081d8b907fa
Instruction Fuzzy Hash: 8D1193754083809FD7128F25DD85B61BFF4EF06320F0984DAD9854F2A3D278A909DB62

Function 05E61A92 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 05E61AFB

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b84d311aadb96892568bd759aa8cebaa01c96fb3581f4ffa003bbdbf492b7889
Instruction ID: cfb58016f8daba220513e64ea8e53e67deb41426139230cdde9664e69a8fc469
Opcode Fuzzy Hash: b84d311aadb96892568bd759aa8cebaa01c96fb3581f4ffa003bbdbf492b7889
Instruction Fuzzy Hash: B7110231500204AEF721DB15DD85FB6F7A9EF44724F14C49AEE444B681D2B4B908CAA2

Function 05E62A32 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 05E62A88

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: e6987588472f46e01643d0171387cf1258398fb09c0e3d3af0976dcc098054c4
Instruction ID: b8f753569d262b0849a8086d8a920adb8fc95c0495b24c06fd08297fdc385e33
Opcode Fuzzy Hash: e6987588472f46e01643d0171387cf1258398fb09c0e3d3af0976dcc098054c4
Instruction Fuzzy Hash: D11163796002009FE720CF55D984B66F7E8EF04254F08C49ADD89CB651D775E508CB61

Function 01B5A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 01B5A0D5

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: cb1323b840ca53179bbf37116358097b7333b9ec4800c00658be46fb9533c844
Instruction ID: f8387a1c7e7c4e1dcfdaa738140591d5003847afea0f0757fc3f24d15edbbe3d
Opcode Fuzzy Hash: cb1323b840ca53179bbf37116358097b7333b9ec4800c00658be46fb9533c844
Instruction Fuzzy Hash: 9A119175509380AFDB22CF15DD44B52FFB4EF46224F0884DAED849B553C275A918CB62

Function 01B5AE22 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 01B5AE6A

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: afa67fbcce30254fc52f7666c304eca63d4cb4338e7b7c88fb7350be96e42de0
Instruction ID: 37f3ceb8973c61ca06f658dd7cc026baace158dffc964da85cdaf269e26f90cb
Opcode Fuzzy Hash: afa67fbcce30254fc52f7666c304eca63d4cb4338e7b7c88fb7350be96e42de0
Instruction Fuzzy Hash: B7118E72A002008FEB64DF29D988B56FBE8EF44620F18C5AAED49DB742D774E404DA61

Function 01B5B65A Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 01B5B6A2

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: afa67fbcce30254fc52f7666c304eca63d4cb4338e7b7c88fb7350be96e42de0
Instruction ID: 2d7304008d4f44a12fa1a748b9e7f7cab9252c12b026c91dc03d69d72007da4a
Opcode Fuzzy Hash: afa67fbcce30254fc52f7666c304eca63d4cb4338e7b7c88fb7350be96e42de0
Instruction Fuzzy Hash: A61165766002409FEB54DF29DA85756FBE8EF44220F08C4AAED45CB742D774E404CB72

Function 01B5B002 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,C0B363B3,00000000,00000000,00000000,00000000), ref: 01B5B055

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 11d9707e0ef83e09787f5163958fc0a8340148243302605dfd5526f91cfef33d
Instruction ID: cc07aec71cf4a80279b59ef25947480f6fa513eacf211b2123503eff4f73b3f4
Opcode Fuzzy Hash: 11d9707e0ef83e09787f5163958fc0a8340148243302605dfd5526f91cfef33d
Instruction Fuzzy Hash: 63010475500304AEE760CF05DE45BAAB798DF44224F08C096ED048B741C378A9088AA1

Function 05E6170A Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05E61756

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 69c231597a7e7d66c9f6cc7041cc10faf624d2d0fb3f03cc483f22ef3059e55a
Instruction ID: ad5fd85931c32624c92c5a7738b761c3890f44b60d7008540d3f5a663d7041c1
Opcode Fuzzy Hash: 69c231597a7e7d66c9f6cc7041cc10faf624d2d0fb3f03cc483f22ef3059e55a
Instruction Fuzzy Hash: DA117C365002009FEB21CF55D944B62FBE9FF09364F08C8AAED858B622D375F418DB62

Function 05E61806 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 05E61856

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 80f3313ab538008473abcc5864d4e4d4d9d5b64d1af263c1b4ff50c3e8a088b5
Instruction ID: 96ccf6e79781743b5a26badf968c8f4386db14754f7db32bd8d3952606b93b9e
Opcode Fuzzy Hash: 80f3313ab538008473abcc5864d4e4d4d9d5b64d1af263c1b4ff50c3e8a088b5
Instruction Fuzzy Hash: 5101B171600200ABD310DF1ACD85B66FBE8EB88B20F14C52AEC089BB41D731F915CBE5

Function 01B5BDAA Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 01B5BDEE

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 867485b8582e2ae50d2bf8e5d3bea6b65f9882389ff98856969c924692e355ac
Instruction ID: 5a2bb4e8c5e1901b64b6ce5a029349b1dd1321ca99f2d9be30e66a2e1bfcc19f
Opcode Fuzzy Hash: 867485b8582e2ae50d2bf8e5d3bea6b65f9882389ff98856969c924692e355ac
Instruction Fuzzy Hash: 900184325007049FDB61CF55DA44B62FBE5EF48320F08C99AEE454B652C375E414DF62

Function 05E60A4E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 05E60A9E

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8eafd31a7a45261b7e8ac9c1e5239db05e3e72db7767481276c7640b80ab6945
Instruction ID: 14c91d85df25b675f5669124cdeff714faa8cfc600759bb5bc17b080175e59ba
Opcode Fuzzy Hash: 8eafd31a7a45261b7e8ac9c1e5239db05e3e72db7767481276c7640b80ab6945
Instruction Fuzzy Hash: 8F018F71500205ABD310DF1ACD86B66FBE8EB88A20F14C11AEC089BB41D771F955CAE6

Function 01B5A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,?,?,?), ref: 01B5A0D5

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: fe30970645f917be6f6c2f5c6c446fc90d9a73df914fa2b9d80e984283cc1e19
Instruction ID: d9cdcfef84179c0441312d3201dbb5cfae309cb0bb2a5f5baeb31a3bf46ff0de
Opcode Fuzzy Hash: fe30970645f917be6f6c2f5c6c446fc90d9a73df914fa2b9d80e984283cc1e19
Instruction Fuzzy Hash: F0019E355002409FEB61CF55D948B61FBE4FF48320F08C59AED499B652D375E408CBA2

Function 01B5ACBA Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 01B5ACEC

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 5d7cbd1dff7a5e21a9c244c821eede342441f8812e9de73bf71e90fdff799809
Instruction ID: 22ba986074f58b931aed92ce8151487f10c5e85e4194c111ded911bee64af13d
Opcode Fuzzy Hash: 5d7cbd1dff7a5e21a9c244c821eede342441f8812e9de73bf71e90fdff799809
Instruction Fuzzy Hash: 3601FD719002448FEB10DF29D988761FBE4EF44220F08C5EADD489F342D378A408CAA2

