Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
enai2.exe

Overview

General Information

Sample name:enai2.exe
Analysis ID:1575640
MD5:a2d2fc6108063a466264a34e7c46c8a3
SHA1:ddab38e1dcf749d355bf63a0eb25ce844db1d880
SHA256:7812344ebb0aed20fb8cd932ad7c7c019dccb813956a1a5dd9f94bf6af82d50a
Tags:exeNjRATuser-lontze7
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Disables zone checking for all users
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected TCP or UDP traffic on non-standard ports
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w10x64
  • enai2.exe (PID: 1020 cmdline: "C:\Users\user\Desktop\enai2.exe" MD5: A2D2FC6108063A466264A34E7C46C8A3)
    • netsh.exe (PID: 4512 cmdline: netsh firewall add allowedprogram "C:\Users\user\Desktop\enai2.exe" "enai2.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
      • conhost.exe (PID: 5208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "6.tcp.eu.ngrok.io", "Port": "14377", "Version": "0.7d", "Campaign ID": "Enai", "Registry": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Startup": "bd898fbb4a2356e019689e2e64340d76"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
enai2.exeJoeSecurity_NjratYara detected NjratJoe Security
    enai2.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x5767:$a1: get_Registry
    • 0x6b2a:$a2: SEE_MASK_NOZONECHECKS
    • 0x693a:$a3: Download ERROR
    • 0x6c62:$a4: cmd.exe /c ping 0 -n 2 & del "
    • 0x6c02:$a5: netsh firewall delete allowedprogram "
    enai2.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x6c62:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x6834:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x695c:$s3: Executed As
    • 0x5fb3:$s5: Stub.exe
    • 0x693a:$s6: Download ERROR
    • 0x67f6:$s8: Select * From AntiVirusProduct
    enai2.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x6b5a:$a1: netsh firewall add allowedprogram
    • 0x6b2a:$a2: SEE_MASK_NOZONECHECKS
    • 0x6cea:$b1: [TAP]
    • 0x6c62:$c3: cmd.exe /c ping
    enai2.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x6b2a:$reg: SEE_MASK_NOZONECHECKS
    • 0x6916:$msg: Execute ERROR
    • 0x6976:$msg: Execute ERROR
    • 0x6c62:$ping: cmd.exe /c ping 0 -n 2 & del
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
      00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x5567:$a1: get_Registry
      • 0x692a:$a2: SEE_MASK_NOZONECHECKS
      • 0x673a:$a3: Download ERROR
      • 0x6a62:$a4: cmd.exe /c ping 0 -n 2 & del "
      • 0x6a02:$a5: netsh firewall delete allowedprogram "
      00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x695a:$a1: netsh firewall add allowedprogram
      • 0x692a:$a2: SEE_MASK_NOZONECHECKS
      • 0x6aea:$b1: [TAP]
      • 0x6a62:$c3: cmd.exe /c ping
      00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x692a:$reg: SEE_MASK_NOZONECHECKS
      • 0x6716:$msg: Execute ERROR
      • 0x6776:$msg: Execute ERROR
      • 0x6a62:$ping: cmd.exe /c ping 0 -n 2 & del
      Process Memory Space: enai2.exe PID: 1020JoeSecurity_NjratYara detected NjratJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.0.enai2.exe.900000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
          0.0.enai2.exe.900000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x5767:$a1: get_Registry
          • 0x6b2a:$a2: SEE_MASK_NOZONECHECKS
          • 0x693a:$a3: Download ERROR
          • 0x6c62:$a4: cmd.exe /c ping 0 -n 2 & del "
          • 0x6c02:$a5: netsh firewall delete allowedprogram "
          0.0.enai2.exe.900000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
          • 0x6c62:$x1: cmd.exe /c ping 0 -n 2 & del "
          • 0x6834:$s1: winmgmts:\\.\root\SecurityCenter2
          • 0x695c:$s3: Executed As
          • 0x5fb3:$s5: Stub.exe
          • 0x693a:$s6: Download ERROR
          • 0x67f6:$s8: Select * From AntiVirusProduct
          0.0.enai2.exe.900000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x6b5a:$a1: netsh firewall add allowedprogram
          • 0x6b2a:$a2: SEE_MASK_NOZONECHECKS
          • 0x6cea:$b1: [TAP]
          • 0x6c62:$c3: cmd.exe /c ping
          0.0.enai2.exe.900000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
          • 0x6b2a:$reg: SEE_MASK_NOZONECHECKS
          • 0x6916:$msg: Execute ERROR
          • 0x6976:$msg: Execute ERROR
          • 0x6c62:$ping: cmd.exe /c ping 0 -n 2 & del
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T07:37:22.019406+010020211761Malware Command and Control Activity Detected192.168.2.64973552.28.247.25514377TCP
          2024-12-16T07:37:26.252891+010020211761Malware Command and Control Activity Detected192.168.2.64974652.28.247.25514377TCP
          2024-12-16T07:37:30.494607+010020211761Malware Command and Control Activity Detected192.168.2.64976052.28.247.25514377TCP
          2024-12-16T07:37:34.794477+010020211761Malware Command and Control Activity Detected192.168.2.64977352.28.247.25514377TCP
          2024-12-16T07:37:39.128068+010020211761Malware Command and Control Activity Detected192.168.2.64978452.28.247.25514377TCP
          2024-12-16T07:37:43.385238+010020211761Malware Command and Control Activity Detected192.168.2.64979652.28.247.25514377TCP
          2024-12-16T07:37:47.716893+010020211761Malware Command and Control Activity Detected192.168.2.64980752.28.247.25514377TCP
          2024-12-16T07:37:52.688211+010020211761Malware Command and Control Activity Detected192.168.2.64981852.28.247.25514377TCP
          2024-12-16T07:37:56.315332+010020211761Malware Command and Control Activity Detected192.168.2.64982952.28.247.25514377TCP
          2024-12-16T07:38:00.604090+010020211761Malware Command and Control Activity Detected192.168.2.64983952.28.247.25514377TCP
          2024-12-16T07:38:04.923440+010020211761Malware Command and Control Activity Detected192.168.2.64985152.28.247.25514377TCP
          2024-12-16T07:38:09.204336+010020211761Malware Command and Control Activity Detected192.168.2.64986352.28.247.25514377TCP
          2024-12-16T07:38:13.497091+010020211761Malware Command and Control Activity Detected192.168.2.64987452.28.247.25514377TCP
          2024-12-16T07:38:17.790272+010020211761Malware Command and Control Activity Detected192.168.2.64988552.28.247.25514377TCP
          2024-12-16T07:38:22.316017+010020211761Malware Command and Control Activity Detected192.168.2.64989652.28.247.25514377TCP
          2024-12-16T07:38:26.624970+010020211761Malware Command and Control Activity Detected192.168.2.64990752.28.247.25514377TCP
          2024-12-16T07:38:30.908776+010020211761Malware Command and Control Activity Detected192.168.2.64991952.28.247.25514377TCP
          2024-12-16T07:38:35.076133+010020211761Malware Command and Control Activity Detected192.168.2.64992652.28.247.25514377TCP
          2024-12-16T07:38:39.166950+010020211761Malware Command and Control Activity Detected192.168.2.64993652.28.247.25514377TCP
          2024-12-16T07:38:43.093397+010020211761Malware Command and Control Activity Detected192.168.2.64994752.28.247.25514377TCP
          2024-12-16T07:38:46.911949+010020211761Malware Command and Control Activity Detected192.168.2.64995852.28.247.25514377TCP
          2024-12-16T07:38:50.728260+010020211761Malware Command and Control Activity Detected192.168.2.64996552.28.247.25514377TCP
          2024-12-16T07:38:54.267132+010020211761Malware Command and Control Activity Detected192.168.2.64997552.28.247.25514377TCP
          2024-12-16T07:38:57.805382+010020211761Malware Command and Control Activity Detected192.168.2.64998652.28.247.25514377TCP
          2024-12-16T07:39:01.251579+010020211761Malware Command and Control Activity Detected192.168.2.64999352.28.247.25514377TCP
          2024-12-16T07:39:04.658713+010020211761Malware Command and Control Activity Detected192.168.2.65000352.28.247.25514377TCP
          2024-12-16T07:39:07.962784+010020211761Malware Command and Control Activity Detected192.168.2.65001152.28.247.25514377TCP
          2024-12-16T07:39:11.192273+010020211761Malware Command and Control Activity Detected192.168.2.65001652.28.247.25514377TCP
          2024-12-16T07:39:14.596051+010020211761Malware Command and Control Activity Detected192.168.2.65001752.28.247.25514377TCP
          2024-12-16T07:39:17.528374+010020211761Malware Command and Control Activity Detected192.168.2.65001852.28.247.25514377TCP
          2024-12-16T07:39:20.589773+010020211761Malware Command and Control Activity Detected192.168.2.65001952.28.247.25514377TCP
          2024-12-16T07:39:23.833106+010020211761Malware Command and Control Activity Detected192.168.2.6500203.69.115.17814377TCP
          2024-12-16T07:39:27.010944+010020211761Malware Command and Control Activity Detected192.168.2.6500213.69.115.17814377TCP
          2024-12-16T07:39:29.866409+010020211761Malware Command and Control Activity Detected192.168.2.6500223.69.115.17814377TCP
          2024-12-16T07:39:32.769172+010020211761Malware Command and Control Activity Detected192.168.2.6500233.69.115.17814377TCP
          2024-12-16T07:39:35.734537+010020211761Malware Command and Control Activity Detected192.168.2.6500243.69.115.17814377TCP
          2024-12-16T07:39:38.544452+010020211761Malware Command and Control Activity Detected192.168.2.6500253.69.115.17814377TCP
          2024-12-16T07:39:41.323271+010020211761Malware Command and Control Activity Detected192.168.2.6500263.69.115.17814377TCP
          2024-12-16T07:39:44.072514+010020211761Malware Command and Control Activity Detected192.168.2.6500273.69.115.17814377TCP
          2024-12-16T07:39:46.780185+010020211761Malware Command and Control Activity Detected192.168.2.6500283.69.115.17814377TCP
          2024-12-16T07:39:49.520075+010020211761Malware Command and Control Activity Detected192.168.2.6500293.69.115.17814377TCP
          2024-12-16T07:39:52.234821+010020211761Malware Command and Control Activity Detected192.168.2.6500303.69.115.17814377TCP
          2024-12-16T07:39:55.066550+010020211761Malware Command and Control Activity Detected192.168.2.6500313.69.115.17814377TCP
          2024-12-16T07:39:57.822242+010020211761Malware Command and Control Activity Detected192.168.2.6500323.69.115.17814377TCP
          2024-12-16T07:40:00.458878+010020211761Malware Command and Control Activity Detected192.168.2.6500333.69.115.17814377TCP
          2024-12-16T07:40:02.720846+010020211761Malware Command and Control Activity Detected192.168.2.6500343.69.115.17814377TCP
          2024-12-16T07:40:05.251224+010020211761Malware Command and Control Activity Detected192.168.2.6500353.69.115.17814377TCP
          2024-12-16T07:40:07.782227+010020211761Malware Command and Control Activity Detected192.168.2.6500363.69.115.17814377TCP
          2024-12-16T07:40:10.296580+010020211761Malware Command and Control Activity Detected192.168.2.6500373.69.115.17814377TCP
          2024-12-16T07:40:12.813666+010020211761Malware Command and Control Activity Detected192.168.2.6500383.69.115.17814377TCP
          2024-12-16T07:40:15.305348+010020211761Malware Command and Control Activity Detected192.168.2.6500393.69.115.17814377TCP
          2024-12-16T07:40:17.796953+010020211761Malware Command and Control Activity Detected192.168.2.6500413.69.115.17814377TCP
          2024-12-16T07:40:20.246577+010020211761Malware Command and Control Activity Detected192.168.2.6500423.69.115.17814377TCP
          2024-12-16T07:40:22.717837+010020211761Malware Command and Control Activity Detected192.168.2.6500433.69.115.17814377TCP
          2024-12-16T07:40:25.399068+010020211761Malware Command and Control Activity Detected192.168.2.65004452.28.247.25514377TCP
          2024-12-16T07:40:27.859090+010020211761Malware Command and Control Activity Detected192.168.2.65004552.28.247.25514377TCP
          2024-12-16T07:40:30.276360+010020211761Malware Command and Control Activity Detected192.168.2.65004652.28.247.25514377TCP
          2024-12-16T07:40:32.688072+010020211761Malware Command and Control Activity Detected192.168.2.65004752.28.247.25514377TCP
          2024-12-16T07:40:35.090228+010020211761Malware Command and Control Activity Detected192.168.2.65004852.28.247.25514377TCP
          2024-12-16T07:40:37.494780+010020211761Malware Command and Control Activity Detected192.168.2.65004952.28.247.25514377TCP
          2024-12-16T07:40:39.872313+010020211761Malware Command and Control Activity Detected192.168.2.65005052.28.247.25514377TCP
          2024-12-16T07:40:42.284538+010020211761Malware Command and Control Activity Detected192.168.2.65005152.28.247.25514377TCP
          2024-12-16T07:40:44.669327+010020211761Malware Command and Control Activity Detected192.168.2.65005252.28.247.25514377TCP
          2024-12-16T07:40:47.042528+010020211761Malware Command and Control Activity Detected192.168.2.65005352.28.247.25514377TCP
          2024-12-16T07:40:49.469872+010020211761Malware Command and Control Activity Detected192.168.2.65005452.28.247.25514377TCP
          2024-12-16T07:40:51.863122+010020211761Malware Command and Control Activity Detected192.168.2.65005552.28.247.25514377TCP
          2024-12-16T07:40:54.215685+010020211761Malware Command and Control Activity Detected192.168.2.65005652.28.247.25514377TCP
          2024-12-16T07:40:56.576373+010020211761Malware Command and Control Activity Detected192.168.2.65005752.28.247.25514377TCP
          2024-12-16T07:40:58.937692+010020211761Malware Command and Control Activity Detected192.168.2.65005852.28.247.25514377TCP
          2024-12-16T07:41:01.282080+010020211761Malware Command and Control Activity Detected192.168.2.65005952.28.247.25514377TCP
          2024-12-16T07:41:03.656716+010020211761Malware Command and Control Activity Detected192.168.2.65006052.28.247.25514377TCP
          2024-12-16T07:41:05.993366+010020211761Malware Command and Control Activity Detected192.168.2.65006152.28.247.25514377TCP
          2024-12-16T07:41:08.347231+010020211761Malware Command and Control Activity Detected192.168.2.65006252.28.247.25514377TCP
          2024-12-16T07:41:10.697390+010020211761Malware Command and Control Activity Detected192.168.2.65006352.28.247.25514377TCP
          2024-12-16T07:41:13.028087+010020211761Malware Command and Control Activity Detected192.168.2.65006452.28.247.25514377TCP
          2024-12-16T07:41:15.607244+010020211761Malware Command and Control Activity Detected192.168.2.65006552.28.247.25514377TCP
          2024-12-16T07:41:18.170368+010020211761Malware Command and Control Activity Detected192.168.2.65006652.28.247.25514377TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T07:37:22.019406+010020331321Malware Command and Control Activity Detected192.168.2.64973552.28.247.25514377TCP
          2024-12-16T07:37:26.252891+010020331321Malware Command and Control Activity Detected192.168.2.64974652.28.247.25514377TCP
          2024-12-16T07:37:30.494607+010020331321Malware Command and Control Activity Detected192.168.2.64976052.28.247.25514377TCP
          2024-12-16T07:37:34.794477+010020331321Malware Command and Control Activity Detected192.168.2.64977352.28.247.25514377TCP
          2024-12-16T07:37:39.128068+010020331321Malware Command and Control Activity Detected192.168.2.64978452.28.247.25514377TCP
          2024-12-16T07:37:43.385238+010020331321Malware Command and Control Activity Detected192.168.2.64979652.28.247.25514377TCP
          2024-12-16T07:37:47.716893+010020331321Malware Command and Control Activity Detected192.168.2.64980752.28.247.25514377TCP
          2024-12-16T07:37:52.688211+010020331321Malware Command and Control Activity Detected192.168.2.64981852.28.247.25514377TCP
          2024-12-16T07:37:56.315332+010020331321Malware Command and Control Activity Detected192.168.2.64982952.28.247.25514377TCP
          2024-12-16T07:38:00.604090+010020331321Malware Command and Control Activity Detected192.168.2.64983952.28.247.25514377TCP
          2024-12-16T07:38:04.923440+010020331321Malware Command and Control Activity Detected192.168.2.64985152.28.247.25514377TCP
          2024-12-16T07:38:09.204336+010020331321Malware Command and Control Activity Detected192.168.2.64986352.28.247.25514377TCP
          2024-12-16T07:38:13.497091+010020331321Malware Command and Control Activity Detected192.168.2.64987452.28.247.25514377TCP
          2024-12-16T07:38:17.790272+010020331321Malware Command and Control Activity Detected192.168.2.64988552.28.247.25514377TCP
          2024-12-16T07:38:22.316017+010020331321Malware Command and Control Activity Detected192.168.2.64989652.28.247.25514377TCP
          2024-12-16T07:38:26.624970+010020331321Malware Command and Control Activity Detected192.168.2.64990752.28.247.25514377TCP
          2024-12-16T07:38:30.908776+010020331321Malware Command and Control Activity Detected192.168.2.64991952.28.247.25514377TCP
          2024-12-16T07:38:35.076133+010020331321Malware Command and Control Activity Detected192.168.2.64992652.28.247.25514377TCP
          2024-12-16T07:38:39.166950+010020331321Malware Command and Control Activity Detected192.168.2.64993652.28.247.25514377TCP
          2024-12-16T07:38:43.093397+010020331321Malware Command and Control Activity Detected192.168.2.64994752.28.247.25514377TCP
          2024-12-16T07:38:46.911949+010020331321Malware Command and Control Activity Detected192.168.2.64995852.28.247.25514377TCP
          2024-12-16T07:38:50.728260+010020331321Malware Command and Control Activity Detected192.168.2.64996552.28.247.25514377TCP
          2024-12-16T07:38:54.267132+010020331321Malware Command and Control Activity Detected192.168.2.64997552.28.247.25514377TCP
          2024-12-16T07:38:57.805382+010020331321Malware Command and Control Activity Detected192.168.2.64998652.28.247.25514377TCP
          2024-12-16T07:39:01.251579+010020331321Malware Command and Control Activity Detected192.168.2.64999352.28.247.25514377TCP
          2024-12-16T07:39:04.658713+010020331321Malware Command and Control Activity Detected192.168.2.65000352.28.247.25514377TCP
          2024-12-16T07:39:07.962784+010020331321Malware Command and Control Activity Detected192.168.2.65001152.28.247.25514377TCP
          2024-12-16T07:39:11.192273+010020331321Malware Command and Control Activity Detected192.168.2.65001652.28.247.25514377TCP
          2024-12-16T07:39:14.596051+010020331321Malware Command and Control Activity Detected192.168.2.65001752.28.247.25514377TCP
          2024-12-16T07:39:17.528374+010020331321Malware Command and Control Activity Detected192.168.2.65001852.28.247.25514377TCP
          2024-12-16T07:39:20.589773+010020331321Malware Command and Control Activity Detected192.168.2.65001952.28.247.25514377TCP
          2024-12-16T07:39:23.833106+010020331321Malware Command and Control Activity Detected192.168.2.6500203.69.115.17814377TCP
          2024-12-16T07:39:27.010944+010020331321Malware Command and Control Activity Detected192.168.2.6500213.69.115.17814377TCP
          2024-12-16T07:39:29.866409+010020331321Malware Command and Control Activity Detected192.168.2.6500223.69.115.17814377TCP
          2024-12-16T07:39:32.769172+010020331321Malware Command and Control Activity Detected192.168.2.6500233.69.115.17814377TCP
          2024-12-16T07:39:35.734537+010020331321Malware Command and Control Activity Detected192.168.2.6500243.69.115.17814377TCP
          2024-12-16T07:39:38.544452+010020331321Malware Command and Control Activity Detected192.168.2.6500253.69.115.17814377TCP
          2024-12-16T07:39:41.323271+010020331321Malware Command and Control Activity Detected192.168.2.6500263.69.115.17814377TCP
          2024-12-16T07:39:44.072514+010020331321Malware Command and Control Activity Detected192.168.2.6500273.69.115.17814377TCP
          2024-12-16T07:39:46.780185+010020331321Malware Command and Control Activity Detected192.168.2.6500283.69.115.17814377TCP
          2024-12-16T07:39:49.520075+010020331321Malware Command and Control Activity Detected192.168.2.6500293.69.115.17814377TCP
          2024-12-16T07:39:52.234821+010020331321Malware Command and Control Activity Detected192.168.2.6500303.69.115.17814377TCP
          2024-12-16T07:39:55.066550+010020331321Malware Command and Control Activity Detected192.168.2.6500313.69.115.17814377TCP
          2024-12-16T07:39:57.822242+010020331321Malware Command and Control Activity Detected192.168.2.6500323.69.115.17814377TCP
          2024-12-16T07:40:00.458878+010020331321Malware Command and Control Activity Detected192.168.2.6500333.69.115.17814377TCP
          2024-12-16T07:40:02.720846+010020331321Malware Command and Control Activity Detected192.168.2.6500343.69.115.17814377TCP
          2024-12-16T07:40:05.251224+010020331321Malware Command and Control Activity Detected192.168.2.6500353.69.115.17814377TCP
          2024-12-16T07:40:07.782227+010020331321Malware Command and Control Activity Detected192.168.2.6500363.69.115.17814377TCP
          2024-12-16T07:40:10.296580+010020331321Malware Command and Control Activity Detected192.168.2.6500373.69.115.17814377TCP
          2024-12-16T07:40:12.813666+010020331321Malware Command and Control Activity Detected192.168.2.6500383.69.115.17814377TCP
          2024-12-16T07:40:15.305348+010020331321Malware Command and Control Activity Detected192.168.2.6500393.69.115.17814377TCP
          2024-12-16T07:40:17.796953+010020331321Malware Command and Control Activity Detected192.168.2.6500413.69.115.17814377TCP
          2024-12-16T07:40:20.246577+010020331321Malware Command and Control Activity Detected192.168.2.6500423.69.115.17814377TCP
          2024-12-16T07:40:22.717837+010020331321Malware Command and Control Activity Detected192.168.2.6500433.69.115.17814377TCP
          2024-12-16T07:40:25.399068+010020331321Malware Command and Control Activity Detected192.168.2.65004452.28.247.25514377TCP
          2024-12-16T07:40:27.859090+010020331321Malware Command and Control Activity Detected192.168.2.65004552.28.247.25514377TCP
          2024-12-16T07:40:30.276360+010020331321Malware Command and Control Activity Detected192.168.2.65004652.28.247.25514377TCP
          2024-12-16T07:40:32.688072+010020331321Malware Command and Control Activity Detected192.168.2.65004752.28.247.25514377TCP
          2024-12-16T07:40:35.090228+010020331321Malware Command and Control Activity Detected192.168.2.65004852.28.247.25514377TCP
          2024-12-16T07:40:37.494780+010020331321Malware Command and Control Activity Detected192.168.2.65004952.28.247.25514377TCP
          2024-12-16T07:40:39.872313+010020331321Malware Command and Control Activity Detected192.168.2.65005052.28.247.25514377TCP
          2024-12-16T07:40:42.284538+010020331321Malware Command and Control Activity Detected192.168.2.65005152.28.247.25514377TCP
          2024-12-16T07:40:44.669327+010020331321Malware Command and Control Activity Detected192.168.2.65005252.28.247.25514377TCP
          2024-12-16T07:40:47.042528+010020331321Malware Command and Control Activity Detected192.168.2.65005352.28.247.25514377TCP
          2024-12-16T07:40:49.469872+010020331321Malware Command and Control Activity Detected192.168.2.65005452.28.247.25514377TCP
          2024-12-16T07:40:51.863122+010020331321Malware Command and Control Activity Detected192.168.2.65005552.28.247.25514377TCP
          2024-12-16T07:40:54.215685+010020331321Malware Command and Control Activity Detected192.168.2.65005652.28.247.25514377TCP
          2024-12-16T07:40:56.576373+010020331321Malware Command and Control Activity Detected192.168.2.65005752.28.247.25514377TCP
          2024-12-16T07:40:58.937692+010020331321Malware Command and Control Activity Detected192.168.2.65005852.28.247.25514377TCP
          2024-12-16T07:41:01.282080+010020331321Malware Command and Control Activity Detected192.168.2.65005952.28.247.25514377TCP
          2024-12-16T07:41:03.656716+010020331321Malware Command and Control Activity Detected192.168.2.65006052.28.247.25514377TCP
          2024-12-16T07:41:05.993366+010020331321Malware Command and Control Activity Detected192.168.2.65006152.28.247.25514377TCP
          2024-12-16T07:41:08.347231+010020331321Malware Command and Control Activity Detected192.168.2.65006252.28.247.25514377TCP
          2024-12-16T07:41:10.697390+010020331321Malware Command and Control Activity Detected192.168.2.65006352.28.247.25514377TCP
          2024-12-16T07:41:13.028087+010020331321Malware Command and Control Activity Detected192.168.2.65006452.28.247.25514377TCP
          2024-12-16T07:41:15.607244+010020331321Malware Command and Control Activity Detected192.168.2.65006552.28.247.25514377TCP
          2024-12-16T07:41:18.170368+010020331321Malware Command and Control Activity Detected192.168.2.65006652.28.247.25514377TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-16T07:37:22.139156+010028384861Malware Command and Control Activity Detected192.168.2.64973552.28.247.25514377TCP
          2024-12-16T07:37:26.372919+010028384861Malware Command and Control Activity Detected192.168.2.64974652.28.247.25514377TCP
          2024-12-16T07:37:30.614494+010028384861Malware Command and Control Activity Detected192.168.2.64976052.28.247.25514377TCP
          2024-12-16T07:37:34.914729+010028384861Malware Command and Control Activity Detected192.168.2.64977352.28.247.25514377TCP
          2024-12-16T07:37:39.248027+010028384861Malware Command and Control Activity Detected192.168.2.64978452.28.247.25514377TCP
          2024-12-16T07:37:43.505521+010028384861Malware Command and Control Activity Detected192.168.2.64979652.28.247.25514377TCP
          2024-12-16T07:37:47.837118+010028384861Malware Command and Control Activity Detected192.168.2.64980752.28.247.25514377TCP
          2024-12-16T07:37:52.808159+010028384861Malware Command and Control Activity Detected192.168.2.64981852.28.247.25514377TCP
          2024-12-16T07:37:56.436301+010028384861Malware Command and Control Activity Detected192.168.2.64982952.28.247.25514377TCP
          2024-12-16T07:38:00.724097+010028384861Malware Command and Control Activity Detected192.168.2.64983952.28.247.25514377TCP
          2024-12-16T07:38:05.043247+010028384861Malware Command and Control Activity Detected192.168.2.64985152.28.247.25514377TCP
          2024-12-16T07:38:09.324539+010028384861Malware Command and Control Activity Detected192.168.2.64986352.28.247.25514377TCP
          2024-12-16T07:38:13.616888+010028384861Malware Command and Control Activity Detected192.168.2.64987452.28.247.25514377TCP
          2024-12-16T07:38:17.910099+010028384861Malware Command and Control Activity Detected192.168.2.64988552.28.247.25514377TCP
          2024-12-16T07:41:18.290459+010028384861Malware Command and Control Activity Detected192.168.2.65006652.28.247.25514377TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: enai2.exeAvira: detected
          Found malware configuration
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Njrat {"Host": "6.tcp.eu.ngrok.io", "Port": "14377", "Version": "0.7d", "Campaign ID": "Enai", "Registry": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Startup": "bd898fbb4a2356e019689e2e64340d76"}
          Multi AV Scanner detection for submitted file
          Source: enai2.exeVirustotal: Detection: 88%Perma Link
          Source: enai2.exeReversingLabs: Detection: 86%
          Yara detected Njrat
          Source: Yara matchFile source: enai2.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: enai2.exe PID: 1020, type: MEMORYSTR
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
          Machine Learning detection for sample
          Source: enai2.exeJoe Sandbox ML: detected
          Source: enai2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\enai2.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: enai2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49735 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49735 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49735 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49746 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49746 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49746 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49796 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49796 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49829 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49796 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49829 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49829 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49784 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49784 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49863 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49863 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49863 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49874 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49784 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49773 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49760 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49760 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49760 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49773 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49874 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49773 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49874 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49885 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49885 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49896 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49885 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49896 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49851 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49947 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49926 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49919 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49807 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49807 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49807 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49919 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49818 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49818 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49926 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49818 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49947 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49851 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49851 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49958 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49958 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49965 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49965 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49907 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49975 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49993 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49975 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49993 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49986 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49907 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49986 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49839 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49839 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:49839 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50011 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50011 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50017 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50018 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50018 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50017 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50003 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50003 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50023 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50023 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50026 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50026 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50021 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50021 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50016 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50016 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50030 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50030 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50027 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50027 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50028 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50028 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50022 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50022 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:49936 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:49936 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50020 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50033 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50035 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50033 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50019 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50038 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50038 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50041 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50041 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50034 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50034 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50029 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50035 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50029 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50044 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50044 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50046 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50043 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50043 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50049 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50049 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50048 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50052 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50052 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50053 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50053 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50054 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50054 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50055 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50055 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50025 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50025 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50061 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50061 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50064 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50064 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50048 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50046 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50050 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50024 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50065 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50051 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50051 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50019 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50060 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50060 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50036 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50063 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50036 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50050 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50057 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50057 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50065 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50032 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50020 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50062 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50062 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50063 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50032 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50024 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50058 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50058 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50066 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50066 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.6:50066 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50047 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50047 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50031 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50031 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50037 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50037 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50045 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50045 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50039 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50039 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50059 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50059 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50042 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50042 -> 3.69.115.178:14377
          Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.6:50056 -> 52.28.247.255:14377
          Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.6:50056 -> 52.28.247.255:14377
          Source: global trafficTCP traffic: 192.168.2.6:49735 -> 52.28.247.255:14377
          Source: global trafficTCP traffic: 192.168.2.6:50020 -> 3.69.115.178:14377
          Source: Joe Sandbox ViewIP Address: 52.28.247.255 52.28.247.255
          Source: Joe Sandbox ViewIP Address: 3.69.115.178 3.69.115.178
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficDNS traffic detected: DNS query: 6.tcp.eu.ngrok.io

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Contains functionality to log keystrokes (.Net Source)
          Source: enai2.exe, kl.cs.Net Code: VKCodeToUnicode

          E-Banking Fraud

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: enai2.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: enai2.exe PID: 1020, type: MEMORYSTR

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: enai2.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: enai2.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: enai2.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: enai2.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: enai2.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\enai2.exeProcess Stats: CPU usage > 49%
          Source: enai2.exe, 00000000.00000002.4658480354.000000000101E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs enai2.exe
          Source: enai2.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: enai2.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: enai2.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: enai2.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: enai2.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: enai2.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
          Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
          Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@4/1@4/2
          Source: C:\Users\user\Desktop\enai2.exeCode function: 0_2_0521276A AdjustTokenPrivileges,0_2_0521276A
          Source: C:\Users\user\Desktop\enai2.exeCode function: 0_2_05212733 AdjustTokenPrivileges,0_2_05212733
          Source: C:\Users\user\Desktop\enai2.exeMutant created: NULL
          Source: C:\Users\user\Desktop\enai2.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5208:120:WilError_03
          Source: C:\Users\user\Desktop\enai2.exeMutant created: \Sessions\1\BaseNamedObjects\bd898fbb4a2356e019689e2e64340d76
          Source: enai2.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: enai2.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\enai2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: enai2.exeVirustotal: Detection: 88%
          Source: enai2.exeReversingLabs: Detection: 86%
          Source: unknownProcess created: C:\Users\user\Desktop\enai2.exe "C:\Users\user\Desktop\enai2.exe"
          Source: C:\Users\user\Desktop\enai2.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\enai2.exe" "enai2.exe" ENABLE
          Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\enai2.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\enai2.exe" "enai2.exe" ENABLEJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
          Source: enai2.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: C:\Users\user\Desktop\enai2.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
          Source: enai2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: enai2.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeMemory allocated: 4ED0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeWindow / User API: threadDelayed 1410Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exeWindow / User API: threadDelayed 3681Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exeWindow / User API: threadDelayed 4294Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exeWindow / User API: foregroundWindowGot 1773Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exe TID: 5932Thread sleep count: 1410 > 30Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exe TID: 5932Thread sleep time: -1410000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\enai2.exe TID: 5912Thread sleep count: 3681 > 30Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exe TID: 5932Thread sleep count: 4294 > 30Jump to behavior
          Source: C:\Users\user\Desktop\enai2.exe TID: 5932Thread sleep time: -4294000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: enai2.exeBinary or memory string: VBoxService
          Source: enai2.exe, 00000000.00000002.4658480354.000000000104F000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000002.00000002.2270181635.0000000002DC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\enai2.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          .NET source code references suspicious native API functions
          Source: enai2.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
          Source: enai2.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
          Source: enai2.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
          Source: enai2.exe, 00000000.00000002.4658952687.0000000003187000.00000004.00000800.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4658952687.0000000002F4D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: enai2.exe, 00000000.00000002.4658952687.0000000003187000.00000004.00000800.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4658952687.0000000002F4D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9@l
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\enai2.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Disables zone checking for all users
          Source: C:\Users\user\Desktop\enai2.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
          Modifies the windows firewall
          Source: C:\Users\user\Desktop\enai2.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\enai2.exe" "enai2.exe" ENABLE
          Uses netsh to modify the Windows network and firewall settings
          Source: C:\Users\user\Desktop\enai2.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\Desktop\enai2.exe" "enai2.exe" ENABLE
          Source: enai2.exe, 00000000.00000002.4660644630.0000000005E60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ender\MsMpeng.exe
          Source: enai2.exe, 00000000.00000002.4658480354.000000000104F000.00000004.00000020.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4660713691.0000000005E7D000.00000004.00000020.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4660713691.0000000005E8E000.00000004.00000020.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4660713691.0000000005EB3000.00000004.00000020.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4660713691.0000000005E95000.00000004.00000020.00020000.00000000.sdmp, enai2.exe, 00000000.00000002.4658480354.00000000010A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: enai2.exe, 00000000.00000002.4658480354.00000000010A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \MsMpeng.exe
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
          Source: C:\Users\user\Desktop\enai2.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: enai2.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: enai2.exe PID: 1020, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Njrat
          Source: Yara matchFile source: enai2.exe, type: SAMPLE
          Source: Yara matchFile source: 0.0.enai2.exe.900000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: enai2.exe PID: 1020, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Access Token Manipulation          		2
          Virtualization/Sandbox Evasion          		1
          Input Capture          		21
          Security Software Discovery          		Remote Services1
          Input Capture          		1
          Non-Standard Port          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Native API          		Boot or Logon Initialization Scripts2
          Process Injection          		31
          Disable or Modify Tools          		LSASS Memory2
          Virtualization/Sandbox Evasion          		Remote Desktop ProtocolData from Removable Media1
          Non-Application Layer Protocol          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Access Token Manipulation          		Security Account Manager1
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Software Packing          		LSA Secrets12
          System Information Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          DLL Side-Loading          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          enai2.exe89%VirustotalBrowse
          enai2.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
          enai2.exe100%AviraTR/Dropper.Gen7
          enai2.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          6.tcp.eu.ngrok.io
          		52.28.247.255
          		truetrue
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            52.28.247.255
            		6.tcp.eu.ngrok.ioUnited States
            		16509AMAZON-02UStrue
            3.69.115.178
            		unknownUnited States
            		16509AMAZON-02UStrue