Function 05E619FA Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

CoGetObjectContext.COMBASE(?,?), ref: 05E61A2F

Memory Dump Source

Source File: 00000001.00000002.4231148596.0000000005E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5e60000_lsass.jbxd

Similarity

API ID: ContextObject
String ID:
API String ID: 3343934925-0
Opcode ID: 4431a68a201d6c41b158e3e23ed2cd077bbd6bb2db1cac7d0283a74118fb1857
Instruction ID: 9c0b31a83645f461f127305218b3f5c2821265f1e2707bfaecbee814487fda7a
Opcode Fuzzy Hash: 4431a68a201d6c41b158e3e23ed2cd077bbd6bb2db1cac7d0283a74118fb1857
Instruction Fuzzy Hash: BCF08179904340DFEB11CF05DA88B61FBE5FF44764F08C09ADD894B752D279E408CAA2

Function 01B5A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 01B5A330

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: f8777e8bb0703a438c234ef2ed1ee0c92c36677f27a159c2d5c5f8969c63bd55
Instruction ID: 282a8cc4a60837253cd65546ad22720a6f7b7572c9d2beec5a963341918ebb30
Opcode Fuzzy Hash: f8777e8bb0703a438c234ef2ed1ee0c92c36677f27a159c2d5c5f8969c63bd55
Instruction Fuzzy Hash: 3CF08C359042408FEB508F19E988761FBE4EF44324F08C1DADD495B752D3B9A408CAA2

Function 01B5B90C Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 01B5B978

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 8f3297a963fcbbc5d6ef0f0e452d2b8ed939a9f36b1aae0b300dc8950e5c3b79
Instruction ID: d276a19b1da887b8ca278b1b924785a8a4c62fa29661673d5c81d844724a820b
Opcode Fuzzy Hash: 8f3297a963fcbbc5d6ef0f0e452d2b8ed939a9f36b1aae0b300dc8950e5c3b79
Instruction Fuzzy Hash: 6D21AE7250D3C05FEB128B25DD54792BFB4AF07324F0984DAED858F663D264A908CB62

Function 01B5A710 Relevance: 1.3, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 01B5A780

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 14eaa2c3c058bf43da2125349ff20c78c7d2467c101d8515a08f6e6d75de41ea
Instruction ID: da6ba54354973531e3c53dea8479292c1647b9dc8c9e91bbc30dcd8fd68d2989
Opcode Fuzzy Hash: 14eaa2c3c058bf43da2125349ff20c78c7d2467c101d8515a08f6e6d75de41ea
Instruction Fuzzy Hash: 4811D3B55043809FD711CF69DD85B62BFB8EF02320F0984ABED859B293D335A909CB61

Function 01B5B946 Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 01B5B978

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: be5ea204054c87338468c3acef40a8421a0bdea561f4c2a58651b77e562d3c13
Instruction ID: 00d9c180eafa1348b6367bb27aee3cfcdb208d1abbadc34ccaabdc3b182df10c
Opcode Fuzzy Hash: be5ea204054c87338468c3acef40a8421a0bdea561f4c2a58651b77e562d3c13
Instruction Fuzzy Hash: AF01D4755042008FDB50CF19DA88756FBE4EF44220F08C0EADD498B742C774E408CFA2

Function 01B5A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?), ref: 01B5A780

Memory Dump Source

Source File: 00000001.00000002.4228879768.0000000001B5A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B5A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b5a000_lsass.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 7b0d79ea25d02d3a5fe485b0f163f91c9d035a1f2efbf022df39d2a15658e56e
Instruction ID: 7fe69777e0b3ec2400c9f2a3c89e5384281b4dd606de2a6555d30cfe00ae533b
Opcode Fuzzy Hash: 7b0d79ea25d02d3a5fe485b0f163f91c9d035a1f2efbf022df39d2a15658e56e
Instruction Fuzzy Hash: 1701D4755002008FEB50CF29E988765FBE4EF44220F08C5EBDD469B742D778E404CEA1

Function 03601335 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4229464077.0000000003601000.00000040.00000020.00020000.00000000.sdmp, Offset: 03601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_3601000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ee5ef7ef50e452063688d39d38411db745a6dd47f157d1563ed8e42a757c8fa
Instruction ID: d185d227d891c43125d3d8f2c432c77f9f5c17bb73e1f21ddbd675134a436c51
Opcode Fuzzy Hash: 2ee5ef7ef50e452063688d39d38411db745a6dd47f157d1563ed8e42a757c8fa
Instruction Fuzzy Hash: C431293514E3C58FC70B8B70C961652BFB1AF47314F1D85DBD4848B6A3D66A9C06CB62

Function 0360136C Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4229464077.0000000003601000.00000040.00000020.00020000.00000000.sdmp, Offset: 03601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_3601000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6133b7fa7dece0919e2db23bc1450ab2e8e44c77cf0257e68acc61302c79bbf5
Instruction ID: 1a9465ba5d15a224abc848e8cf70a114971f688e0a5c5bc0f90a92eb67ff3bad
Opcode Fuzzy Hash: 6133b7fa7dece0919e2db23bc1450ab2e8e44c77cf0257e68acc61302c79bbf5
Instruction Fuzzy Hash: 90110638244280DFC319CB20D645B27F7D5EB8A708F28C59CE5494BB92C77BD803CA51

Function 063E219D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4231434915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_63e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3735f607f6f9365cb73a3e1bb4139739b9f4ac14fcc1200da139d4f909a3857b
Instruction ID: 5d043a16790889c009e52c2b9e8735070de3bee461b62e3722315a483340fa63
Opcode Fuzzy Hash: 3735f607f6f9365cb73a3e1bb4139739b9f4ac14fcc1200da139d4f909a3857b
Instruction Fuzzy Hash: 6411DAB5908301AFD340CF19D981A5BFBE4FB88664F04895EF998D7311D335EA048FA2

Function 063E2038 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4231434915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_63e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55e6079ece3da7ec71a0c10b3974f44e232737709f2268a2085a6790eb05c89e
Instruction ID: 34945ffe8f27e0d2d12076ecb62256f2794e66cfe86831a8626db5d59858bdcd
Opcode Fuzzy Hash: 55e6079ece3da7ec71a0c10b3974f44e232737709f2268a2085a6790eb05c89e
Instruction Fuzzy Hash: 1011FAB5908301AFD350CF09DD85E5BFBE8EB88660F04C81EF99897311D271E9088FA2

Function 01B6B2E8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4228986510.0000000001B6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b6a000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76224ca29b45930fa1a907f9bd67dbd6ddc7a9f6085c8006ea92624d48186462
Instruction ID: 3c444f373c7c804278253e8af84542d9bed7570db6ede7cbec66db81a923f098
Opcode Fuzzy Hash: 76224ca29b45930fa1a907f9bd67dbd6ddc7a9f6085c8006ea92624d48186462
Instruction Fuzzy Hash: 3D11FAB5A08301AFD350CF09DD45E5BFBE8EB88660F04C91EF99897311D271E9088FA2