            General Information

            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1575640
            Start date and time:2024-12-16 07:36:12 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 50s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:6
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:enai2.exe
            Detection:MAL
            Classification:mal100.phis.troj.spyw.evad.winEXE@4/1@4/2
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 88
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtEnumerateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            01:37:21API Interceptor1050682x Sleep call for process: enai2.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            52.28.247.255NYQbqD59m8.exeGet hashmaliciousNanocoreBrowse
              mhYCwt8wBz.exeGet hashmaliciousNjratBrowse
                592CDAD0A5B0AE90E0C812AECB2677096AF06CF941CE2.exeGet hashmaliciousNjratBrowse
                  U22p1GcCSb.exeGet hashmaliciousNjratBrowse
                    M5vARlA2c4.exeGet hashmaliciousNjratBrowse
                      1.exeGet hashmaliciousNjratBrowse
                        rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                          N1aqZIb7KG.exeGet hashmaliciousNjratBrowse
                            QsKtlzYaKF.exeGet hashmaliciousNjratBrowse
                              dKe1GfZOs1.exeGet hashmaliciousNjratBrowse
                                3.69.115.178NYQbqD59m8.exeGet hashmaliciousNanocoreBrowse
                                  ClientAny.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                    1iZH7aeO5F.exeGet hashmaliciousNjratBrowse
                                      YTYyFVemXR.exeGet hashmaliciousNjratBrowse
                                        zyx3qItgQK.exeGet hashmaliciousNjratBrowse
                                          ziTLBa3N50.exeGet hashmaliciousNjratBrowse
                                            IsJb5hB84q.exeGet hashmaliciousNjratBrowse
                                              myidJB8lDL.exeGet hashmaliciousNjratBrowse
                                                rkIcS0Y2WY.exeGet hashmaliciousNjratBrowse
                                                  30b4CoDmKk.exeGet hashmaliciousNjratBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    6.tcp.eu.ngrok.ioaaa (3).exeGet hashmaliciousAsyncRATBrowse
                                                    • 3.66.38.117
                                                    NYQbqD59m8.exeGet hashmaliciousNanocoreBrowse
                                                    • 3.69.115.178
                                                    ClientAny.exeGet hashmaliciousAsyncRAT, VenomRATBrowse
                                                    • 3.69.115.178
                                                    1iZH7aeO5F.exeGet hashmaliciousNjratBrowse
                                                    • 3.68.171.119
                                                    mhYCwt8wBz.exeGet hashmaliciousNjratBrowse
                                                    • 3.68.171.119
                                                    592CDAD0A5B0AE90E0C812AECB2677096AF06CF941CE2.exeGet hashmaliciousNjratBrowse
                                                    • 52.28.247.255
                                                    U22p1GcCSb.exeGet hashmaliciousNjratBrowse
                                                    • 3.66.38.117
                                                    Client.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                    • 3.69.157.220
                                                    M5vARlA2c4.exeGet hashmaliciousNjratBrowse
                                                    • 3.68.171.119
                                                    YTYyFVemXR.exeGet hashmaliciousNjratBrowse
                                                    • 3.68.171.119

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    AMAZON-02USfern_wifi_recon%2.34.exeGet hashmaliciousMetasploitBrowse
                                                    • 3.6.115.64
                                                    Krishna33.exeGet hashmaliciousAsyncRATBrowse
                                                    • 13.215.170.190
                                                    aaa (3).exeGet hashmaliciousAsyncRATBrowse
                                                    • 3.68.171.119
                                                    anne.exeGet hashmaliciousAsyncRATBrowse
                                                    • 52.14.18.129
                                                    CrSpoofer.exeGet hashmaliciousAsyncRATBrowse
                                                    • 18.153.198.123
                                                    http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                    • 18.224.21.137
                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                    • 35.164.31.57
                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                    • 18.146.49.140
                                                    sh4.elfGet hashmaliciousUnknownBrowse
                                                    • 54.104.203.158
                                                    ppc.elfGet hashmaliciousUnknownBrowse
                                                    • 3.3.247.98
                                                    AMAZON-02USfern_wifi_recon%2.34.exeGet hashmaliciousMetasploitBrowse
                                                    • 3.6.115.64
                                                    Krishna33.exeGet hashmaliciousAsyncRATBrowse
                                                    • 13.215.170.190
                                                    aaa (3).exeGet hashmaliciousAsyncRATBrowse
                                                    • 3.68.171.119
                                                    anne.exeGet hashmaliciousAsyncRATBrowse
                                                    • 52.14.18.129
                                                    CrSpoofer.exeGet hashmaliciousAsyncRATBrowse
                                                    • 18.153.198.123
                                                    http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                    • 18.224.21.137
                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                    • 35.164.31.57
                                                    arm.elfGet hashmaliciousUnknownBrowse
                                                    • 18.146.49.140
                                                    sh4.elfGet hashmaliciousUnknownBrowse
                                                    • 54.104.203.158
                                                    ppc.elfGet hashmaliciousUnknownBrowse
                                                    • 3.3.247.98

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    \Device\ConDrv

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\netsh.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):313
                                                    Entropy (8bit):4.971939296804078
                                                    Encrypted:false
                                                    SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                                    MD5:689E2126A85BF55121488295EE068FA1
                                                    SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                                    SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                                    SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):5.616675689934772
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                    • Windows Screen Saver (13104/52) 0.07%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    File name:enai2.exe
                                                    File size:32'256 bytes
                                                    MD5:a2d2fc6108063a466264a34e7c46c8a3
                                                    SHA1:ddab38e1dcf749d355bf63a0eb25ce844db1d880
                                                    SHA256:7812344ebb0aed20fb8cd932ad7c7c019dccb813956a1a5dd9f94bf6af82d50a
                                                    SHA512:2d34d5c75f2cdad94fa957c80d71f697b2fb9bd949e25d9035234c9c7a37f00fd8d92b3e7c17c84a2a65b9b4893f1336850722e4111244f2d70e0cc1eaa44145
                                                    SSDEEP:768:gjMXjwpJbb2zxxO56eqvPisfv8yQmIDUu0tiX7j:3kKdisvQVk+j
                                                    TLSH:86E22B6DFBEA4466D1BC0AB50571950017B8D103E523F77E4ECA24A62B2F3C84B88DF2
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L8e.................v............... ........@.. ....................................@................................

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x40952e
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x65384C98 [Tue Oct 24 23:00:40 2023 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x94d40x57.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x240.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000x75340x76001c932c326d31aa7ea1bfbb86cfb143b2False0.4817929025423729data5.65366602535279IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0xa0000x2400x4005b346ed223699f15252c1fdad182859fFalse0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0xc0000xc0x200d4534444f1c7793013f3b44642d6c22bFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_MANIFEST0xa0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Suricata IDS Alerts

                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                    2024-12-16T07:37:22.019406+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64973552.28.247.25514377TCP
                                                    2024-12-16T07:37:22.019406+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64973552.28.247.25514377TCP
                                                    2024-12-16T07:37:22.139156+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64973552.28.247.25514377TCP
                                                    2024-12-16T07:37:26.252891+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64974652.28.247.25514377TCP
                                                    2024-12-16T07:37:26.252891+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64974652.28.247.25514377TCP
                                                    2024-12-16T07:37:26.372919+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64974652.28.247.25514377TCP
                                                    2024-12-16T07:37:30.494607+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64976052.28.247.25514377TCP
                                                    2024-12-16T07:37:30.494607+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64976052.28.247.25514377TCP
                                                    2024-12-16T07:37:30.614494+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64976052.28.247.25514377TCP
                                                    2024-12-16T07:37:34.794477+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64977352.28.247.25514377TCP
                                                    2024-12-16T07:37:34.794477+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64977352.28.247.25514377TCP
                                                    2024-12-16T07:37:34.914729+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64977352.28.247.25514377TCP
                                                    2024-12-16T07:37:39.128068+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64978452.28.247.25514377TCP
                                                    2024-12-16T07:37:39.128068+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64978452.28.247.25514377TCP
                                                    2024-12-16T07:37:39.248027+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64978452.28.247.25514377TCP
                                                    2024-12-16T07:37:43.385238+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64979652.28.247.25514377TCP
                                                    2024-12-16T07:37:43.385238+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64979652.28.247.25514377TCP
                                                    2024-12-16T07:37:43.505521+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64979652.28.247.25514377TCP
                                                    2024-12-16T07:37:47.716893+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64980752.28.247.25514377TCP
                                                    2024-12-16T07:37:47.716893+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64980752.28.247.25514377TCP
                                                    2024-12-16T07:37:47.837118+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64980752.28.247.25514377TCP
                                                    2024-12-16T07:37:52.688211+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64981852.28.247.25514377TCP
                                                    2024-12-16T07:37:52.688211+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64981852.28.247.25514377TCP
                                                    2024-12-16T07:37:52.808159+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64981852.28.247.25514377TCP
                                                    2024-12-16T07:37:56.315332+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64982952.28.247.25514377TCP
                                                    2024-12-16T07:37:56.315332+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64982952.28.247.25514377TCP
                                                    2024-12-16T07:37:56.436301+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64982952.28.247.25514377TCP
                                                    2024-12-16T07:38:00.604090+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64983952.28.247.25514377TCP
                                                    2024-12-16T07:38:00.604090+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64983952.28.247.25514377TCP
                                                    2024-12-16T07:38:00.724097+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64983952.28.247.25514377TCP
                                                    2024-12-16T07:38:04.923440+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64985152.28.247.25514377TCP
                                                    2024-12-16T07:38:04.923440+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64985152.28.247.25514377TCP
                                                    2024-12-16T07:38:05.043247+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64985152.28.247.25514377TCP
                                                    2024-12-16T07:38:09.204336+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64986352.28.247.25514377TCP
                                                    2024-12-16T07:38:09.204336+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64986352.28.247.25514377TCP
                                                    2024-12-16T07:38:09.324539+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64986352.28.247.25514377TCP
                                                    2024-12-16T07:38:13.497091+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64987452.28.247.25514377TCP
                                                    2024-12-16T07:38:13.497091+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64987452.28.247.25514377TCP
                                                    2024-12-16T07:38:13.616888+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64987452.28.247.25514377TCP
                                                    2024-12-16T07:38:17.790272+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64988552.28.247.25514377TCP
                                                    2024-12-16T07:38:17.790272+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64988552.28.247.25514377TCP
                                                    2024-12-16T07:38:17.910099+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.64988552.28.247.25514377TCP
                                                    2024-12-16T07:38:22.316017+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64989652.28.247.25514377TCP
                                                    2024-12-16T07:38:22.316017+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64989652.28.247.25514377TCP
                                                    2024-12-16T07:38:26.624970+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64990752.28.247.25514377TCP
                                                    2024-12-16T07:38:26.624970+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64990752.28.247.25514377TCP
                                                    2024-12-16T07:38:30.908776+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64991952.28.247.25514377TCP
                                                    2024-12-16T07:38:30.908776+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64991952.28.247.25514377TCP
                                                    2024-12-16T07:38:35.076133+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64992652.28.247.25514377TCP
                                                    2024-12-16T07:38:35.076133+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64992652.28.247.25514377TCP
                                                    2024-12-16T07:38:39.166950+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64993652.28.247.25514377TCP
                                                    2024-12-16T07:38:39.166950+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64993652.28.247.25514377TCP
                                                    2024-12-16T07:38:43.093397+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64994752.28.247.25514377TCP
                                                    2024-12-16T07:38:43.093397+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64994752.28.247.25514377TCP
                                                    2024-12-16T07:38:46.911949+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64995852.28.247.25514377TCP
                                                    2024-12-16T07:38:46.911949+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64995852.28.247.25514377TCP
                                                    2024-12-16T07:38:50.728260+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64996552.28.247.25514377TCP
                                                    2024-12-16T07:38:50.728260+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64996552.28.247.25514377TCP
                                                    2024-12-16T07:38:54.267132+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64997552.28.247.25514377TCP
                                                    2024-12-16T07:38:54.267132+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64997552.28.247.25514377TCP
                                                    2024-12-16T07:38:57.805382+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64998652.28.247.25514377TCP
                                                    2024-12-16T07:38:57.805382+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64998652.28.247.25514377TCP
                                                    2024-12-16T07:39:01.251579+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.64999352.28.247.25514377TCP
                                                    2024-12-16T07:39:01.251579+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.64999352.28.247.25514377TCP
                                                    2024-12-16T07:39:04.658713+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65000352.28.247.25514377TCP
                                                    2024-12-16T07:39:04.658713+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65000352.28.247.25514377TCP
                                                    2024-12-16T07:39:07.962784+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65001152.28.247.25514377TCP
                                                    2024-12-16T07:39:07.962784+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65001152.28.247.25514377TCP
                                                    2024-12-16T07:39:11.192273+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65001652.28.247.25514377TCP
                                                    2024-12-16T07:39:11.192273+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65001652.28.247.25514377TCP
                                                    2024-12-16T07:39:14.596051+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65001752.28.247.25514377TCP
                                                    2024-12-16T07:39:14.596051+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65001752.28.247.25514377TCP
                                                    2024-12-16T07:39:17.528374+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65001852.28.247.25514377TCP
                                                    2024-12-16T07:39:17.528374+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65001852.28.247.25514377TCP
                                                    2024-12-16T07:39:20.589773+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65001952.28.247.25514377TCP
                                                    2024-12-16T07:39:20.589773+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65001952.28.247.25514377TCP
                                                    2024-12-16T07:39:23.833106+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500203.69.115.17814377TCP
                                                    2024-12-16T07:39:23.833106+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500203.69.115.17814377TCP
                                                    2024-12-16T07:39:27.010944+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500213.69.115.17814377TCP
                                                    2024-12-16T07:39:27.010944+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500213.69.115.17814377TCP
                                                    2024-12-16T07:39:29.866409+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500223.69.115.17814377TCP
                                                    2024-12-16T07:39:29.866409+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500223.69.115.17814377TCP
                                                    2024-12-16T07:39:32.769172+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500233.69.115.17814377TCP
                                                    2024-12-16T07:39:32.769172+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500233.69.115.17814377TCP
                                                    2024-12-16T07:39:35.734537+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500243.69.115.17814377TCP
                                                    2024-12-16T07:39:35.734537+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500243.69.115.17814377TCP
                                                    2024-12-16T07:39:38.544452+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500253.69.115.17814377TCP
                                                    2024-12-16T07:39:38.544452+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500253.69.115.17814377TCP
                                                    2024-12-16T07:39:41.323271+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500263.69.115.17814377TCP
                                                    2024-12-16T07:39:41.323271+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500263.69.115.17814377TCP
                                                    2024-12-16T07:39:44.072514+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500273.69.115.17814377TCP
                                                    2024-12-16T07:39:44.072514+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500273.69.115.17814377TCP
                                                    2024-12-16T07:39:46.780185+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500283.69.115.17814377TCP
                                                    2024-12-16T07:39:46.780185+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500283.69.115.17814377TCP
                                                    2024-12-16T07:39:49.520075+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500293.69.115.17814377TCP
                                                    2024-12-16T07:39:49.520075+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500293.69.115.17814377TCP
                                                    2024-12-16T07:39:52.234821+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500303.69.115.17814377TCP
                                                    2024-12-16T07:39:52.234821+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500303.69.115.17814377TCP
                                                    2024-12-16T07:39:55.066550+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500313.69.115.17814377TCP
                                                    2024-12-16T07:39:55.066550+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500313.69.115.17814377TCP
                                                    2024-12-16T07:39:57.822242+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500323.69.115.17814377TCP
                                                    2024-12-16T07:39:57.822242+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500323.69.115.17814377TCP
                                                    2024-12-16T07:40:00.458878+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500333.69.115.17814377TCP
                                                    2024-12-16T07:40:00.458878+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500333.69.115.17814377TCP
                                                    2024-12-16T07:40:02.720846+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500343.69.115.17814377TCP
                                                    2024-12-16T07:40:02.720846+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500343.69.115.17814377TCP
                                                    2024-12-16T07:40:05.251224+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500353.69.115.17814377TCP
                                                    2024-12-16T07:40:05.251224+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500353.69.115.17814377TCP
                                                    2024-12-16T07:40:07.782227+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500363.69.115.17814377TCP
                                                    2024-12-16T07:40:07.782227+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500363.69.115.17814377TCP
                                                    2024-12-16T07:40:10.296580+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500373.69.115.17814377TCP
                                                    2024-12-16T07:40:10.296580+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500373.69.115.17814377TCP
                                                    2024-12-16T07:40:12.813666+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500383.69.115.17814377TCP
                                                    2024-12-16T07:40:12.813666+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500383.69.115.17814377TCP
                                                    2024-12-16T07:40:15.305348+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500393.69.115.17814377TCP
                                                    2024-12-16T07:40:15.305348+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500393.69.115.17814377TCP
                                                    2024-12-16T07:40:17.796953+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500413.69.115.17814377TCP
                                                    2024-12-16T07:40:17.796953+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500413.69.115.17814377TCP
                                                    2024-12-16T07:40:20.246577+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500423.69.115.17814377TCP
                                                    2024-12-16T07:40:20.246577+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500423.69.115.17814377TCP
                                                    2024-12-16T07:40:22.717837+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.6500433.69.115.17814377TCP
                                                    2024-12-16T07:40:22.717837+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.6500433.69.115.17814377TCP
                                                    2024-12-16T07:40:25.399068+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65004452.28.247.25514377TCP
                                                    2024-12-16T07:40:25.399068+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65004452.28.247.25514377TCP
                                                    2024-12-16T07:40:27.859090+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65004552.28.247.25514377TCP
                                                    2024-12-16T07:40:27.859090+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65004552.28.247.25514377TCP
                                                    2024-12-16T07:40:30.276360+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65004652.28.247.25514377TCP
                                                    2024-12-16T07:40:30.276360+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65004652.28.247.25514377TCP
                                                    2024-12-16T07:40:32.688072+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65004752.28.247.25514377TCP
                                                    2024-12-16T07:40:32.688072+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65004752.28.247.25514377TCP
                                                    2024-12-16T07:40:35.090228+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65004852.28.247.25514377TCP
                                                    2024-12-16T07:40:35.090228+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65004852.28.247.25514377TCP
                                                    2024-12-16T07:40:37.494780+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65004952.28.247.25514377TCP
                                                    2024-12-16T07:40:37.494780+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65004952.28.247.25514377TCP
                                                    2024-12-16T07:40:39.872313+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005052.28.247.25514377TCP
                                                    2024-12-16T07:40:39.872313+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005052.28.247.25514377TCP
                                                    2024-12-16T07:40:42.284538+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005152.28.247.25514377TCP
                                                    2024-12-16T07:40:42.284538+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005152.28.247.25514377TCP
                                                    2024-12-16T07:40:44.669327+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005252.28.247.25514377TCP
                                                    2024-12-16T07:40:44.669327+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005252.28.247.25514377TCP
                                                    2024-12-16T07:40:47.042528+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005352.28.247.25514377TCP
                                                    2024-12-16T07:40:47.042528+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005352.28.247.25514377TCP
                                                    2024-12-16T07:40:49.469872+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005452.28.247.25514377TCP
                                                    2024-12-16T07:40:49.469872+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005452.28.247.25514377TCP
                                                    2024-12-16T07:40:51.863122+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005552.28.247.25514377TCP
                                                    2024-12-16T07:40:51.863122+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005552.28.247.25514377TCP
                                                    2024-12-16T07:40:54.215685+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005652.28.247.25514377TCP
                                                    2024-12-16T07:40:54.215685+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005652.28.247.25514377TCP
                                                    2024-12-16T07:40:56.576373+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005752.28.247.25514377TCP
                                                    2024-12-16T07:40:56.576373+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005752.28.247.25514377TCP
                                                    2024-12-16T07:40:58.937692+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005852.28.247.25514377TCP
                                                    2024-12-16T07:40:58.937692+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005852.28.247.25514377TCP
                                                    2024-12-16T07:41:01.282080+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65005952.28.247.25514377TCP
                                                    2024-12-16T07:41:01.282080+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65005952.28.247.25514377TCP
                                                    2024-12-16T07:41:03.656716+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006052.28.247.25514377TCP
                                                    2024-12-16T07:41:03.656716+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006052.28.247.25514377TCP
                                                    2024-12-16T07:41:05.993366+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006152.28.247.25514377TCP
                                                    2024-12-16T07:41:05.993366+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006152.28.247.25514377TCP
                                                    2024-12-16T07:41:08.347231+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006252.28.247.25514377TCP
                                                    2024-12-16T07:41:08.347231+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006252.28.247.25514377TCP
                                                    2024-12-16T07:41:10.697390+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006352.28.247.25514377TCP
                                                    2024-12-16T07:41:10.697390+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006352.28.247.25514377TCP
                                                    2024-12-16T07:41:13.028087+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006452.28.247.25514377TCP
                                                    2024-12-16T07:41:13.028087+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006452.28.247.25514377TCP
                                                    2024-12-16T07:41:15.607244+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006552.28.247.25514377TCP
                                                    2024-12-16T07:41:15.607244+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006552.28.247.25514377TCP
                                                    2024-12-16T07:41:18.170368+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.65006652.28.247.25514377TCP
                                                    2024-12-16T07:41:18.170368+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.65006652.28.247.25514377TCP
                                                    2024-12-16T07:41:18.290459+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.65006652.28.247.25514377TCP

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 16, 2024 07:37:21.702095032 CET4973514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:21.821912050 CET143774973552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:21.822001934 CET4973514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:22.019406080 CET4973514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:22.139091969 CET143774973552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:22.139156103 CET4973514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:22.258889914 CET143774973552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:24.037781000 CET143774973552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:24.037895918 CET4973514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:26.047148943 CET4973514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:26.048430920 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:26.167391062 CET143774973552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:26.168395996 CET143774974652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:26.168473005 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:26.252891064 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:26.372819901 CET143774974652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:26.372919083 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:26.492753029 CET143774974652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:27.234622002 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:27.359299898 CET143774974652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:28.337735891 CET143774974652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:28.337805033 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:30.343177080 CET4974614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:30.344141960 CET4976014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:30.462894917 CET143774974652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:30.463840961 CET143774976052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:30.463920116 CET4976014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:30.494606972 CET4976014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:30.614433050 CET143774976052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:30.614494085 CET4976014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:30.734201908 CET143774976052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:32.633562088 CET143774976052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:32.633660078 CET4976014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:34.640635967 CET4976014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:34.642638922 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:34.760509014 CET143774976052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:34.762384892 CET143774977352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:34.762504101 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:34.794476986 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:34.914657116 CET143774977352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:34.914729118 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:35.034415960 CET143774977352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:35.371637106 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:35.491527081 CET143774977352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:36.931843042 CET143774977352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:36.931921959 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:38.936815023 CET4977314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:38.938422918 CET4978414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:39.056817055 CET143774977352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:39.058455944 CET143774978452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:39.058520079 CET4978414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:39.128067970 CET4978414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:39.247975111 CET143774978452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:39.248027086 CET4978414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:39.367717028 CET143774978452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:41.228509903 CET143774978452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:41.228570938 CET4978414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.233995914 CET4978414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.235115051 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.353734016 CET143774978452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:43.354868889 CET143774979652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:43.355005026 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.385237932 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.505378962 CET143774979652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:43.505521059 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.625432968 CET143774979652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:43.628602028 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:43.748879910 CET143774979652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:45.524571896 CET143774979652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:45.524673939 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:47.551055908 CET4979614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:47.552026033 CET4980714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:47.671080112 CET143774979652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:47.672116041 CET143774980752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:47.672195911 CET4980714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:47.716892958 CET4980714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:47.836990118 CET143774980752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:47.837117910 CET4980714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:47.957125902 CET143774980752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:49.851485968 CET143774980752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:49.851581097 CET4980714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:51.858937979 CET4980714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:51.860265017 CET4981814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:51.978992939 CET143774980752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:51.980078936 CET143774981852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:51.980200052 CET4981814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:52.688210964 CET4981814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:52.808104992 CET143774981852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:52.808159113 CET4981814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:52.928057909 CET143774981852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:54.150506973 CET143774981852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:54.150572062 CET4981814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:56.155740023 CET4981814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:56.156605959 CET4982914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:56.276035070 CET143774981852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:56.276629925 CET143774982952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:56.276751995 CET4982914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:56.315331936 CET4982914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:56.436225891 CET143774982952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:56.436300993 CET4982914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:37:56.557147980 CET143774982952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:58.447848082 CET143774982952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:37:58.447937965 CET4982914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:00.452716112 CET4982914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:00.454463005 CET4983914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:00.572824001 CET143774982952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:00.574301004 CET143774983952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:00.575144053 CET4983914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:00.604089975 CET4983914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:00.723984957 CET143774983952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:00.724097013 CET4983914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:00.844078064 CET143774983952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:02.743633986 CET143774983952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:02.743699074 CET4983914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:04.749547005 CET4983914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:04.750782013 CET4985114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:04.869273901 CET143774983952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:04.870446920 CET143774985152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:04.870543957 CET4985114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:04.923439980 CET4985114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:05.043152094 CET143774985152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:05.043246984 CET4985114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:05.163136005 CET143774985152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:07.039499998 CET143774985152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:07.039551973 CET4985114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:09.046557903 CET4985114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:09.047633886 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:09.166341066 CET143774985152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:09.167481899 CET143774986352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:09.167571068 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:09.204335928 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:09.324407101 CET143774986352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:09.324538946 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:09.444372892 CET143774986352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:11.156878948 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:11.276912928 CET143774986352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:11.338229895 CET143774986352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:11.338346958 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:13.343154907 CET4986314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:13.344512939 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:13.462877989 CET143774986352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:13.464304924 CET143774987452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:13.464459896 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:13.497091055 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:13.616800070 CET143774987452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:13.616888046 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:13.736598969 CET143774987452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:15.421618938 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:15.541316032 CET143774987452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:15.638111115 CET143774987452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:15.638293028 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:17.640130997 CET4987414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:17.641333103 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:17.760915041 CET143774987452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:17.761540890 CET143774988552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:17.761661053 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:17.790271997 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:17.910017967 CET143774988552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:17.910099030 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:18.029795885 CET143774988552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:18.029938936 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:18.149698973 CET143774988552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:19.933240891 CET143774988552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:19.933325052 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:21.937061071 CET4988514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:22.056777000 CET143774988552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:22.157675028 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:22.277410030 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:22.277509928 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:22.316016912 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:22.435787916 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:22.435884953 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:22.555761099 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:22.897034883 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.016789913 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.016937017 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.136899948 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.137053013 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.256762981 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.256932020 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.376663923 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.376761913 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.496567965 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.496953964 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.616837978 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.619609118 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.739553928 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.744678974 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.864562988 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.865566015 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:23.985755920 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:23.985846043 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:24.106009007 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:24.106101990 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:24.226092100 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:24.226958036 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:24.346776009 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:24.346869946 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:24.450051069 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:24.450858116 CET4989614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:24.466747046 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:24.570554972 CET143774989652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:26.454251051 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:26.574004889 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:26.574095011 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:26.624969959 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:26.744781971 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:26.744911909 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:26.864641905 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:26.864758015 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:26.986037016 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:26.986193895 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.108129978 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.108392000 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.229213953 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.229376078 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.349186897 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.349280119 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.468946934 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.469155073 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.588946104 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.590697050 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.710427999 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.711157084 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.831192970 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.834884882 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:27.954710960 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:27.956602097 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.076489925 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.076584101 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.196505070 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.200656891 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.320451975 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.320554972 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.440242052 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.440366030 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.560198069 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.560421944 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.723630905 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.723771095 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.747997999 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.748099089 CET4990714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:28.843579054 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:28.867911100 CET143774990752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:30.751017094 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:30.870913982 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:30.871005058 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:30.908776045 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.028484106 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.028587103 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.148391008 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.148497105 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.268301964 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.268388987 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.388294935 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.388375998 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.508128881 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.508207083 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.627903938 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.627988100 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.747788906 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.748639107 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.868485928 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.868582964 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:31.988392115 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:31.988634109 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.108556986 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.108825922 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.298183918 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.298183918 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.359184980 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.360178947 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.431325912 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.431334019 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.431564093 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.479854107 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.552639008 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.552846909 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.672636032 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.672873020 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.792541027 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.845201969 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:32.965778112 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:32.965862036 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:33.041769028 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:33.041912079 CET4991914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:33.085798979 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:33.162174940 CET143774991952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:34.922944069 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.042663097 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.042752028 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.076133013 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.195856094 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.195914030 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.315640926 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.315713882 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.435468912 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.435539007 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.555773020 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.555869102 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.675638914 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.675792933 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.795567036 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.795667887 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:35.915501118 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:35.915580988 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.035347939 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.036616087 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.156326056 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.156599045 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.276326895 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.278975964 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.398695946 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.398778915 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.518532038 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.520617008 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.640518904 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.640630960 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.760442972 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.760543108 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:36.880331039 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:36.880460024 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:37.000298023 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:37.000386953 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:37.120285988 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:37.120414972 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:37.240144014 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:37.240216017 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:37.248058081 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:37.248111010 CET4992614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:37.360007048 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:37.367716074 CET143774992652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.001492023 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.121438980 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.121694088 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.166949987 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.286626101 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.286828995 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.406512022 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.406636000 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.526309967 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.526474953 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.646245003 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.646356106 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.766170979 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.766256094 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:39.886055946 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:39.888662100 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.008466959 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.008594990 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.128295898 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.128669977 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.248425007 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.248630047 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.368560076 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.372637033 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.492338896 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.492434978 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.612185001 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.612256050 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.731990099 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.732131004 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.851937056 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.852070093 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:40.971856117 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:40.972141981 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:41.091926098 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:41.092048883 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:41.213289022 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:41.213356972 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:41.297408104 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:41.297472954 CET4993614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:41.333142996 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:41.417344093 CET143774993652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:42.938292980 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.058056116 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.058149099 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.093396902 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.213187933 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.213298082 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.333070993 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.333148003 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.452877045 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.452974081 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.572678089 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.572783947 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.744138002 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.744138002 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.874345064 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.945288897 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.946795940 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:43.949796915 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.949806929 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.994242907 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:43.994775057 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.066770077 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.066778898 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.066898108 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.114675045 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.114772081 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.186551094 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.186712980 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.234575033 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.234720945 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.306385040 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.306619883 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.354561090 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.358844995 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.426434040 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.426558971 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.478831053 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.479198933 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.552501917 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.552593946 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.599087000 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.599169016 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.672426939 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.672600031 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.718902111 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.718991995 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.792450905 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.792546034 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.838762999 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.838843107 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.912341118 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.912406921 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:44.958583117 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:44.958642960 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:45.032233953 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.032351017 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:45.078473091 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.078567028 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:45.152290106 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.152359962 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:45.198390007 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.198452950 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:45.230674982 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.230740070 CET4994714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:45.272192955 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.318389893 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:45.350498915 CET143774994752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:46.751101017 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:46.870990992 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:46.871201992 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:46.911948919 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.031641006 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.031785011 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.151565075 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.151676893 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.271451950 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.271547079 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.391377926 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.391475916 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.511437893 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.511724949 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.631395102 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.647649050 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.767442942 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.767523050 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:47.887276888 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:47.887332916 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.007229090 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.007428885 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.127295971 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.127379894 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.247243881 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.247339964 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.367125034 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.367247105 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.486928940 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.487034082 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.610299110 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.611195087 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.730989933 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.731539965 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:48.852272034 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:48.852669954 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:49.015100002 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:49.015199900 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:49.045286894 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:49.045347929 CET4995814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:49.135065079 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:49.165169001 CET143774995852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:50.493315935 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:50.613107920 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:50.613195896 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:50.728260040 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:50.847898960 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:50.847982883 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:50.967685938 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:50.967756033 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.087579012 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.087704897 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.207459927 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.207586050 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.327280045 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.327366114 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.447087049 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.447221041 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.566927910 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.566998005 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.686631918 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.686867952 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.806551933 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.808669090 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:51.928409100 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:51.928575993 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.048357010 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.048624039 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.168379068 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.168651104 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.288639069 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.292637110 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.412406921 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.412633896 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.532448053 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.532540083 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.652261019 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.652390957 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.772209883 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.772280931 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.779392004 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.779448032 CET4996514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:52.892013073 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:52.899156094 CET143774996552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.110666990 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.230667114 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.230781078 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.267132044 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.386924028 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.387065887 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.506772995 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.506866932 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.626605988 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.626694918 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.746591091 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.746772051 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.866579056 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.866653919 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:54.986402988 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:54.986574888 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.106374025 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.106513023 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.226423979 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.226526022 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.346390963 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.346482038 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.466254950 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.466382027 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.586173058 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.586297035 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.706268072 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.706357002 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.826189995 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.828699112 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:55.948539972 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:55.948663950 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:56.068527937 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:56.068630934 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:56.188416958 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:56.188667059 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:56.351181030 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:56.352691889 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:56.405447006 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:56.405639887 CET4997514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:56.472523928 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:56.525336981 CET143774997552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:57.643271923 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:57.763227940 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:57.764621019 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:57.805382013 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:57.925112009 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:57.925173998 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.045006037 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.046411991 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.166290045 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.167748928 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.287501097 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.287729979 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.407682896 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.408641100 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.528511047 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.528608084 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.648466110 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.648559093 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.768394947 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.768563986 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:58.888442039 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:58.888674974 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.008464098 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.008560896 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.128287077 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.128385067 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.248603106 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.248732090 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.368499041 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.368676901 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.488492966 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.488569021 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.608501911 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.608617067 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.728503942 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.728828907 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.848761082 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.852726936 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.934163094 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:38:59.936657906 CET4998614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:38:59.972590923 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:00.056616068 CET143774998652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.096388102 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.216617107 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.216793060 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.251579046 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.371428013 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.371566057 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.492726088 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.492815971 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.612524986 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.612600088 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.732275009 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.732340097 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.852031946 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.852103949 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:01.972440958 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:01.972522020 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.092170000 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.092386961 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.213145018 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.213258982 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.334105015 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.334198952 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.453958035 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.454086065 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.574424982 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.574491978 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.694176912 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.694252014 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.813868046 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.816631079 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:02.936608076 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:02.940654039 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:03.060384035 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:03.060662985 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:03.180331945 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:03.180655003 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:03.300446033 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:03.300637960 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:03.389585972 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:03.392647982 CET4999314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:03.420360088 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:03.512470961 CET143774999352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:04.486649036 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:04.606339931 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:04.606419086 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:04.658713102 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:04.778556108 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:04.778646946 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:04.898448944 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:04.898529053 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.018383026 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.018466949 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.141446114 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.141550064 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.261382103 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.263032913 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.387504101 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.391069889 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.516021013 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.517987013 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.640614033 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.640701056 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.761071920 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.761167049 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:05.880875111 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:05.880945921 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.000632048 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.000710011 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.120498896 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.120594978 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.240377903 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.243202925 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.363051891 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.363229990 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.482975006 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.484694958 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.605189085 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.605267048 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.725116968 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.726533890 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.778630972 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.780611992 CET5000314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:06.846282005 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:06.900279045 CET143775000352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:07.800640106 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:07.921523094 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:07.921833038 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:07.962784052 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.082839012 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.086761951 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.206427097 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.206945896 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.326754093 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.328746080 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.448436975 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.448755026 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.568442106 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.568530083 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.688266993 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.688324928 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.808073044 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.808135986 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:08.928126097 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:08.928195953 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.047950029 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.048038006 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.167752028 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.167901039 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.287681103 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.287895918 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.407632113 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.407902956 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.527580023 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.527844906 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.647572994 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.648854017 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.768543959 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.768696070 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:09.888500929 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:09.890798092 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:10.051223993 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:10.056366920 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:10.092554092 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:10.093229055 CET5001114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:10.176162004 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:10.213017941 CET143775001152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.034586906 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.156128883 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.156243086 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.192272902 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.311964989 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.312051058 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.431816101 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.431898117 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.551691055 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.551834106 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.671751976 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.671838999 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.791673899 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.791752100 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:11.911573887 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:11.911690950 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.031436920 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.031577110 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.151439905 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.151541948 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.271389961 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.271490097 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.391421080 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.391526937 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.511353016 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.511482954 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.631371975 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.631464958 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.751290083 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.751429081 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.871193886 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.871294975 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:12.993021011 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:12.993155956 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:13.112890959 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:13.112994909 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:13.275435925 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:13.275582075 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:13.360200882 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:13.360272884 CET5001614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:13.395456076 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:13.479984999 CET143775001652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:14.251002073 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:14.370776892 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:14.370935917 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:14.596050978 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:14.715856075 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:14.718697071 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:14.838469982 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:14.839287996 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:14.959005117 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:14.963323116 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.083069086 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.083148956 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.202866077 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.206767082 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.326546907 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.326632023 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.446389914 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.448682070 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.568454027 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.568747044 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.688919067 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.689038038 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.811362982 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.811506033 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:15.931238890 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:15.931386948 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.051074028 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.051254034 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.170869112 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.170958996 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.290786028 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.290883064 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.410590887 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.410712004 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.530440092 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.530502081 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.554685116 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.554749012 CET5001714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:16.650154114 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:16.674393892 CET143775001752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:17.376121998 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:17.495979071 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:17.496082067 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:17.528373957 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:17.648211956 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:17.651153088 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:17.771194935 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:17.771284103 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:17.890969992 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:17.891230106 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.011007071 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.011337996 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.131128073 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.131208897 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.251060009 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.251143932 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.370970011 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.371062040 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.490797043 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.490885973 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.610553026 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.610698938 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.733100891 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.733263969 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.934983015 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.934983015 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:18.956020117 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:18.956120968 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.054852009 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.054951906 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.054968119 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.077003002 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.077071905 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.174791098 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.174887896 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.196789026 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.294769049 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.294852018 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.414804935 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.414942026 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.535027981 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.535162926 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.655098915 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.655267954 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.673465014 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.675093889 CET5001814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:19.775062084 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:19.794826031 CET143775001852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:20.438225985 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:20.558079004 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:20.560688972 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:20.589772940 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:20.709641933 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:20.709722042 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:20.830612898 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:20.830744982 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:20.950392962 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:20.950645924 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.070511103 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.070625067 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.190463066 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.190550089 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.310519934 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.310663939 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.431051016 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.431139946 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.551142931 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.551218033 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.671041965 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.671108007 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.790868998 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.790972948 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:21.910671949 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:21.912434101 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.032185078 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.032315016 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.152100086 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.152679920 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.272495985 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.274735928 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.394505978 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.394743919 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.514477968 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.514580965 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.675216913 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.675333977 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.734460115 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.734541893 CET5001914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:39:22.795114994 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:22.854264021 CET143775001952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:39:23.681154966 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:23.801245928 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:23.801326990 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:23.833106041 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:23.952915907 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:23.953089952 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.072954893 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.073132992 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.193280935 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.193449020 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.313288927 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.313399076 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.433903933 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.434020042 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.553837061 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.554085016 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.673825026 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.673934937 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.793760061 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.793967962 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:24.913707018 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:24.913786888 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.033869982 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.033957958 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.154453993 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.154517889 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.274260998 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.274370909 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.394562960 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.394697905 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.514597893 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.514692068 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.635010958 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.635288000 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.755152941 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.756711960 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.876600981 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.880742073 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:25.983808041 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:25.984693050 CET5002014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:26.000658989 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:26.104382992 CET14377500203.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:26.714576960 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:26.834398985 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:26.834527016 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.010943890 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.130635023 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.130705118 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.250355005 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.250507116 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.370219946 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.370419979 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.490194082 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.490283966 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.609992981 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.610049963 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.730470896 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.730535984 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.850332975 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.850430012 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:27.970130920 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:27.970237017 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.090056896 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.090248108 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.210072041 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.210180998 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.330013990 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.330116987 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.450001955 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.450115919 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.569963932 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.570187092 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.690001011 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.690100908 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.809947014 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.810152054 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:28.930016994 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:28.930288076 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:29.077749968 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:29.077841043 CET5002114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:29.197624922 CET14377500213.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:29.704360008 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:29.824167013 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:29.824266911 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:29.866409063 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:29.986105919 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:29.986255884 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.105978012 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.106069088 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.225873947 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.225964069 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.345768929 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.345892906 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.465791941 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.465914965 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.586034060 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.586113930 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.705883026 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.708707094 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.828495026 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.828622103 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:30.948627949 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:30.951617002 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.071408033 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.075455904 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.195388079 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.199827909 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.319714069 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.322747946 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.442737103 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.442837954 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.562541008 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.564682007 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.684457064 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.684716940 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.804415941 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.804538965 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:31.967328072 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:31.967490911 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:32.015820026 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:32.015908957 CET5002214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:32.087333918 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:32.135550976 CET14377500223.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:32.611351013 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:32.734724998 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:32.734812975 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:32.769171953 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:32.889014006 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:32.889147043 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.008936882 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.009047985 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.128845930 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.129039049 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.250250101 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.250340939 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.371993065 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.372160912 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.493612051 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.493751049 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.613805056 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.613886118 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.734826088 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.734915018 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.854881048 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.854970932 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:33.974777937 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:33.975019932 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.094752073 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.094985008 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.215373039 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.215600014 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.335412979 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.335540056 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.455415010 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.455620050 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.575508118 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.575607061 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.695750952 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.695972919 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:34.815774918 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:34.815924883 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.027498960 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.027540922 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.027582884 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.124392986 CET5002314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.148299932 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.244427919 CET14377500233.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.579453945 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.699484110 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.699583054 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.734536886 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.854830980 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.854979992 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:35.974699974 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:35.974809885 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.094552994 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.094701052 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.214386940 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.214534998 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.335206032 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.335352898 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.455020905 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.455120087 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.574779987 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.574899912 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.694602966 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.694693089 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.814573050 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.814646006 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:36.934302092 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:36.934379101 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.054016113 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.054116011 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.174657106 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.174751997 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.294418097 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.294570923 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.414247990 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.414319992 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.534082890 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.534157991 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.653909922 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.654023886 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.773943901 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.776688099 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.874572992 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.874644995 CET5002414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:37.896384954 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:37.994375944 CET14377500243.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:38.391345978 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:38.511066914 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:38.512692928 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:38.544451952 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:38.664129972 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:38.664206028 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:38.784636021 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:38.784717083 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:38.905881882 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:38.905972004 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.028316975 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.028404951 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.148209095 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.148288965 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.268007040 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.268136024 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.388647079 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.388809919 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.508567095 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.508677006 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.628632069 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.628760099 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.748800993 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.748917103 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.868721008 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.868817091 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:39.988765001 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:39.991676092 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.111686945 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.114897966 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.234790087 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.235527992 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.355587959 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.358757973 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.478528023 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.478888035 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.599679947 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.603504896 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.687782049 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.691171885 CET5002514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:40.723193884 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:40.810895920 CET14377500253.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.173724890 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.293481112 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.293593884 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.323271036 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.442955017 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.443070889 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.562839031 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.562963963 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.682693005 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.682760954 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.802500963 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.802613020 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:41.922337055 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:41.922420979 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.042260885 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.043461084 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.163341999 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.167093992 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.286933899 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.289458990 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.409219027 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.410835028 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.532099962 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.535461903 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.655184984 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.656682014 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.776515961 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.776611090 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:42.899384975 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:42.899461985 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:43.019119978 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.019191980 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:43.139010906 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.139082909 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:43.258799076 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.258893967 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:43.378699064 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.378909111 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:43.469079971 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.469151020 CET5002614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:43.498613119 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.588783979 CET14377500263.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:43.922662020 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.042429924 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.042534113 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.072514057 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.192272902 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.194842100 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.314657927 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.316741943 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.436455965 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.436752081 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.556510925 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.556715012 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.676572084 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.676681042 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.796391964 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.796521902 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:44.916297913 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:44.916383982 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.036137104 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.036221027 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.156006098 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.156075954 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.275882959 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.275969028 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.395742893 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.395879030 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.515645981 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.515779018 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.635581970 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.635725021 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.755436897 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.755541086 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.875240088 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.875361919 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:45.995218039 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:45.995732069 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:46.115508080 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:46.119379044 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:46.202214956 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:46.203603983 CET5002714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:46.240098953 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:46.323445082 CET14377500273.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:46.626327991 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:46.746006012 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:46.746115923 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:46.780184984 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:46.899882078 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:46.899971962 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.019689083 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.019774914 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.140151978 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.140225887 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.259965897 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.260119915 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.380117893 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.380240917 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.500103951 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.500216961 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.619957924 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.620059013 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.740214109 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.740339041 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.860024929 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.860269070 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:47.980670929 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:47.980762959 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.112158060 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.112709999 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.232403040 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.232688904 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.352380037 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.352693081 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.472338915 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.474950075 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.594753981 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.596714973 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.716547012 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.716756105 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.836488962 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.836564064 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.937927008 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:48.938039064 CET5002814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:48.956207991 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:49.057785034 CET14377500283.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:49.329685926 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:49.449366093 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:49.449444056 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:49.520075083 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:49.639751911 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:49.639818907 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:49.759974003 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:49.760709047 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:49.880389929 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:49.880476952 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.000233889 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.000338078 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.120414019 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.120537043 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.240421057 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.242811918 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.362796068 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.366919994 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.486706972 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.486864090 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.606636047 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.606724024 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.726389885 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.726484060 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.846288919 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.846419096 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:50.967133045 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:50.967396975 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.087146044 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.087308884 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.207047939 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.207206011 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.326992035 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.327091932 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.446957111 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.447108030 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.611269951 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.611341000 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.628402948 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.628463984 CET5002914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:51.731095076 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:51.748161077 CET14377500293.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.002743959 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.206540108 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.206650972 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.234821081 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.354584932 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.354767084 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.474560022 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.474637032 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.594386101 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.594587088 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.714346886 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.714505911 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.834314108 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.834455967 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:52.954257011 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:52.954330921 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.074673891 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.074799061 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.194729090 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.194910049 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.314722061 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.314836025 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.435718060 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.435869932 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.556149006 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.556260109 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.676084995 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.676162958 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.795919895 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.796001911 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:53.915714979 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:53.915832996 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:54.035547972 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.036823034 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:54.157639027 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.157780886 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:54.278373003 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.278522015 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:54.377002001 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.380738974 CET5003014377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:54.399400949 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.500678062 CET14377500303.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.758445978 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:54.878211975 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:54.878353119 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.066550016 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.186223984 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.186295986 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.305990934 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.306082964 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.425885916 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.426038027 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.546153069 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.546381950 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.666172028 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.666285038 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.786047935 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.788835049 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:55.909708977 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:55.912775993 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.032541990 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.032644987 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.152259111 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.152487040 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.272252083 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.272686005 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.392359972 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.392540932 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.514839888 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.514920950 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.634620905 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.634845018 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.754723072 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.755450964 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.875411034 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.875756979 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:56.995856047 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:56.995982885 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:57.049076080 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:57.049182892 CET5003114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:57.115824938 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:57.168988943 CET14377500313.