Function 0360104A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4229464077.0000000003601000.00000040.00000020.00020000.00000000.sdmp, Offset: 03601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_3601000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7170b843ac5e1aa7230222bc63d3e973c515276e3a2cbc03d93d67df0817b4c
Instruction ID: bb4c02a9a9a6e54eab69d839923ddd45bfda9f092fe27ca9e11ede1dc3591183
Opcode Fuzzy Hash: d7170b843ac5e1aa7230222bc63d3e973c515276e3a2cbc03d93d67df0817b4c
Instruction Fuzzy Hash: 5901F9B64493805FC7128F15EC40893BFF8EF4623070984ABEC88CB612D129B909CB72

Function 03601428 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4229464077.0000000003601000.00000040.00000020.00020000.00000000.sdmp, Offset: 03601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_3601000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e86483557dd7da402352a38d8c23262ea7f2be1902b6c4ab915b814faf957ce1
Instruction ID: f9bf10e58a5693ea50948240ea74cc12c8f10e0273163e399dfa3e9cb5f6bb88
Opcode Fuzzy Hash: e86483557dd7da402352a38d8c23262ea7f2be1902b6c4ab915b814faf957ce1
Instruction Fuzzy Hash: 6EF01D39144644DFC306CB50D541B16FBA6EB89718F24CAADE94907B62C737D813DA81

Function 0360106E Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4229464077.0000000003601000.00000040.00000020.00020000.00000000.sdmp, Offset: 03601000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_3601000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ba88b7740394a2ecd167ae2ece73ce1e09f5abf8f4f0954ab3f49f14260f997
Instruction ID: 63f5c4419d43743f059666e4089b8c3f5af44fa5b7fb480b2cd30db2054ba70f
Opcode Fuzzy Hash: 1ba88b7740394a2ecd167ae2ece73ce1e09f5abf8f4f0954ab3f49f14260f997
Instruction Fuzzy Hash: 4BE092B66006044B9750CF0AFD45452F7D8EB88630B18C07FDC0D8B701D679B508CAA6

Function 063E1AAB Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4231434915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_63e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d39759c2e9773c684bd194029f047a6cc188a8b359fd0c6e1b12a082da4e2836
Instruction ID: e3c0f66f5e46287654314947c84a854935149a3ed7dc63d5e55be38db9568307
Opcode Fuzzy Hash: d39759c2e9773c684bd194029f047a6cc188a8b359fd0c6e1b12a082da4e2836
Instruction Fuzzy Hash: 71E0D8B250020067D210DE06AD4AF53FBDCDB40A30F04C45BED085B701D176B614C9E5

Function 063E2087 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4231434915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_63e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 871d4cdb7abf3c1eecf56c585c51debc54e90fdce3d2907d4f7adfa57abeed37
Instruction ID: 6ad8ec05cc1a8ed1a1aea8614a7bd87835b80f29c1e306b6ad90055437d25836
Opcode Fuzzy Hash: 871d4cdb7abf3c1eecf56c585c51debc54e90fdce3d2907d4f7adfa57abeed37
Instruction Fuzzy Hash: C5E0D8B250020467D2509E06AD46F53FBDCDB40A30F04C457ED085B702E176B60489F5

Function 063E21FF Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4231434915.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_63e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e132df72c28311e6a8771a26584502446761ace72c7cb7fe46e82a6f04a7c5
Instruction ID: 4911a81eb6cdf3b53f7147181b62fa6b5c6f505b919773aec5363bbb849d7c84
Opcode Fuzzy Hash: c2e132df72c28311e6a8771a26584502446761ace72c7cb7fe46e82a6f04a7c5
Instruction Fuzzy Hash: C1E0D8B254020067D3108E06AD46F52FBDCDB44A30F04C467ED085B741D175B61489E5

Function 01B6B337 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4228986510.0000000001B6A000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B6A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b6a000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b59c8268ccadaf11dc8be3513826c5857479739a8c3c163962c8ac7f103e05f6
Instruction ID: 8fe3cf553ca0d7deccc791c770010edfa95d385baf630c0c0a1c7b7f59313605
Opcode Fuzzy Hash: b59c8268ccadaf11dc8be3513826c5857479739a8c3c163962c8ac7f103e05f6
Instruction Fuzzy Hash: 08E0D8B254020467D3108E06AD46F52F7DCDB40A30F04C557ED085B741D175B50489F5

Function 01B523F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4228851299.0000000001B52000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B52000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b52000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 339c714e02b0505b7186b4affa4576919295271a47d13226df0bd621ffbb9ba2
Instruction ID: b1b0141915c7e93efd54de802e19b4076caa18271684219c4459baf4741fed82
Opcode Fuzzy Hash: 339c714e02b0505b7186b4affa4576919295271a47d13226df0bd621ffbb9ba2
Instruction Fuzzy Hash: 19D05E792067D18FE32A9F1CC6A5B953FE4BB51714F4A44F9AD00CB763C768D581D600

Function 01B523BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.4228851299.0000000001B52000.00000040.00000800.00020000.00000000.sdmp, Offset: 01B52000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1b52000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3130fbb4dff0e364d9d7834003b9ec76ce994c908fa8aaad9821c723422b6793
Instruction ID: 0b9484d489387e2d710599d6c32f06f0265c29cbffcb93fbe03e45be1834dd85
Opcode Fuzzy Hash: 3130fbb4dff0e364d9d7834003b9ec76ce994c908fa8aaad9821c723422b6793
Instruction Fuzzy Hash: 4FD05E343412818FE729DF0CC6D4F593BD4AF44B15F0644F8AC108B762C7A8D9C0DA00

Analysis Process: lsass.exePID: 5952, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	8.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	12
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 05680258 Relevance: 6.5, Strings: 5, Instructions: 278
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=\=k^, xrefs: 056803B2, 056803B7
2k, xrefs: 056803C1
M\=k^, xrefs: 0568034F, 05680354
2k, xrefs: 05680363
-\=k^, xrefs: 05680415, 0568041A

Memory Dump Source

Source File: 00000007.00000002.2085487994.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5680000_lsass.jbxd

Similarity

API ID:
String ID: -\=k^$2k$2k$=\=k^$M\=k^
API String ID: 0-390800236
Opcode ID: e2cd2b8b9b35d9faf5defb2df1440c3e926955e21c4ac06c9f0fde5ea4ffedfb
Instruction ID: 54c394feb9e0d58c27d5cac717dda5563c834a7b092d08ce51cbe8bd3f5bba29
Opcode Fuzzy Hash: e2cd2b8b9b35d9faf5defb2df1440c3e926955e21c4ac06c9f0fde5ea4ffedfb
Instruction Fuzzy Hash: 8BB1AF34700204CFEB19EB35D459A6D77A3FB8A318B10446EDA069B390DF79AC4BCB61

Function 0568024B Relevance: 6.5, Strings: 5, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=\=k^, xrefs: 056803B2, 056803B7
2k, xrefs: 056803C1
M\=k^, xrefs: 0568034F, 05680354
2k, xrefs: 05680363
-\=k^, xrefs: 05680415, 0568041A

Memory Dump Source

Source File: 00000007.00000002.2085487994.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5680000_lsass.jbxd

Similarity

API ID:
String ID: -\=k^$2k$2k$=\=k^$M\=k^
API String ID: 0-390800236
Opcode ID: b86a587b65c02e203015f3dcee1c4f46e512e05ac4b967c7326d5ac9a91b082f
Instruction ID: f85e009f9394492158abe6fda365c040d3ed13e93eb4a145d5fd5423d0424f10
Opcode Fuzzy Hash: b86a587b65c02e203015f3dcee1c4f46e512e05ac4b967c7326d5ac9a91b082f
Instruction Fuzzy Hash: 40B19D34B00205CFE719EB35D459A6D77A3FB8A318B10446EDA069B390DF79AC4ACB61

Function 056802A5 Relevance: 6.5, Strings: 5, Instructions: 251
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

=\=k^, xrefs: 056803B2, 056803B7
2k, xrefs: 056803C1
M\=k^, xrefs: 0568034F, 05680354
2k, xrefs: 05680363
-\=k^, xrefs: 05680415, 0568041A

Memory Dump Source

Source File: 00000007.00000002.2085487994.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5680000_lsass.jbxd

Similarity

API ID:
String ID: -\=k^$2k$2k$=\=k^$M\=k^
API String ID: 0-390800236
Opcode ID: 1923ad79d3f3012590ce897c9a96a2eab54264e60de5a4a81b3e164d55f16a95
Instruction ID: ecc84cd97bb4130bb98f905052695b664ecdd9508b135814740b636f7a989f26
Opcode Fuzzy Hash: 1923ad79d3f3012590ce897c9a96a2eab54264e60de5a4a81b3e164d55f16a95
Instruction Fuzzy Hash: 40A1AE34B00200CFEB19EB34D459A6D77A3EB8A318B10446EDA069B391DF799C4BCB61

Function 013EA612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 013EA6B9

Memory Dump Source

Source File: 00000007.00000002.2082253221.00000000013EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13ea000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: ad754b52907c419fa4484cbcdfafe2bee447784d58c95d442f6bb497171cf810
Instruction ID: 68255c7169ec090fdf700f827410f504be85e3a5d8101024a759e9694ccc24dc
Opcode Fuzzy Hash: ad754b52907c419fa4484cbcdfafe2bee447784d58c95d442f6bb497171cf810
Instruction Fuzzy Hash: 3D31B3755093805FE712CB25DC85B96BFF8EF06214F08849AE984CB293D374E909CB71

Function 013EA361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,AD2E5C02,00000000,00000000,00000000,00000000), ref: 013EA40C

Memory Dump Source

Source File: 00000007.00000002.2082253221.00000000013EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13ea000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: bb1dbddddecf7216eccc487798b326591415bee1db3d2de1d73bb10034a28193
Instruction ID: 8e6e5a3d35680a5bb5bd2494f72d29ac9ce65f694c2384ad9a9f1e67e1768a5b
Opcode Fuzzy Hash: bb1dbddddecf7216eccc487798b326591415bee1db3d2de1d73bb10034a28193
Instruction Fuzzy Hash: C4319175504784AFE722CF15CC88FA6BFF8EF06214F08849AE945CB292D364E909CB71

Function 013EA462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,AD2E5C02,00000000,00000000,00000000,00000000), ref: 013EA4F8

Memory Dump Source

Source File: 00000007.00000002.2082253221.00000000013EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13ea000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: b6bd4fc46b69baacda17c52de5890fd540f0eb3533fc18da667552cc0e0913cb
Instruction ID: 3c3e09a9d42708784bcdd7ac732b206fe9634900d4893be644afe79ab4f20f7d
Opcode Fuzzy Hash: b6bd4fc46b69baacda17c52de5890fd540f0eb3533fc18da667552cc0e0913cb
Instruction Fuzzy Hash: 2721B076104384AFE7228F15CC44FA7BFF8EF46214F08849AE985DB692C364E908CB71

Function 013EA646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 013EA6B9

Memory Dump Source

Source File: 00000007.00000002.2082253221.00000000013EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13ea000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 04be155f8596c258666f8525497ef4c1ffba469280eb5d65696f2fcc2c8ffdd5
Instruction ID: 138d3681ae5e267c4caf3345caa4ce658023dcf83c88229076a59b6e029e8682
Opcode Fuzzy Hash: 04be155f8596c258666f8525497ef4c1ffba469280eb5d65696f2fcc2c8ffdd5
Instruction Fuzzy Hash: DD21D4756003049FF720DF29DD89BA6FBE8EF44224F048869E945CB782D374E909CA71

Function 013EA392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,AD2E5C02,00000000,00000000,00000000,00000000), ref: 013EA40C

Memory Dump Source

Source File: 00000007.00000002.2082253221.00000000013EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13ea000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: b6af9da2a171c238f334b2b79726dc6fd5582121d4a75c2632efb95dddc6dd69
Instruction ID: 23f8cde1b9b87dcb7942c84ea5bb6175f20bea4a61e0457ad2842c67d14cd051
Opcode Fuzzy Hash: b6af9da2a171c238f334b2b79726dc6fd5582121d4a75c2632efb95dddc6dd69
Instruction Fuzzy Hash: 09218E756003049FE721CF19CD88FA6BBECEF04624F04C46AE9459B791D774E909CA71

Function 013EA486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,AD2E5C02,00000000,00000000,00000000,00000000), ref: 013EA4F8

Memory Dump Source

Source File: 00000007.00000002.2082253221.00000000013EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13ea000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 77534da5a4cfa8f9162d729171493f91e4b311813ca6ea29d9ed20ada0711c19
Instruction ID: fab689603d38554a2392586220035a0a5484dfa894b5783fa5ea7ba5eb4b185f
Opcode Fuzzy Hash: 77534da5a4cfa8f9162d729171493f91e4b311813ca6ea29d9ed20ada0711c19
Instruction Fuzzy Hash: E811BE76500304AFEB218F15DD49FA6BBECEF04624F04845AED459BB82D774E808CAB1

Function 05680080 Relevance: .1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2085487994.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5680000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eb2bc779659f294571194eba3627cf38dbfba2858e69bc35853b56b6b5b2ef2
Instruction ID: ba9ed57728cb1816942dd4fee92f1e636d36cc1194bee4c69085e143027202bc
Opcode Fuzzy Hash: 7eb2bc779659f294571194eba3627cf38dbfba2858e69bc35853b56b6b5b2ef2
Instruction Fuzzy Hash: 8A414470605242CFD704EB38E55988EB7E2FF8520CB50886ED2454B669DF7C6D4BCB92