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:57.382900953 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:57.502887011 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:57.505644083 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:57.822242022 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:57.942398071 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:57.942482948 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.062180042 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.062258005 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.181973934 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.182069063 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.315265894 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.315349102 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.435206890 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.435307026 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.555234909 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.555320024 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.675106049 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.675246954 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.795056105 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.796727896 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:58.916436911 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:58.916769028 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.036487103 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.036585093 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.156338930 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.156446934 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.276376009 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.276513100 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.396301031 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.396384001 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.516120911 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.516208887 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.635906935 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.636246920 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.675240993 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.675331116 CET5003214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:39:59.756145000 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.795036077 CET14377500323.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:39:59.972915888 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:00.092576981 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:00.092670918 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:00.458878040 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:00.578562021 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:00.580703974 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:00.700599909 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:00.700670004 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:00.820522070 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:00.820697069 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:00.942934036 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:00.943098068 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.062819958 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.062911034 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.182683945 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.182769060 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.303009987 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.303098917 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.422828913 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.423000097 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.543261051 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.543543100 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.663322926 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.663496017 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.783267975 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.783437967 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:01.903214931 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:01.903299093 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.023395061 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.023529053 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.143297911 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.143377066 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.263302088 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.263385057 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.268635988 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.268688917 CET5003314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.384200096 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.389120102 CET14377500333.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.548300028 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.668031931 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.668315887 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.720845938 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.840667009 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.840792894 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:02.960500956 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:02.960658073 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.080399036 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.080542088 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.200256109 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.338139057 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.457988024 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.458059072 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.577802896 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.577882051 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.697753906 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.697834969 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.817584038 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.817672014 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:03.938636065 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:03.938878059 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.058985949 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.059072971 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.179081917 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.179228067 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.300661087 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.300750971 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.420594931 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.420692921 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.540605068 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.540740967 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.660702944 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.660831928 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.780874014 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.780965090 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.831135035 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.831208944 CET5003414377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:04.900880098 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:04.951023102 CET14377500343.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.095282078 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.215167999 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.215271950 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.251224041 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.371756077 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.371846914 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.491708994 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.491990089 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.611809015 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.612000942 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.731750011 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.731918097 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.851772070 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.851872921 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:05.971770048 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:05.972758055 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.092597961 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.092781067 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.212589025 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.214778900 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.334598064 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.334726095 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.454610109 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.454715014 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.574676991 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.575176001 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.695049047 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.695266962 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.815148115 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.815252066 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:06.935412884 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:06.935507059 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.055341959 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.055406094 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.175383091 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.175499916 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.295408010 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.295690060 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.376208067 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.376405954 CET5003514377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.415577888 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.496342897 CET14377500353.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.625674009 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.746356010 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.746475935 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.782227039 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:07.901997089 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:07.902118921 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.022020102 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.022178888 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.142020941 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.142174006 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.294819117 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.294959068 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.495898008 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.495898008 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.535346031 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.535448074 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.616323948 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.616477013 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.616493940 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.655538082 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.655612946 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.736201048 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.736282110 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.775269985 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.775346041 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.856093884 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.856193066 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.895071030 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.895143032 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:08.976090908 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:08.976187944 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.014822960 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.014909983 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.096044064 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.096168041 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.134676933 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.134803057 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.216003895 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.216082096 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.254535913 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.254729033 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.335879087 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.335957050 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.374767065 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.374828100 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.456146002 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.456218958 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.494959116 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.495055914 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.576551914 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.576715946 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.614784956 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.614887953 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.697501898 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.697668076 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.735486031 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.735603094 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.818351030 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.818753958 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.856333017 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.858900070 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.911079884 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.915215015 CET5003614377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:09.939376116 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:09.979825974 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.036062002 CET14377500363.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.141525984 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.261246920 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.264749050 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.296580076 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.416249037 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.416337967 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.536645889 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.536897898 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.657075882 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.659329891 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.779851913 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.779933929 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:10.899945974 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:10.900051117 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.020766973 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.020869017 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.141129017 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.141205072 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.261501074 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.261604071 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.381246090 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.381351948 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.502161980 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.502259016 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.623105049 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.623261929 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.743201971 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.743305922 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.863029003 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.867731094 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:11.987540960 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:11.990952015 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.110877037 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.112723112 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.232528925 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.235424042 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.399480104 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.403141975 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.441488028 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.443384886 CET5003714377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.524135113 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.563011885 CET14377500373.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.657309055 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.778652906 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.778803110 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.813666105 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:12.933391094 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:12.933475018 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.054323912 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.054450989 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.174197912 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.174340963 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.294066906 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.294195890 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.413944006 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.414027929 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.533952951 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.534090042 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.653805017 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.653940916 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.773744106 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.773886919 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:13.893685102 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:13.893914938 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.013761997 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.013892889 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.133913040 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.145503998 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.265382051 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.265466928 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.385277987 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.385353088 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.505803108 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.505887985 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.626857042 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.627027988 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.746763945 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.746881008 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.907412052 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.907480955 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:14.954943895 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:14.954999924 CET5003814377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.027198076 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.074819088 CET14377500383.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.157289982 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.277770042 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.277873993 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.305347919 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.425096035 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.425179005 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.545629978 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.545710087 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.665524960 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.665632963 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.785331011 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.786752939 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:15.906630039 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:15.906825066 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.026648045 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.026753902 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.146604061 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.146873951 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.266946077 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.267342091 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.387038946 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.387145042 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.506833076 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.506959915 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.626786947 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.626909971 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:16.746655941 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:16.908996105 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.028719902 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.028779984 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.148528099 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.148595095 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.268311024 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.268443108 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.388205051 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.388287067 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.438802004 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.438873053 CET5003914377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.508027077 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.558619976 CET14377500393.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.626777887 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.746522903 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.746608019 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.796952963 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:17.916690111 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:17.916769981 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.036545992 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.039248943 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.159120083 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.160861015 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.281241894 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.283812046 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.403677940 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.403759956 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.523494005 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.523576975 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.643265009 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.643418074 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.763340950 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.763541937 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:18.883388996 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:18.883524895 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.003566980 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.003638029 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.123605013 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.123728991 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.243582964 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.243679047 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.363547087 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.363627911 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.483546019 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.483628988 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.603487015 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.817907095 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.914597988 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:19.914649010 CET5004114377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:19.937733889 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.034408092 CET14377500413.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.094786882 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.214689970 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.215061903 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.246577024 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.366414070 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.366492987 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.486433029 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.486567974 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.606493950 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.606897116 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.726932049 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.727200031 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.847096920 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.848736048 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:20.968452930 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:20.968775988 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.088921070 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.088995934 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.208687067 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.210778952 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.330693007 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.332825899 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.452574968 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.452964067 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.572745085 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.572854996 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.692588091 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.695800066 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.815504074 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.815604925 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:21.935363054 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:21.935583115 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.055377007 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.055461884 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.175137043 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.175354958 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.295250893 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.295411110 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.395606995 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.395937920 CET5004214377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.415101051 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.515799999 CET14377500423.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.563711882 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.683568954 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.683655024 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.717837095 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.839000940 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.839092016 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:22.958904028 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:22.959031105 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.078999996 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.079125881 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.198980093 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.199098110 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.318908930 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.324743032 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.444686890 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.444775105 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.564644098 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.564760923 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.684750080 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.684895039 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.804743052 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.806797981 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:23.926775932 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:23.928750992 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.048645020 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.052875996 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.172760010 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.176764965 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.296636105 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.296762943 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.416729927 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.416856050 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.545954943 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.548813105 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.720633984 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.723203897 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.723203897 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.843671083 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.843823910 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.847970963 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.848073959 CET5004314377192.168.2.63.69.115.178
                                                    Dec 16, 2024 07:40:24.963570118 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:24.967840910 CET14377500433.69.115.178192.168.2.6
                                                    Dec 16, 2024 07:40:25.239078045 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.359047890 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:25.359168053 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.399068117 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.519032001 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:25.519120932 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.639049053 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:25.639127970 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.759234905 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:25.759330034 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.879381895 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:25.879499912 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:25.999391079 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:25.999824047 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.120306015 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.122766018 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.242825985 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.243840933 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.364994049 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.365096092 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.485110998 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.485214949 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.605144024 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.605222940 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.726767063 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.732752085 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.852749109 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.852880955 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:26.972733021 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:26.972814083 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.092761040 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.092865944 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.212738991 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.212896109 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.334362984 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.334501982 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.454379082 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.454509020 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.536729097 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.536823034 CET5004414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.574421883 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.656842947 CET143775004452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.689271927 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.809604883 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.809758902 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.859090090 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:27.979016066 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:27.979176998 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.099235058 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.099332094 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.219192028 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.219356060 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.339356899 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.339529991 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.459398031 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.459472895 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.579472065 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.579547882 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.699470997 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.699552059 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.819334984 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.820795059 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:28.940524101 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:28.940855026 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.060535908 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.060826063 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.180582047 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.180804968 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.300690889 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.300806046 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.420564890 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.420797110 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.540616035 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.540782928 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.660618067 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.664772034 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.784755945 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.784909964 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.947556973 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.947817087 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:29.972218990 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:29.972342968 CET5004514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.067725897 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.092223883 CET143775004552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.110759974 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.230727911 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.230838060 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.276360035 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.396249056 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.396312952 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.516134024 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.516196012 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.635910034 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.636061907 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.755974054 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.756273985 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.876146078 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:30.878804922 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:30.998713970 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.004849911 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.124834061 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.124985933 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.244829893 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.244915009 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.365555048 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.365663052 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.485507011 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.485582113 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.605375051 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.607747078 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.727821112 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.730763912 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.850608110 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.850701094 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:31.970525026 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:31.970624924 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.090439081 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.090498924 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.210325956 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.210405111 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.371692896 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.371819019 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.397000074 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.397066116 CET5004614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.491849899 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.516741991 CET143775004652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.533124924 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.652853966 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.652930021 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.688071966 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.807956934 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.808074951 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:32.927900076 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:32.927983999 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.047786951 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.047880888 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.167594910 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.167663097 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.287378073 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.287451029 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.407176018 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.407274961 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.526957989 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.527072906 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.646775007 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.648876905 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.768496037 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.768794060 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:33.888459921 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:33.888540030 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.008249044 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.008819103 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.128642082 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.128731012 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.248445988 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.248538971 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.368254900 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.368753910 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.488491058 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.488715887 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.608386040 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.693612099 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.813369036 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.813432932 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.817532063 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.817586899 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.933128119 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.937124968 CET5004714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:34.937216043 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:34.939352989 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.057421923 CET143775004752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.059669018 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.059768915 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.090228081 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.210062027 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.210133076 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.329896927 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.330043077 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.453330994 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.453413010 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.573278904 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.573432922 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.695066929 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.695151091 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.814908981 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.815015078 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:35.934777975 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:35.936796904 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.056495905 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.056785107 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.176578999 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.176691055 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.296612024 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.296711922 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.416579008 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.416783094 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.536638021 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.536776066 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.657679081 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.660840034 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.781219006 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.784775972 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:36.904676914 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:36.904989004 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.024753094 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.024842978 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.187503099 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.187613964 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.223273993 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.223362923 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.307421923 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.327765942 CET5004814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.329341888 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.343067884 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.447616100 CET143775004852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.449095011 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.449177980 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.494780064 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.614646912 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.614717960 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.734574080 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.734668970 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.854391098 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.856787920 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:37.976577044 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:37.976814032 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.096555948 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.096801996 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.216622114 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.216715097 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.336441994 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.336523056 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.457164049 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.457247019 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.577001095 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.580746889 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.700464964 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.700578928 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.820363998 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.820462942 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:38.940253973 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:38.940360069 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.060350895 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.060477972 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.180460930 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.180608034 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.300452948 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.300612926 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.420454025 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.420553923 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.540395975 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.540484905 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.615361929 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.615422964 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.660223007 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.718888044 CET5004914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.722552061 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.735178947 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.838618040 CET143775004952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.842279911 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.842401028 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.872313023 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:39.992017984 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:39.992103100 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.112049103 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.112157106 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.231981993 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.232064962 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.351783037 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.351866961 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.471571922 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.471708059 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.591465950 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.591566086 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.711352110 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.711440086 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.831176043 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.834956884 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:40.955655098 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:40.957463026 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.077409029 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.077862978 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.197679996 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.197787046 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.317615032 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.319245100 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.439124107 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.439241886 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.559035063 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.559161901 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.678900003 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.678994894 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.798818111 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.798919916 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:41.918955088 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:41.919444084 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.021236897 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.023174047 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.039361954 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.124665022 CET5005014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.126496077 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.143034935 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.244642973 CET143775005052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.246381044 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.246511936 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.284538031 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.404305935 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.404412031 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.524348021 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.524820089 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.644831896 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.648832083 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.768709898 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.771075010 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:42.890932083 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:42.891210079 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.011145115 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.011281967 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.131194115 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.131372929 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.251224995 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.251328945 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.371459007 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.371556997 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.491518974 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.491607904 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.611434937 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.611548901 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.731230021 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.731451988 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.851160049 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.855336905 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:43.975143909 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:43.976794958 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.096508980 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.096618891 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.216418982 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.216793060 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.336683989 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.340850115 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.413676023 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.416763067 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.460692883 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.515203953 CET5005114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.516395092 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.536521912 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.635018110 CET143775005152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.636327982 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.636632919 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.669327021 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.789371014 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.789488077 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:44.909327030 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:44.909441948 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.029176950 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.029294968 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.149034977 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.149167061 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.268985033 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.269108057 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.388986111 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.389053106 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.509237051 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.522222042 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.642116070 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.642175913 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.761936903 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.762020111 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:45.881949902 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:45.882035971 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.001960039 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.002063036 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.122240067 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.122344971 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.242273092 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.242377043 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.362210989 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.364820004 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.484575987 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.488812923 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.608649969 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.608756065 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.728607893 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.728764057 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.804220915 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.804300070 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.848598957 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:46.890307903 CET5005214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.891719103 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:46.924175024 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.010132074 CET143775005252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.011562109 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.011696100 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.042527914 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.162329912 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.162858963 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.282778978 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.282927036 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.402789116 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.402949095 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.522850990 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.527568102 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.647347927 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.647475004 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.767533064 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.767656088 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:47.887365103 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:47.887435913 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.007227898 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.007302999 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.127290010 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.127388000 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.247224092 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.294167042 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.413888931 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.414002895 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.533771038 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.533905029 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.653623104 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.653718948 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.773525000 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.773610115 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:48.893273115 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:48.893356085 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.013214111 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.013366938 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.175581932 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.175762892 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.227037907 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.227159977 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.295556068 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.312093973 CET5005314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.315212965 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.346904993 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.431953907 CET143775005352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.435029984 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.435190916 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.469871998 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.589647055 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.589775085 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.709667921 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.709759951 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.829667091 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.829797983 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:49.949584961 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:49.952807903 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.072668076 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.072798967 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.207144022 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.207247972 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.328038931 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.328145981 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.449306965 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.449398994 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.569123983 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.569236040 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.691183090 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.691312075 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.811153889 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.811258078 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:50.931006908 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:50.932835102 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.052613974 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.052758932 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.172508001 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.172725916 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.292586088 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.292839050 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.412599087 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.412681103 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.532418966 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.532892942 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.617916107 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.620781898 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.652873993 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.703110933 CET5005414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.707979918 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.740535021 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.822911024 CET143775005452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.827749968 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.828792095 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.863121986 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:51.982848883 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:51.982928038 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.102715969 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.102854967 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.222589016 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.222744942 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.342488050 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.342569113 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.462306976 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.462395906 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.582149029 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.582233906 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.702088118 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.702162027 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.822194099 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.822357893 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:52.942286968 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:52.943232059 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.063046932 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.066829920 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.186660051 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.186765909 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.306663036 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.308790922 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.428550959 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.430939913 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.550848007 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.551455021 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.671384096 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.671473026 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.791335106 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.791424990 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.951603889 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.951745987 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:53.990716934 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:53.990883112 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.062258959 CET5005514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.063910007 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.072297096 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.111112118 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.182142973 CET143775005552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.183599949 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.183785915 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.215684891 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.335551023 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.335625887 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.457660913 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.457741022 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.577574015 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.577657938 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.697424889 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.697491884 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.817198038 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.817552090 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:54.937226057 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:54.940865993 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.060889959 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.060962915 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.180866003 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.180932045 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.300723076 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.300868034 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.420648098 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.420763016 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.540532112 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.540623903 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.660562992 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.660816908 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.780765057 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.781078100 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:55.900834084 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:55.904803038 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.024691105 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.028801918 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.148998022 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.151809931 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.271658897 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.271866083 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.349950075 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.352802038 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.391644001 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.421684027 CET5005614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.423171997 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.472671986 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.541413069 CET143775005652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.542813063 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.542975903 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.576373100 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.696223974 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.696290016 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.816159964 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.816227913 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:56.936084032 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:56.936213970 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.055954933 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.056026936 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.175852060 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.175952911 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.295720100 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.295855045 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.415569067 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.415735960 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.535557985 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.535717010 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.655579090 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.655735970 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:57.775662899 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:57.907660007 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.027576923 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.027673006 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.147702932 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.147877932 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.268419027 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.268516064 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.388392925 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.388643026 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.508541107 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.508709908 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.628696918 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.628887892 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.722604036 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.722889900 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.748836994 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.780919075 CET5005714377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.782569885 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.842632055 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.900700092 CET143775005752.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.902378082 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:58.902482033 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:58.937691927 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.057696104 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.057796001 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.177874088 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.178874016 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.298858881 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.300432920 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.420192957 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.420286894 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.540031910 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.540122032 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.660068035 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.660167933 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.780188084 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.780282974 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:40:59.900207043 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:40:59.902990103 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.022857904 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.023396969 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.144814014 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.147365093 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.267273903 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.267405987 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.387480974 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.391633987 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.511444092 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.511925936 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.631666899 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.632816076 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.752574921 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.752830982 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:00.872571945 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:00.872653008 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.035702944 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.035847902 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.069181919 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.069340944 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.124711037 CET5005814377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.126215935 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.155874968 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.189146042 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.244541883 CET143775005852.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.245985985 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.246154070 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.282079935 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.402427912 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.402522087 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.522510052 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.522593021 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.643740892 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.643800974 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.763726950 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.763802052 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:01.883764982 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:01.888824940 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.008819103 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.012806892 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.132846117 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.133148909 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.253082037 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.256851912 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.376673937 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.380845070 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.500650883 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.500803947 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.620604038 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.620788097 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.847414017 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.847500086 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:02.968369007 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:02.968477011 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.088124990 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.088197947 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.208075047 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.208317041 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.328263998 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.328643084 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.430433035 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.430517912 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.448365927 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.484149933 CET5005914377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.487395048 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.550499916 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.604047060 CET143775005952.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.607136965 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.607266903 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.656716108 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.776545048 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.776613951 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:03.896428108 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:03.896914005 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.016721010 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.016822100 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.137372017 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.140894890 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.260905027 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.264832020 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.384671926 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.387005091 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.506792068 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.511173964 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.630980968 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.631194115 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.751025915 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.751194954 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.871069908 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.871146917 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:04.991434097 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:04.991590023 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.111709118 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.111871004 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.231726885 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.231877089 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.352283001 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.352605104 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.472598076 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.472830057 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.592770100 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.595335960 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.755781889 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.755908966 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.773843050 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.773914099 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.827908039 CET5006014377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.831329107 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.875647068 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.894005060 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.947737932 CET143775006052.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.951060057 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:05.951329947 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:05.993366003 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.113163948 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.113311052 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.233156919 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.233470917 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.353255033 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.353339911 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.473145962 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.473324060 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.593445063 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.593660116 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.713686943 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.713769913 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.834173918 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.834268093 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:06.954045057 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:06.954147100 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.073904991 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.073980093 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.194842100 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.194906950 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.314589977 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.314846992 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.434653044 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.435362101 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.555145979 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.555330038 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.675103903 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.675348997 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.795342922 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.795572996 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:07.915429115 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:07.915762901 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.036767960 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.036850929 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.136722088 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.136818886 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.156724930 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.187331915 CET5006114377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.188539028 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.258419991 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.307437897 CET143775006152.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.309123039 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.309272051 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.347230911 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.467437029 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.467571020 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.587399006 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.587491035 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.708699942 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.708904028 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.828670025 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.828789949 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:08.948528051 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:08.948671103 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:09.068418026 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:09.068552017 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:09.188391924 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:09.188492060 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:09.308389902 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:09.308518887 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:09.428648949 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:09.646706104 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:09.766509056 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:09.766590118 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:09.886287928 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:09.886353970 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.006048918 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.006222963 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.126080036 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.126177073 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.246129036 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.246207952 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.366070986 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.366259098 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.477082014 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.477236032 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.485965014 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.530936956 CET5006214377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.532598019 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.596956015 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.650789976 CET143775006252.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.652319908 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.652503967 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.697390079 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.817116976 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.817264080 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:10.937047005 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:10.940810919 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.062242031 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.064893007 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.184765100 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.188839912 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.309055090 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.309178114 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.429522038 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.432821989 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.552615881 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.552715063 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.673397064 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.676779032 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.796547890 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.796770096 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:11.916683912 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:11.916846991 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.036717892 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.036828995 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.156709909 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.156960964 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.276844978 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.276927948 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.396859884 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.616364002 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.736253023 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.736363888 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.821151018 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.821306944 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.856216908 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.859062910 CET5006314377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.860337973 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:12.940994978 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.978897095 CET143775006352.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.980222940 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:12.980501890 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.028086901 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.147886038 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.147962093 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.267754078 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.268774986 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.388616085 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.388716936 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.508533001 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.508611917 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.628547907 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.628817081 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.748689890 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.748862982 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.868752003 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.868972063 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:13.988898039 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:13.992826939 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.112834930 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:14.116801023 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.236643076 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:14.236840010 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.356604099 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:14.356803894 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.476624966 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:14.476783991 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.596697092 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:14.600821018 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.720678091 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:14.720813990 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:14.840631962 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.179820061 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.179944038 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.346467018 CET5006414377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.356625080 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.466398001 CET143775006452.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.534246922 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.534327030 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.607244015 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.756230116 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.775774002 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.775875092 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.876131058 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.876240015 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.876269102 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.895553112 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.895654917 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:15.996047974 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:15.996203899 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.015402079 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.015515089 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.116008997 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.116102934 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.135214090 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.135287046 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.235855103 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.236016035 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.255199909 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.255270958 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.355797052 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.355879068 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.374969006 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.375020027 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.475662947 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.475790977 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.494766951 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.494890928 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.596254110 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.596352100 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.615272045 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.716906071 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.717072964 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:16.879707098 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:16.879818916 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.079870939 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.080085039 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.264435053 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.264435053 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.363789082 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.364945889 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.384351969 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.384572029 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.485515118 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.485603094 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.504324913 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.504502058 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.605693102 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.605837107 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.624284983 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.624403000 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.718976021 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.719050884 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.725717068 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.744348049 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.765197992 CET5006514377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.766282082 CET5006614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:17.838867903 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.884955883 CET143775006552.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.886199951 CET143775006652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:17.886290073 CET5006614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:18.170367956 CET5006614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:18.290153980 CET143775006652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:18.290458918 CET5006614377192.168.2.652.28.247.255
                                                    Dec 16, 2024 07:41:18.410228014 CET143775006652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:20.048552990 CET143775006652.28.247.255192.168.2.6
                                                    Dec 16, 2024 07:41:20.048676968 CET5006614377192.168.2.652.28.247.255