Function 02E01048 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2082617033.0000000002E01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2e01000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9092571c124685529ba112f01fe09da0c512ba0f8ab8ac3d5b095beca568493a
Instruction ID: 1d7bfb07eef47700e1031679ebd4dd8c7c14964cb5721c81e21a20934dcd45e1
Opcode Fuzzy Hash: 9092571c124685529ba112f01fe09da0c512ba0f8ab8ac3d5b095beca568493a
Instruction Fuzzy Hash: 2701D6B65093846FD7018B15AC54862FFB8DF86620708C49FE849CB652D125A808C772

Function 0568001D Relevance: .0, Instructions: 38
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2085487994.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_5680000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc693a9497a8abff08b9c04b868bc0b6c100472996fafe40093aafccceb5041a
Instruction ID: cbe2824faa5272fec3147080d4712507fdc57ff80a07eb90b04b5bc824263f03
Opcode Fuzzy Hash: cc693a9497a8abff08b9c04b868bc0b6c100472996fafe40093aafccceb5041a
Instruction Fuzzy Hash: 28F0DFA684F3C24FD34347B04C65A813FB4AE23211B0F85DBC480CB1A3E24849098723

Function 02E0106E Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2082617033.0000000002E01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E01000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2e01000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a58308a73070dbd45726c317c3fb348be0850cdb6104e9d72874950a7ae023c
Instruction ID: 8d1ebc6df430c62cab1bb385a3759ca82106aa31bae4633e58d2cbe53d333ec9
Opcode Fuzzy Hash: 4a58308a73070dbd45726c317c3fb348be0850cdb6104e9d72874950a7ae023c
Instruction Fuzzy Hash: E3E092B66006044B9650CF0AED45462F7D8EB88630748C07FDC0D8B701D635B908CAA5

Function 013E23F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2082237962.00000000013E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13e2000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c0a203f29441ebb4a52a26aaec38f255aab03440bf253678539bd322866e13
Instruction ID: 0fbda62c6b9021773c27cdd084946c19b173c3d53067d9feb28b0b7959238e94
Opcode Fuzzy Hash: 99c0a203f29441ebb4a52a26aaec38f255aab03440bf253678539bd322866e13
Instruction Fuzzy Hash: B9D05E792057E14FE3269F1CC6A8B963BE8BB51718F4A44F9A800CB7A3C768D581DA00

Function 013E23BC Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000007.00000002.2082237962.00000000013E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 013E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_13e2000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84b4b1cdb0ebfbf319871893c6210049eef8fd294a5bb37d3a8d9545a761f7ce
Instruction ID: 794a7f2ac5e63c1f2552ff76848688db7eca2f39483cfc93e16c80f1ebe0549f
Opcode Fuzzy Hash: 84b4b1cdb0ebfbf319871893c6210049eef8fd294a5bb37d3a8d9545a761f7ce
Instruction Fuzzy Hash: 57D05E343403818BD725DE0CC6D8F5A3BD8AF40B19F1A44E8AC108B7A2C7A8D9C0DE00

Analysis Process: lsass.exePID: 4364, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	12
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 057B0258 Relevance: 2.8, Strings: 2, Instructions: 278
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 057B03C1
2k, xrefs: 057B0363

Memory Dump Source

Source File: 00000008.00000002.2164231800.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_57b0000_lsass.jbxd

Similarity

API ID:
String ID: 2k$2k
API String ID: 0-107389494
Opcode ID: 2aae860126bc566ade81b4e92fc300941daa29c1e3858976ba9538b2fc1fb528
Instruction ID: db41e15d0ec14a60d660c026495cf739b47a3bc66400618f6f822d189f6cb2b9
Opcode Fuzzy Hash: 2aae860126bc566ade81b4e92fc300941daa29c1e3858976ba9538b2fc1fb528
Instruction Fuzzy Hash: 83B19138B002008FDB55DB75D4596ED77E3EFCA318B209469D8069B390EF7A9C86CB61

Function 057B024B Relevance: 2.8, Strings: 2, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 057B03C1
2k, xrefs: 057B0363

Memory Dump Source

Source File: 00000008.00000002.2164231800.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_57b0000_lsass.jbxd

Similarity

API ID:
String ID: 2k$2k
API String ID: 0-107389494
Opcode ID: 1be94e2d50f683811f1b40c86028de87b8a5e71a4b7d5bd382e5b869dcbd4433
Instruction ID: b4c85a2d567f56d60421c1ae51a608480ea83055b7cf471576f20d3f8c959104
Opcode Fuzzy Hash: 1be94e2d50f683811f1b40c86028de87b8a5e71a4b7d5bd382e5b869dcbd4433
Instruction Fuzzy Hash: D6B1A238B002008FDB55DB75D4596EE77E3EBCA314B209469D8069B390EF7A9C87CB61

Function 057B02A5 Relevance: 2.8, Strings: 2, Instructions: 251
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 057B03C1
2k, xrefs: 057B0363

Memory Dump Source

Source File: 00000008.00000002.2164231800.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_57b0000_lsass.jbxd

Similarity

API ID:
String ID: 2k$2k
API String ID: 0-107389494
Opcode ID: bace3ea13c2636feeca37f3e814825ba22c8d8d56636afa1cbf0a29230514394
Instruction ID: c1af034beae09733c1c4a55f5a986b9fa9d04ab08a0338aef8a96e4dda734235
Opcode Fuzzy Hash: bace3ea13c2636feeca37f3e814825ba22c8d8d56636afa1cbf0a29230514394
Instruction Fuzzy Hash: 50A17F38B402008FDB59DB75D0596ED77E3EBCA318B209469D8069B390EF799C87CB61

Function 02EBA612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 02EBA6B9

Memory Dump Source

Source File: 00000008.00000002.2163513163.0000000002EBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eba000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 3182d2701846122d12900821ee1b3f1f0a360afc1b0eabeb9cb5e34fa08589c4
Instruction ID: c7c9937310a8c989cb358f56e2fcadb3f2eba7db31d6a4969a9aa18280adcb0d
Opcode Fuzzy Hash: 3182d2701846122d12900821ee1b3f1f0a360afc1b0eabeb9cb5e34fa08589c4
Instruction Fuzzy Hash: A531C7B55093805FE722CB25DC45B96BFF8EF06214F0884AAE944CF292D374E909C771

Function 02EBA361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,A4E595BD,00000000,00000000,00000000,00000000), ref: 02EBA40C

Memory Dump Source

Source File: 00000008.00000002.2163513163.0000000002EBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eba000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: e1b7e7e9a493f81448bd17cb42ce8be2a7c2d38c4c0cadcd12f04b42cecb159f
Instruction ID: 79ef479b71674a4b29a038313f0ef36dcf1086744fe794f95615a60f42329a73
Opcode Fuzzy Hash: e1b7e7e9a493f81448bd17cb42ce8be2a7c2d38c4c0cadcd12f04b42cecb159f
Instruction Fuzzy Hash: B9319175505784AFE722CF15CC84F97BBF8EF06214F0884AAE985CB292D324E949CB71

Function 02EBA462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,A4E595BD,00000000,00000000,00000000,00000000), ref: 02EBA4F8

Memory Dump Source

Source File: 00000008.00000002.2163513163.0000000002EBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eba000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: ebb7741aceb4d1cd79b4d803f573edc66f6465869b7ddb1c52ce46381de5b250
Instruction ID: 37f0c16465a960b5006423796bfea2218fbc80e834d57255bd578cc87095b6f0
Opcode Fuzzy Hash: ebb7741aceb4d1cd79b4d803f573edc66f6465869b7ddb1c52ce46381de5b250
Instruction Fuzzy Hash: 4B21C1B65053846FDB228F51CC44FA7BFBCEF46214F08849AE985CB652D364E948CB71

Function 02EBA646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 02EBA6B9

Memory Dump Source

Source File: 00000008.00000002.2163513163.0000000002EBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eba000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: b7c1685a0a4a14fdb5b8a29497554a34d8048c3bc3d8de05b9ef2accefc63418
Instruction ID: 1238af11abef33edf7b5275e7d6ee2adb2b254c07b2e4f5dbc68f36fcad881aa
Opcode Fuzzy Hash: b7c1685a0a4a14fdb5b8a29497554a34d8048c3bc3d8de05b9ef2accefc63418
Instruction Fuzzy Hash: 4921C2B56002049FEB21CF25DD85BAAFBE8EF04224F04C869E944CB741D374E909CA71

Function 02EBA392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,A4E595BD,00000000,00000000,00000000,00000000), ref: 02EBA40C

Memory Dump Source

Source File: 00000008.00000002.2163513163.0000000002EBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eba000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 32d0554bbd1675fc2e80e201b700d880c31342938227132fdd92d1fb495476fc
Instruction ID: 0e2a9122237f21e44769b789a5dcbae5bcb9dc4f24c8297499b5dca0fb6443b4
Opcode Fuzzy Hash: 32d0554bbd1675fc2e80e201b700d880c31342938227132fdd92d1fb495476fc
Instruction Fuzzy Hash: 52215B756002049FEB21CF15DD88FA7B7E8EF04624F04C46AE9458B751D774E909CA71

Function 02EBA486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,A4E595BD,00000000,00000000,00000000,00000000), ref: 02EBA4F8

Memory Dump Source

Source File: 00000008.00000002.2163513163.0000000002EBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EBA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eba000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: ce6bc73ea2eab525883f2ab356fc01cabd6b08135b8c3220297fcb6c4b26e3cc
Instruction ID: f6c52dea30ca22b0c2fa9dcbe4eb6d3c63f086390475f489e2f5ca18d30a64b1
Opcode Fuzzy Hash: ce6bc73ea2eab525883f2ab356fc01cabd6b08135b8c3220297fcb6c4b26e3cc
Instruction Fuzzy Hash: 5911ACB6500304AFEB228F15DD45FABBBECEF04624F04C46AED458A751D374E948CAB2

Function 057B0080 Relevance: .1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2164231800.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_57b0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d2a615a25234c4a309042968e6cde6a223eeb9e49f60e981df52ddb04e5d5e2
Instruction ID: 2df125d79c4450b4d645f61f8459cf7d27efafc97d407cd00ee1db5e19b9a3a2
Opcode Fuzzy Hash: 7d2a615a25234c4a309042968e6cde6a223eeb9e49f60e981df52ddb04e5d5e2
Instruction Fuzzy Hash: C341B6786051418FCB40DB74E5AD8C9B7E2EFC5248B50D968E0444B624FF3C6D8BCBA2

Function 057B001D Relevance: .1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2164231800.00000000057B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_57b0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a8debcf5b16bab7843ea8d3c731396331d1cc442b78fcabf309f1605c8f7f16
Instruction ID: 9e5bfe0dd080df9d702a7bd1316d9621f5b949fa9ac1a1b8706455f44da30c2b
Opcode Fuzzy Hash: 1a8debcf5b16bab7843ea8d3c731396331d1cc442b78fcabf309f1605c8f7f16
Instruction Fuzzy Hash: DB019D5244E3C04FDB435BB84CB9AE23FB5AD5721074E45C7C884CF5A7E148981AE322

Function 03001048 Relevance: .0, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2163828017.0000000003001000.00000040.00000020.00020000.00000000.sdmp, Offset: 03001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_3001000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6f5df888455aed79a10d943789cd0d764442cc8774d372d1ffb91a2fc29062a
Instruction ID: f8ee23e0842f42c77f3598b919d5e664da626a3b9261a466c56e36d101d04e50
Opcode Fuzzy Hash: e6f5df888455aed79a10d943789cd0d764442cc8774d372d1ffb91a2fc29062a
Instruction Fuzzy Hash: 270186B65093806FD7128F15AC44862FFF8EF8663070984DFEC49CB652D229A908CB72

Function 0300106E Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2163828017.0000000003001000.00000040.00000020.00020000.00000000.sdmp, Offset: 03001000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_3001000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f32d5fb65f82d91fa86aa3e91864edcba1cfe2a17babf78826dfde4c80f168e
Instruction ID: 6e97aaabd713403c1e24553365c1c7d91d0710c06773be2080412add3fa58724
Opcode Fuzzy Hash: 2f32d5fb65f82d91fa86aa3e91864edcba1cfe2a17babf78826dfde4c80f168e
Instruction Fuzzy Hash: 9AE092B6A006044B9650CF0AEC45452F7D8EB88630708C07FDC0D8B711D639B908CEA6

Function 02EB23F4 Relevance: .0, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2163485459.0000000002EB2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eb2000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7221b8ce5b957205aee309edd8ffbf8c67e6be4e8b04eccb93cf6297cd8d3e4f
Instruction ID: 27e6a263d7fc9e002115086afa83530876fa623cc4570bfe42eed956fb860051
Opcode Fuzzy Hash: 7221b8ce5b957205aee309edd8ffbf8c67e6be4e8b04eccb93cf6297cd8d3e4f
Instruction Fuzzy Hash: 9FD0C7392406804ED3268A0CC6A4BC63B94AF40708F0A84B9AC008BB62C728D480E200

Function 02EB23BC Relevance: .0, Instructions: 14
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.2163485459.0000000002EB2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_2eb2000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42b704243804d83cb110b84191595ccdc01e3bac4addd4f130d2f48fb07bce88
Instruction ID: 204fd64ea76f950c17b2fa9a5e93c802e0aba15c97b0d4dff7bd07b1b8d446ac
Opcode Fuzzy Hash: 42b704243804d83cb110b84191595ccdc01e3bac4addd4f130d2f48fb07bce88
Instruction Fuzzy Hash: 20D05E343802824BC726DE0CD6D4F9A37D4AF44B19F0684E8AC108B762C7A8D9C0DA00

Analysis Process: lsass.exePID: 280, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	9.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	19
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 059E0258 Relevance: 6.5, Strings: 5, Instructions: 278
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 059E03C1
M\mi^, xrefs: 059E034F, 059E0354
2k, xrefs: 059E0363
-\mi^, xrefs: 059E0415, 059E041A
=\mi^, xrefs: 059E03B2, 059E03B7