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Dec 16, 2024 07:37:21.216010094 CET5184053192.168.2.61.1.1.1
                                                    Dec 16, 2024 07:37:21.699137926 CET53518401.1.1.1192.168.2.6
                                                    Dec 16, 2024 07:38:21.938507080 CET5158653192.168.2.61.1.1.1
                                                    Dec 16, 2024 07:38:22.156538963 CET53515861.1.1.1192.168.2.6
                                                    Dec 16, 2024 07:39:23.454811096 CET5825553192.168.2.61.1.1.1
                                                    Dec 16, 2024 07:39:23.679691076 CET53582551.1.1.1192.168.2.6
                                                    Dec 16, 2024 07:40:25.008475065 CET5655253192.168.2.61.1.1.1
                                                    Dec 16, 2024 07:40:25.237735987 CET53565521.1.1.1192.168.2.6

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Dec 16, 2024 07:37:21.216010094 CET192.168.2.61.1.1.10x7d17Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                    Dec 16, 2024 07:38:21.938507080 CET192.168.2.61.1.1.10xe1a3Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                    Dec 16, 2024 07:39:23.454811096 CET192.168.2.61.1.1.10xe4d3Standard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                    Dec 16, 2024 07:40:25.008475065 CET192.168.2.61.1.1.10xd90aStandard query (0)6.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Dec 16, 2024 07:37:21.699137926 CET1.1.1.1192.168.2.60x7d17No error (0)6.tcp.eu.ngrok.io52.28.247.255A (IP address)IN (0x0001)false
                                                    Dec 16, 2024 07:38:22.156538963 CET1.1.1.1192.168.2.60xe1a3No error (0)6.tcp.eu.ngrok.io52.28.247.255A (IP address)IN (0x0001)false
                                                    Dec 16, 2024 07:39:23.679691076 CET1.1.1.1192.168.2.60xe4d3No error (0)6.tcp.eu.ngrok.io3.69.115.178A (IP address)IN (0x0001)false
                                                    Dec 16, 2024 07:40:25.237735987 CET1.1.1.1192.168.2.60xd90aNo error (0)6.tcp.eu.ngrok.io52.28.247.255A (IP address)IN (0x0001)false