Memory Dump Source

Source File: 00000009.00000002.2248221047.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_59e0000_lsass.jbxd

Similarity

API ID:
String ID: -\mi^$2k$2k$=\mi^$M\mi^
API String ID: 0-282747480
Opcode ID: 4143b788b0b4314b31680e827aee28a29bd1f225e32ce2dc0bcfe6efedd69100
Instruction ID: 97b562f57ed59a46b5fe59deb7d10956a3cd20b042a066ae3286ef26b400a4a8
Opcode Fuzzy Hash: 4143b788b0b4314b31680e827aee28a29bd1f225e32ce2dc0bcfe6efedd69100
Instruction Fuzzy Hash: B1B1AE387002048FCB19EB35D45DA6D77E7EBC9318B104869D8069B394EF7EAC86CB61

Function 059E024B Relevance: 6.5, Strings: 5, Instructions: 275
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 059E03C1
M\mi^, xrefs: 059E034F, 059E0354
2k, xrefs: 059E0363
-\mi^, xrefs: 059E0415, 059E041A
=\mi^, xrefs: 059E03B2, 059E03B7

Memory Dump Source

Source File: 00000009.00000002.2248221047.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_59e0000_lsass.jbxd

Similarity

API ID:
String ID: -\mi^$2k$2k$=\mi^$M\mi^
API String ID: 0-282747480
Opcode ID: f1eef3f676125398e9a80e71b3ee9acbb1c7ea5285f0746e68d51755d6ce39a3
Instruction ID: 6a952d768b4204f6c53d58092aa26ee370e54a1cb1ba3d0795cb83b0604d40dd
Opcode Fuzzy Hash: f1eef3f676125398e9a80e71b3ee9acbb1c7ea5285f0746e68d51755d6ce39a3
Instruction Fuzzy Hash: 1AB19E387002048FCB19EB35D45DA6D77E3EBC9318B144869D8069B394EF7EAC86CB61

Function 059E02A5 Relevance: 6.5, Strings: 5, Instructions: 251
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

2k, xrefs: 059E03C1
M\mi^, xrefs: 059E034F, 059E0354
2k, xrefs: 059E0363
-\mi^, xrefs: 059E0415, 059E041A
=\mi^, xrefs: 059E03B2, 059E03B7

Memory Dump Source

Source File: 00000009.00000002.2248221047.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_59e0000_lsass.jbxd

Similarity

API ID:
String ID: -\mi^$2k$2k$=\mi^$M\mi^
API String ID: 0-282747480
Opcode ID: a7e65f57a58b6a020b55980e234f0c874c60bc20a13e81cb8ad90e2054cbe6c5
Instruction ID: 8714f38263aecd6e5d10add396c7fd1fa76c2e49559bf64985322665635860c0
Opcode Fuzzy Hash: a7e65f57a58b6a020b55980e234f0c874c60bc20a13e81cb8ad90e2054cbe6c5
Instruction Fuzzy Hash: 2AA1AF38B002048FCB19EB35D05D66D77E3EBC9318B144869D8069B394EF7EAC86CB61

Function 030EA612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 030EA6B9

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 53f37c33ba9ed66e98f96fc83d792efd47f7998b7c53270071183f2772a56a18
Instruction ID: 51542ba8493bfc17c5be65913ea797774a992a1e630e65dfa40f972ac4cbcaa0
Opcode Fuzzy Hash: 53f37c33ba9ed66e98f96fc83d792efd47f7998b7c53270071183f2772a56a18
Instruction Fuzzy Hash: 5F3181B56093845FE711CB25DD85B96FFF8EF06210F08849AE984CB292D375A909C771

Function 030EA361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,75EDE220,00000000,00000000,00000000,00000000), ref: 030EA40C

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 167ffe7c4521b0a17e57facbdf78ddcaa1cb0ba79e08876c4f13a312b55b00c8
Instruction ID: 750486bd6fd322d24ceff571037fa30cf43d5c72afc20df76a7ecd129b3c51c1
Opcode Fuzzy Hash: 167ffe7c4521b0a17e57facbdf78ddcaa1cb0ba79e08876c4f13a312b55b00c8
Instruction Fuzzy Hash: BF318175605784AFE722CF15CC84F96FBFCEF05210F08849AE9458B692D324E909CB71

Function 030EA462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,75EDE220,00000000,00000000,00000000,00000000), ref: 030EA4F8

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: d133a996b426c54054d2eebac7c16e37e065c939f225605dc3ea4df67cb6d659
Instruction ID: 983e9c2a27ab4cf2f4dd683eb9739c6fdb6096283418ab37936dd47fc4c2d7bd
Opcode Fuzzy Hash: d133a996b426c54054d2eebac7c16e37e065c939f225605dc3ea4df67cb6d659
Instruction Fuzzy Hash: D1219FB62053846FD722CB11DC44F66BFB8DF45210F08849AE9858B652C264E908C771

Function 030EA646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 030EA6B9

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 272efad128fccd7973558064ea02000116b4e95155bc2d757faae538f2504869
Instruction ID: 2d4fd3623134a8c2b819522853c9a3c201a85ec19049f08b08883918e737ade2
Opcode Fuzzy Hash: 272efad128fccd7973558064ea02000116b4e95155bc2d757faae538f2504869
Instruction Fuzzy Hash: 812192757012449FE720DF25DD85BAAFBE8EF09224F0888A9ED44CB741D375E909CA71

Function 030EA392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,75EDE220,00000000,00000000,00000000,00000000), ref: 030EA40C

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: a5f9592b26e4bf77a66e58db254c0fc2634a8255fa49574b7b616a0f88d77e81
Instruction ID: 4a252a17a73dbf579444fc38c24310f192766bf17c22b46569694a2f698f7456
Opcode Fuzzy Hash: a5f9592b26e4bf77a66e58db254c0fc2634a8255fa49574b7b616a0f88d77e81
Instruction Fuzzy Hash: C7216DB67013049FE720CE15DD88FA6F7ECEF48620F08C4AAE9458B651D374E909CA75

Function 030EA486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegSetValueExW.KERNELBASE(?,00000E24,75EDE220,00000000,00000000,00000000,00000000), ref: 030EA4F8

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 0b73bbba29b35ae1da3ad0183ba8cbe46ed4a7b67e7e8addd161f1e31d90d69b
Instruction ID: 7f7aec98dbc5e443890eccfd3c54110bf8b55f44436629943ad6dd0118dc4ed7
Opcode Fuzzy Hash: 0b73bbba29b35ae1da3ad0183ba8cbe46ed4a7b67e7e8addd161f1e31d90d69b
Instruction Fuzzy Hash: B611B1B6700304AFE721CE15DD45FAAFBECEF48720F08845AED458AA51D374E808CAB1

Function 030EA710 Relevance: 1.3, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE(?), ref: 030EA780