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:01:37:10
                                                    Start date:16/12/2024
                                                    Path:C:\Users\user\Desktop\enai2.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\enai2.exe"
                                                    Imagebase:0x900000
                                                    File size:32'256 bytes
                                                    MD5 hash:A2D2FC6108063A466264A34E7C46C8A3
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                                    • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
                                                    • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.2195415536.0000000000902000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:2
                                                    Start time:01:37:17
                                                    Start date:16/12/2024
                                                    Path:C:\Windows\SysWOW64\netsh.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:netsh firewall add allowedprogram "C:\Users\user\Desktop\enai2.exe" "enai2.exe" ENABLE
                                                    Imagebase:0xa60000
                                                    File size:82'432 bytes
                                                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:01:37:17
                                                    Start date:16/12/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff66e660000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:17.5%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:2.1%
                                                      Total number of Nodes:143
                                                      Total number of Limit Nodes:6
                                                      execution_graph 6795 fea2fe 6796 fea32a SetErrorMode 6795->6796 6797 fea353 6795->6797 6798 fea33f 6796->6798 6797->6796 6799 5212ea2 6800 5212ef2 RegEnumValueW 6799->6800 6801 5212f00 6800->6801 6802 fea7fa 6803 fea832 RegOpenKeyExW 6802->6803 6805 fea888 6803->6805 6904 feafba 6905 feaff8 DuplicateHandle 6904->6905 6906 feb030 6904->6906 6907 feb006 6905->6907 6906->6905 6806 5212aa6 6808 5212adb SetProcessWorkingSetSize 6806->6808 6809 5212b07 6808->6809 6908 52128e6 6910 521291b GetExitCodeProcess 6908->6910 6911 5212944 6910->6911 6810 52113aa 6813 52113e5 LoadLibraryA 6810->6813 6812 5211422 6813->6812 6912 521226a 6913 52122a2 RegCreateKeyExW 6912->6913 6915 5212314 6913->6915 6916 521276a 6918 5212799 AdjustTokenPrivileges 6916->6918 6919 52127bb 6918->6919 6920 52125ea 6921 5212613 LookupPrivilegeValueW 6920->6921 6923 521263a 6921->6923 6924 52103ea 6925 521043a GetComputerNameW 6924->6925 6926 5210448 6925->6926 6927 521056e 6929 52105a6 ConvertStringSecurityDescriptorToSecurityDescriptorW 6927->6929 6930 52105e7 6929->6930 6814 feabee 6815 feac1a closesocket 6814->6815 6816 feac50 6814->6816 6817 feac28 6815->6817 6816->6815 6818 5210032 6820 521006a WSASocketW 6818->6820 6821 52100a6 6820->6821 6934 5210d76 6935 5210db1 getaddrinfo 6934->6935 6937 5210e23 6935->6937 6822 521243a 6824 521246f ioctlsocket 6822->6824 6825 521249b 6824->6825 6826 febce2 6828 febd17 ReadFile 6826->6828 6829 febd49 6828->6829 6938 feba22 6940 feba57 GetFileType 6938->6940 6941 feba84 6940->6941 6942 52109c2 6944 52109f7 shutdown 6942->6944 6945 5210a20 6944->6945 6946 52129c2 6948 52129f7 GetProcessWorkingSetSize 6946->6948 6949 5212a23 6948->6949 6950 fea09a 6951 fea0cf send 6950->6951 6952 fea107 6950->6952 6953 fea0dd 6951->6953 6952->6951 6954 50c1268 KiUserExceptionDispatcher 6955 50c129c 6954->6955 6834 5210c8a 6837 5210cbf GetProcessTimes 6834->6837 6836 5210cf1 6837->6836 6956 fea392 6959 fea3c7 RegQueryValueExW 6956->6959 6958 fea41b 6959->6958 6838 50c18bc 6839 50c14fa 6838->6839 6844 50c1908 6839->6844 6849 50c19c6 6839->6849 6854 50c19a5 6839->6854 6859 50c1979 6839->6859 6845 50c1943 6844->6845 6846 50c1a9d 6845->6846 6864 50c1d61 6845->6864 6868 50c1d70 6845->6868 6850 50c19cf 6849->6850 6851 50c1a9d 6850->6851 6852 50c1d70 2 API calls 6850->6852 6853 50c1d61 2 API calls 6850->6853 6852->6851 6853->6851 6855 50c19ae 6854->6855 6856 50c1a9d 6855->6856 6857 50c1d70 2 API calls 6855->6857 6858 50c1d61 2 API calls 6855->6858 6857->6856 6858->6856 6860 50c1982 6859->6860 6861 50c1a9d 6860->6861 6862 50c1d70 2 API calls 6860->6862 6863 50c1d61 2 API calls 6860->6863 6862->6861 6863->6861 6865 50c1d9b 6864->6865 6866 50c1de3 6865->6866 6872 50c23f8 6865->6872 6866->6846 6869 50c1d9b 6868->6869 6870 50c1de3 6869->6870 6871 50c23f8 2 API calls 6869->6871 6870->6846 6871->6870 6873 50c243b 6872->6873 6877 52110c8 6873->6877 6881 521111e 6873->6881 6874 50c246a 6874->6866 6878 521111e GetVolumeInformationA 6877->6878 6880 5211176 6878->6880 6880->6874 6882 521116e GetVolumeInformationA 6881->6882 6883 5211176 6882->6883 6883->6874 6884 fea74e 6885 fea77a CloseHandle 6884->6885 6886 fea7b9 6884->6886 6887 fea788 6885->6887 6886->6885 6888 5211312 6889 5211341 CoGetObjectContext 6888->6889 6891 521136a 6888->6891 6890 5211356 6889->6890 6891->6889 6960 feb38a 6961 feb3da MkParseDisplayName 6960->6961 6962 feb3e8 6961->6962 6963 feb90a 6964 feb942 CreateFileW 6963->6964 6966 feb991 6964->6966 6892 5212516 6893 521253f select 6892->6893 6895 5212574 6893->6895 6967 5210f56 6968 5210f8b WSAConnect 6967->6968 6970 5210faa 6968->6970 6896 fea646 6897 fea67e CreateMutexW 6896->6897 6899 fea6c1 6897->6899 6971 fea486 6972 fea4bb RegSetValueExW 6971->6972 6974 fea507 6972->6974 6975 fea902 6977 fea93d SendMessageTimeoutA 6975->6977 6978 fea985 6977->6978 6900 521071e 6902 5210756 MapViewOfFile 6900->6902 6903 52107a5 6902->6903