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 9c9a031dcfd2677cad57a2034893e90e666b5f4a215eacb3b415af5668cfc6e0
Instruction ID: 1c4b694891a95a93be6a044f034faf7ad166b26607524c9c95b7bdeff07c9be2
Opcode Fuzzy Hash: 9c9a031dcfd2677cad57a2034893e90e666b5f4a215eacb3b415af5668cfc6e0
Instruction Fuzzy Hash: 1121D2B55093809FD712CB25DC85B52BFB8EF06320F0984DBED858F293D235A909CB61

Function 030EA74E Relevance: 1.3, APIs: 1, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNELBASE(?), ref: 030EA780

Memory Dump Source

Source File: 00000009.00000002.2247460632.00000000030EA000.00000040.00000800.00020000.00000000.sdmp, Offset: 030EA000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30ea000_lsass.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 9bd9dd4a13e8903b1848e9fbca5097589ae386dc4462b2bfa2e05fda606e40f1
Instruction ID: 7ed082bfa2d41b575ba01a6556528af7cc30e5b4b8e8d73c13e79dbef825a09f
Opcode Fuzzy Hash: 9bd9dd4a13e8903b1848e9fbca5097589ae386dc4462b2bfa2e05fda606e40f1
Instruction Fuzzy Hash: 5C0171757012408FEB10CF15E989766FBE4EF48220F08C4ABED858B756D275E804DAA1

Function 059E0080 Relevance: .1, Instructions: 95
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2248221047.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_59e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90324815a9cfbb8d1cb10e7781791ad7ca76019ba72d8d592c97ca57f4611d98
Instruction ID: 9c8be3a0e894f358259643425f114415e6f06cb722dec346df7a11b2498161d7
Opcode Fuzzy Hash: 90324815a9cfbb8d1cb10e7781791ad7ca76019ba72d8d592c97ca57f4611d98
Instruction Fuzzy Hash: F3412278605242CFC304EF35E59D889B7E2EFC4348B508D69D4444B769EB3C6D8ACBA1

Function 059E0006 Relevance: .0, Instructions: 47
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2248221047.00000000059E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 059E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_59e0000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 924348a70d6c2a02a96e495731e4393c3e04be6f09434c084e8a4c6741c40516
Instruction ID: e30fab0958b932f99390639270d4fc03190d63bdfdaf64576934b910b8bc3bbf
Opcode Fuzzy Hash: 924348a70d6c2a02a96e495731e4393c3e04be6f09434c084e8a4c6741c40516
Instruction Fuzzy Hash: 7F0168A644E3C54FD38387708C626513FB0EF13A05B4F85E7C081CB6A7E658990AD726

Function 03201047 Relevance: .0, Instructions: 43
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2247946276.0000000003201000.00000040.00000020.00020000.00000000.sdmp, Offset: 03201000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_3201000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e9563cb28332c1616c4a5f01ea377656a07db5b6a79ede4598890d20d5685bb
Instruction ID: 15be1777cbb3e292ba1e49a48cedebdcd7f0e21451778ab80f79e18e737ac5e6
Opcode Fuzzy Hash: 1e9563cb28332c1616c4a5f01ea377656a07db5b6a79ede4598890d20d5685bb
Instruction Fuzzy Hash: 5401D6751493806FD3018B06EC40893BFF8EF86330B0984AFE8488B652D229B909CB65

Function 0320106E Relevance: .0, Instructions: 27
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000009.00000002.2247946276.0000000003201000.00000040.00000020.00020000.00000000.sdmp, Offset: 03201000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_3201000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e46a699eb2468eb9d799d9c9236ffdc762841099a4e520701fd450e2b5b1c3d5
Instruction ID: 633298116a085d30ad97fab9c60240b6bf0aa247c3562e7e266c70ad2c62b54f
Opcode Fuzzy Hash: e46a699eb2468eb9d799d9c9236ffdc762841099a4e520701fd450e2b5b1c3d5
Instruction Fuzzy Hash: 48E092B66006044BD650CF0AFD45452F7D8EB88630708C57FDC0D8B701D635B909CAA5

Function 030E23F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2247422628.00000000030E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30e2000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5029b0dc27ec38982d3abc40c4451ff662d5cdfe8660d2fbd824e0c8ab432e4a
Instruction ID: 02e30b974e4f366c36dcd86d6dc66f5ed7d65c55ed2354ce3732eeaed79f197f
Opcode Fuzzy Hash: 5029b0dc27ec38982d3abc40c4451ff662d5cdfe8660d2fbd824e0c8ab432e4a
Instruction Fuzzy Hash: 04D017BA3066914ED326EA1CC6A4B9577D8AB51714F4A48B9A8008BB62C768D5D1D600

Function 030E23BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2247422628.00000000030E2000.00000040.00000800.00020000.00000000.sdmp, Offset: 030E2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_30e2000_lsass.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b37b6e1bbcbcf83424d6a478e4624c1f2c9bd9e1f9bdac7c4358620a46bd3a6a
Instruction ID: 36a475126b966c5d82bfca1b0fe169ae1c00683b6e53dc6b4963f644107260a2
Opcode Fuzzy Hash: b37b6e1bbcbcf83424d6a478e4624c1f2c9bd9e1f9bdac7c4358620a46bd3a6a
Instruction Fuzzy Hash: F0D05E343412814FC725EE1CC6D4F5977DCAF40B15F1A48E8AC108B762C7A8D9C0DE00

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 5556.rar.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Njrat

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Operating System Destruction

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\5556.rar.exe.log

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\lsass.exe.log

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e67ceec44f16fc357df593d15ca3e96b.exe

C:\Users\user\AppData\Roaming\lsass.exe

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Windows Analysis Report
5556.rar.exe

Function 00E60258 Relevance: 6.5, Strings: 5, Instructions: 278
COMMON

Function 00E60249 Relevance: 6.5, Strings: 5, Instructions: 277
COMMON

Function 00E602A5 Relevance: 6.5, Strings: 5, Instructions: 251
COMMON

Function 0096A94F Relevance: 1.6, APIs: 1, Instructions: 98
fileCOMMON

Function 0096A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Function 0096A361 Relevance: 1.6, APIs: 1, Instructions: 85
registryCOMMON

Function 0096AA5C Relevance: 1.6, APIs: 1, Instructions: 79
COMMON

Function 0096A462 Relevance: 1.6, APIs: 1, Instructions: 77
registryCOMMON

Function 0096A986 Relevance: 1.6, APIs: 1, Instructions: 76
fileCOMMON

Function 0096A646 Relevance: 1.6, APIs: 1, Instructions: 72
synchronizationCOMMON

Function 0096AC0E Relevance: 1.6, APIs: 1, Instructions: 70
fileCOMMON

Function 0096A392 Relevance: 1.6, APIs: 1, Instructions: 69
registryCOMMON

Function 0096A486 Relevance: 1.6, APIs: 1, Instructions: 65
registryCOMMON

Function 0096A2D2 Relevance: 1.6, APIs: 1, Instructions: 61
COMMON