                                                      Executed Functions

                                                      Function 05212733 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 052127B3
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: AdjustPrivilegesToken
                                                      • String ID:
                                                      • API String ID: 2874748243-0
                                                      • Opcode ID: 66d6fbbe428d0c46bab0bebbf75d25910a786da274bdf3b400f45c8a82865173
                                                      • Instruction ID: 5c3dcb8ee8e934bbc7ebc9cbdb44a5af26331007d351c601c58fba3dc90a66ca
                                                      • Opcode Fuzzy Hash: 66d6fbbe428d0c46bab0bebbf75d25910a786da274bdf3b400f45c8a82865173
                                                      • Instruction Fuzzy Hash: 1421A1755097809FEB228F25DC44B53BFF4EF16310F0984DAE9898F563D2719908DB61
                                                      Function 0521276A Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 052127B3
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: AdjustPrivilegesToken
                                                      • String ID:
                                                      • API String ID: 2874748243-0
                                                      • Opcode ID: 2c09f362465908aeabd166b52abb7c9147af668c164a052c8dbd456e71bc4841
                                                      • Instruction ID: 918da835eed952090cd7a8978ada52523e2b4fc9012818736ba2f8e2e99a8b15
                                                      • Opcode Fuzzy Hash: 2c09f362465908aeabd166b52abb7c9147af668c164a052c8dbd456e71bc4841
                                                      • Instruction Fuzzy Hash: 1C118C35500201DFDB20CF16DC84B63FBE4EF08220F0888AAED498B661D371E419DB61
                                                      Function 00FEB8CA Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 590 feb8ca-feb962 594 feb967-feb973 590->594 595 feb964 590->595 596 feb978-feb981 594->596 597 feb975 594->597 595->594 598 feb9d2-feb9d7 596->598 599 feb983-feb9a7 CreateFileW 596->599 597->596 598->599 602 feb9d9-feb9de 599->602 603 feb9a9-feb9cf 599->603 602->603
                                                      APIs
                                                      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00FEB989
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 5b1f72f3ad47cc106bfaf859b640e38c74386d0862cae15c7495f07307e5f0b6
                                                      • Instruction ID: 1919fcecf5d18d7a7a775d752ea34fd6ebfe79ae20d58ed7beea406d4aa2b485
                                                      • Opcode Fuzzy Hash: 5b1f72f3ad47cc106bfaf859b640e38c74386d0862cae15c7495f07307e5f0b6
                                                      • Instruction Fuzzy Hash: 1031B3715043806FE712CF65DC44BA2BFE8EF06324F08489AE9858B663D325A809D771
                                                      Function 05212239 Relevance: 1.6, APIs: 1, Instructions: 102registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 606 5212239-52122c2 610 52122c4 606->610 611 52122c7-52122d3 606->611 610->611 612 52122d5 611->612 613 52122d8-52122e1 611->613 612->613 614 52122e3 613->614 615 52122e6-52122fd 613->615 614->615 617 521233f-5212344 615->617 618 52122ff-5212312 RegCreateKeyExW 615->618 617->618 619 5212314-521233c 618->619 620 5212346-521234b 618->620 620->619
                                                      APIs
                                                      • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 05212305
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: d056622bab6b83e8d15bace15662c5fa169ef26afd591cb2b8c59f8bb940d114
                                                      • Instruction ID: c53a526ca6d5749b7c001aad0968216847bd9f07ebe9f52279b183d6f6ae7079
                                                      • Opcode Fuzzy Hash: d056622bab6b83e8d15bace15662c5fa169ef26afd591cb2b8c59f8bb940d114
                                                      • Instruction Fuzzy Hash: 48316DB6504744AFE7228F61CC44FA7BBFCEF05214F08459AE949CB662D324E949CB61
                                                      Function 00FEBE37 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 625 febe37-febe57 626 febe79-febeab 625->626 627 febe59-febe78 625->627 631 febeae-febf06 RegQueryValueExW 626->631 627->626 633 febf0c-febf22 631->633
                                                      APIs
                                                      • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 00FEBEFE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: 959242360eecb0de01b007ffb9bf468bc1f2e6c5089c99c34ae239eb0093328b
                                                      • Instruction ID: f296af3796bf69fc567e7f2b839cae967a0bbf45964ac54f04dc22194d8cf78d
                                                      • Opcode Fuzzy Hash: 959242360eecb0de01b007ffb9bf468bc1f2e6c5089c99c34ae239eb0093328b
                                                      • Instruction Fuzzy Hash: DC318D6510E7C0AFD3138B258C61A62BFB4EF47610B0E45CBD8848F6A3D219680AD7B2
                                                      Function 00FEA7C7 Relevance: 1.6, APIs: 1, Instructions: 95registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 634 fea7c7-fea855 638 fea85a-fea871 634->638 639 fea857 634->639 641 fea8b3-fea8b8 638->641 642 fea873-fea886 RegOpenKeyExW 638->642 639->638 641->642 643 fea8ba-fea8bf 642->643 644 fea888-fea8b0 642->644 643->644
                                                      APIs
                                                      • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00FEA879
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: 43458b505b7b4e4c7721fb72666abe244bf19caf9ed43254f98ae8a237eaa678
                                                      • Instruction ID: faa1139dcacf578b1ff240e4531c13138b6e1eb08a9cc956ec9fe7667cfd5ed1
                                                      • Opcode Fuzzy Hash: 43458b505b7b4e4c7721fb72666abe244bf19caf9ed43254f98ae8a237eaa678
                                                      • Instruction Fuzzy Hash: A831A7B54087846FE7228B51DC45FA7BFBCEF16314F08449AE984CB662D264A90EC771
                                                      Function 05210D54 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 649 5210d54-5210e13 655 5210e65-5210e6a 649->655 656 5210e15-5210e1d getaddrinfo 649->656 655->656 658 5210e23-5210e35 656->658 659 5210e37-5210e62 658->659 660 5210e6c-5210e71 658->660 660->659
                                                      APIs
                                                      • getaddrinfo.WS2_32(?,00000E24), ref: 05210E1B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: getaddrinfo
                                                      • String ID:
                                                      • API String ID: 300660673-0
                                                      • Opcode ID: c5ae5ca739882f555e1257faed693f234a7f7a38436a597ec2e07ef56b620990
                                                      • Instruction ID: c3c19c713379f127ac8377c8686f52181a4ac8580a918540adcb0488d03316fc
                                                      • Opcode Fuzzy Hash: c5ae5ca739882f555e1257faed693f234a7f7a38436a597ec2e07ef56b620990
                                                      • Instruction Fuzzy Hash: 0B31AFB1504344AFEB21CB61DC84FA7FBACEF04714F04489AFA489B692D374A949CB71
                                                      Function 05210548 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 680 5210548-52105c9 684 52105cb 680->684 685 52105ce-52105d7 680->685 684->685 686 52105d9-52105e1 ConvertStringSecurityDescriptorToSecurityDescriptorW 685->686 687 521062f-5210634 685->687 689 52105e7-52105f9 686->689 687->686 690 5210636-521063b 689->690 691 52105fb-521062c 689->691 690->691
                                                      APIs
                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 052105DF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DescriptorSecurity$ConvertString
                                                      • String ID:
                                                      • API String ID: 3907675253-0
                                                      • Opcode ID: 1ada8ff2cf18835dacd6304af438ca7bf5b1bfbcb4a3481577fb233148da34e1
                                                      • Instruction ID: a15980381ff70c57ab94727264b686dfe9fa8ff784a231720408e181002853a5
                                                      • Opcode Fuzzy Hash: 1ada8ff2cf18835dacd6304af438ca7bf5b1bfbcb4a3481577fb233148da34e1
                                                      • Instruction Fuzzy Hash: 7D31C171508384AFE721CF65DC45FA7BFF8EF05214F0884AAE948DB662D324A849CB71
                                                      Function 00FEA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 664 fea612-fea695 668 fea69a-fea6a3 664->668 669 fea697 664->669 670 fea6a8-fea6b1 668->670 671 fea6a5 668->671 669->668 672 fea702-fea707 670->672 673 fea6b3-fea6d7 CreateMutexW 670->673 671->670 672->673 676 fea709-fea70e 673->676 677 fea6d9-fea6ff 673->677 676->677
                                                      APIs
                                                      • CreateMutexW.KERNELBASE(?,?), ref: 00FEA6B9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CreateMutex
                                                      • String ID:
                                                      • API String ID: 1964310414-0
                                                      • Opcode ID: fb8f705f80e77cdc0847f0a454f91a1f84f2b0818ec20e7dd8c77d24643acf63
                                                      • Instruction ID: 3f134c3530f366a992d1a7a4f5aedcb8cdbc67aea3a20e6d5dfdd8abed927c5a
                                                      • Opcode Fuzzy Hash: fb8f705f80e77cdc0847f0a454f91a1f84f2b0818ec20e7dd8c77d24643acf63
                                                      • Instruction Fuzzy Hash: EE31D3B15093806FE711CB21CC85B96FFF8EF06314F08849AE984CF292D325A809C772
                                                      Function 05210C4C Relevance: 1.6, APIs: 1, Instructions: 88timeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 695 5210c4c-5210ce1 700 5210ce3-5210ceb GetProcessTimes 695->700 701 5210d2e-5210d33 695->701 702 5210cf1-5210d03 700->702 701->700 704 5210d35-5210d3a 702->704 705 5210d05-5210d2b 702->705 704->705
                                                      APIs
                                                      • GetProcessTimes.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05210CE9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ProcessTimes
                                                      • String ID:
                                                      • API String ID: 1995159646-0
                                                      • Opcode ID: 8120bd9f17626065905a0ef298ca6f0d7bde93a6597f7b4a6e591724c7c1f1cd
                                                      • Instruction ID: 77ee3ffdf375a08f002ee07c1d9c114fc9be824066c36234129d4bef2941c608
                                                      • Opcode Fuzzy Hash: 8120bd9f17626065905a0ef298ca6f0d7bde93a6597f7b4a6e591724c7c1f1cd
                                                      • Instruction Fuzzy Hash: C62106725057806FD7228F60DC44FA7BFB8EF06324F08849AE984DF1A2D224A909CB75
                                                      Function 0521226A Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 720 521226a-52122c2 723 52122c4 720->723 724 52122c7-52122d3 720->724 723->724 725 52122d5 724->725 726 52122d8-52122e1 724->726 725->726 727 52122e3 726->727 728 52122e6-52122fd 726->728 727->728 730 521233f-5212344 728->730 731 52122ff-5212312 RegCreateKeyExW 728->731 730->731 732 5212314-521233c 731->732 733 5212346-521234b 731->733 733->732
                                                      APIs
                                                      • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 05212305
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: ea3128d39d0f8df20db7b3af7f5c3d4039344108b8f5da60ba82d8a6e6dd7271
                                                      • Instruction ID: 9bf0e71b8c5910ee9d697409f145a10c67b9e0ee6b986964a5ac07643e4adb7d
                                                      • Opcode Fuzzy Hash: ea3128d39d0f8df20db7b3af7f5c3d4039344108b8f5da60ba82d8a6e6dd7271
                                                      • Instruction Fuzzy Hash: FE219E76500604AFEB21DF56CC84FABBBECEF18614F08855AFD49CB661E320E5098A75
                                                      Function 00FEA8C1 Relevance: 1.6, APIs: 1, Instructions: 86windowtimeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 708 fea8c1-fea975 712 fea9b9-fea9be 708->712 713 fea977-fea97f SendMessageTimeoutA 708->713 712->713 715 fea985-fea997 713->715 716 fea999-fea9b6 715->716 717 fea9c0-fea9c5 715->717 717->716
                                                      APIs
                                                      • SendMessageTimeoutA.USER32(?,00000E24), ref: 00FEA97D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: MessageSendTimeout
                                                      • String ID:
                                                      • API String ID: 1599653421-0
                                                      • Opcode ID: 081609bcad047d63401061e99b77e1d30af11b64233c64d73410bca754f6ead9
                                                      • Instruction ID: 84d736b0594f5ee7bc0b449f4171a8f0e575f41ff215398af3b5949c73910da3
                                                      • Opcode Fuzzy Hash: 081609bcad047d63401061e99b77e1d30af11b64233c64d73410bca754f6ead9
                                                      • Instruction Fuzzy Hash: 7931D6714057806FEB228F61DC45FA6FFB8EF06324F08849EE9848B563D275A409CB75
                                                      Function 00FEA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 738 fea361-fea3cf 741 fea3d4-fea3dd 738->741 742 fea3d1 738->742 743 fea3df 741->743 744 fea3e2-fea3e8 741->744 742->741 743->744 745 fea3ed-fea404 744->745 746 fea3ea 744->746 748 fea43b-fea440 745->748 749 fea406-fea419 RegQueryValueExW 745->749 746->745 748->749 750 fea41b-fea438 749->750 751 fea442-fea447 749->751 751->750
                                                      APIs
                                                      • RegQueryValueExW.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEA40C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: 10739720b91ebf4752bc2f7ed7d51eae998df392ee0f1bea073d387f883d28f4
                                                      • Instruction ID: af4b8deec5caae980f35b846c626bac5bd98af14d8e9c9657da85091060fde97
                                                      • Opcode Fuzzy Hash: 10739720b91ebf4752bc2f7ed7d51eae998df392ee0f1bea073d387f883d28f4
                                                      • Instruction Fuzzy Hash: 6B316175505780AFE721CF51CC84F92BBF8EF06724F08849AE945CB2A2D364E909CB72
                                                      Function 05210D76 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • getaddrinfo.WS2_32(?,00000E24), ref: 05210E1B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: getaddrinfo
                                                      • String ID:
                                                      • API String ID: 300660673-0
                                                      • Opcode ID: aa0dbcd9d2f7e6b1cf8b9905efc81251f1a6a3bf9e16ea81390f5801687be786
                                                      • Instruction ID: cddf1408e6670026c7b4fef9974eac8dfc3d9976844f39c230265b9fdd00b513
                                                      • Opcode Fuzzy Hash: aa0dbcd9d2f7e6b1cf8b9905efc81251f1a6a3bf9e16ea81390f5801687be786
                                                      • Instruction Fuzzy Hash: 7D21D172100204AFEB20DF61DC85FA7FBECEF04714F14885AFA489A691D7B4A549CB75
                                                      Function 05212E46 Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegEnumValueW.KERNELBASE(?,00000E24,?,?), ref: 05212EF2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: EnumValue
                                                      • String ID:
                                                      • API String ID: 2814608202-0
                                                      • Opcode ID: 7f75e88ddc48935226e0878194cf8e8304942807bc80178935ecdc39811e1ecd
                                                      • Instruction ID: de7d7b74d38ecbc88771c5b2fb19f9a4d69a6a8749e4ee78c33139d64c2eed47
                                                      • Opcode Fuzzy Hash: 7f75e88ddc48935226e0878194cf8e8304942807bc80178935ecdc39811e1ecd
                                                      • Instruction Fuzzy Hash: 7F31736150D3C06FD3138B258C65A62BFB4DF87614F1A80CBD8848F6A3D225A91AD7B2
                                                      Function 052110C8 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 0521116E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: InformationVolume
                                                      • String ID:
                                                      • API String ID: 2039140958-0
                                                      • Opcode ID: 29aa9bdaad805f5bc6534d8688b1424279714b578639ac9dbc8e404b6fa94ce3
                                                      • Instruction ID: eba0c4b30767a21f49efb15ab92b00b67b9dbbffe5632377cc4a50664504d4cb
                                                      • Opcode Fuzzy Hash: 29aa9bdaad805f5bc6534d8688b1424279714b578639ac9dbc8e404b6fa94ce3
                                                      • Instruction Fuzzy Hash: EB318F7150D3C06FD3128B258C55B66BFB8EF47610F0980DBE884DF6A3D225A959C7B2
                                                      Function 05210007 Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 0521009E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Socket
                                                      • String ID:
                                                      • API String ID: 38366605-0
                                                      • Opcode ID: 3ee6df930c8e74e0d0613931c2c471fc63424473776d045b5f104ac060ff9c07
                                                      • Instruction ID: 873e678d33eb54e215fc0e1b13fdf4006a3a7ce38411a7d438ae6fc218a7c600
                                                      • Opcode Fuzzy Hash: 3ee6df930c8e74e0d0613931c2c471fc63424473776d045b5f104ac060ff9c07
                                                      • Instruction Fuzzy Hash: C131A271409780AFD722CF61DC44F56FFF4EF05214F08849AE9858B262D375A449CB71
                                                      Function 052124DD Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: select
                                                      • String ID:
                                                      • API String ID: 1274211008-0
                                                      • Opcode ID: ecd1a26705e585a50742a04227306ee7e7c59a63b38c8d003103b7b888899519
                                                      • Instruction ID: e138fde5aed8681f3d2c71ca0099360a837e4c54544b6bdfe6d2c642120823cf
                                                      • Opcode Fuzzy Hash: ecd1a26705e585a50742a04227306ee7e7c59a63b38c8d003103b7b888899519
                                                      • Instruction Fuzzy Hash: 15219175509384AFDB12CF25DC84B52BFF8FF06214F0984DAEC89CB162D220E809CB61
                                                      Function 00FEB9E0 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileType.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEBA75
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: FileType
                                                      • String ID:
                                                      • API String ID: 3081899298-0
                                                      • Opcode ID: 3a03adbf17503e83602346678ac5ddb724022de553c95b18ac99fb02cb7ec3b7
                                                      • Instruction ID: 8e568a537a1695b9b1038df718593d714a4a4055abbf6cea5aef0722d98e65b0
                                                      • Opcode Fuzzy Hash: 3a03adbf17503e83602346678ac5ddb724022de553c95b18ac99fb02cb7ec3b7
                                                      • Instruction Fuzzy Hash: 1C21F8B54097C06FE7128B21DC45BA2BFBCEF47724F0980D6ED848B2A3D2645909C771
                                                      Function 052128B5 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetExitCodeProcess.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 0521293C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CodeExitProcess
                                                      • String ID:
                                                      • API String ID: 3861947596-0
                                                      • Opcode ID: 01784b3a5c19bd687a134d4e6dfe42fd2e19db267b68778aeda234aeea2230f3
                                                      • Instruction ID: 86a4741a9c0ad847f74ca55a414029d84f4aac1743f1e665adf353663fc0274d
                                                      • Opcode Fuzzy Hash: 01784b3a5c19bd687a134d4e6dfe42fd2e19db267b68778aeda234aeea2230f3
                                                      • Instruction Fuzzy Hash: D321D3715093806FE712CB65DC85F96BFB8EF02324F0884DBE984DF2A2D264A909C771
                                                      Function 052106FE Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: FileView
                                                      • String ID:
                                                      • API String ID: 3314676101-0
                                                      • Opcode ID: 5d17123e56e289b892f335990865e6de3e844e608561f33ee998fd417c6b6b2e
                                                      • Instruction ID: 24ed2c457dca39cddefae615fb76a52ca5d2bf09660dcd886c062c86562fbc28
                                                      • Opcode Fuzzy Hash: 5d17123e56e289b892f335990865e6de3e844e608561f33ee998fd417c6b6b2e
                                                      • Instruction Fuzzy Hash: F421D371405380AFE722CF55DC48F96FFF8EF09224F04889EE9858B662D365A549CB71
                                                      Function 00FEA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegSetValueExW.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEA4F8
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Value
                                                      • String ID:
                                                      • API String ID: 3702945584-0
                                                      • Opcode ID: 3f73e8d6d26e59d6d80145b9d2f7487c9a8cf372ed4ed1ade7af1f6805cc66f5
                                                      • Instruction ID: 306cc8bd11ecef4aa0e734644489bf074b621cf3daf1a81f0a34d2b917587db9
                                                      • Opcode Fuzzy Hash: 3f73e8d6d26e59d6d80145b9d2f7487c9a8cf372ed4ed1ade7af1f6805cc66f5
                                                      • Instruction Fuzzy Hash: 572192765047806FD722CF51DC44FA7BFB8EF46724F08849AE945CB6A2D264E809C772
                                                      Function 0521056E Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 052105DF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DescriptorSecurity$ConvertString
                                                      • String ID:
                                                      • API String ID: 3907675253-0
                                                      • Opcode ID: 664112445984ccb06575effd9e128e351f28debe5cf8f32410e331d87bf5c1aa
                                                      • Instruction ID: 4d817d0e3595e3107a8a3d20463740d65f40e5588798347d4cbe2d303407e74d
                                                      • Opcode Fuzzy Hash: 664112445984ccb06575effd9e128e351f28debe5cf8f32410e331d87bf5c1aa
                                                      • Instruction Fuzzy Hash: FF21F271500204AFEB20DF25DC45FABBBECEF04314F04846AED49DB651D360E449CA75
                                                      Function 052125AC Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05212632
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 2968f3eb73eb93aa2cf66618a1c21eb84d56d03348a9e2b28194ad7c20932969
                                                      • Instruction ID: e92d7c5c0665619aee78803b7914d6df43bec34eccb3c856e23badfe22029b53
                                                      • Opcode Fuzzy Hash: 2968f3eb73eb93aa2cf66618a1c21eb84d56d03348a9e2b28194ad7c20932969
                                                      • Instruction Fuzzy Hash: 6F21B2B65083C09FD7128B25DC54B53BFA8AF52214F0984DAEC48CF293E225E809C771
                                                      Function 00FEB90A Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 00FEB989
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: 61d2ddfd619600ecc44a8cdde528a17797fafcf887cf89ce4be2ffd764cbfd3c
                                                      • Instruction ID: 9b32261e9c8ebe513e1e3dde40cad5798116ed5bd547e18c2dbe55b26b084cf9
                                                      • Opcode Fuzzy Hash: 61d2ddfd619600ecc44a8cdde528a17797fafcf887cf89ce4be2ffd764cbfd3c
                                                      • Instruction Fuzzy Hash: C4219F71504240AFEB20CF66DC85FA6FBE8EF04324F04885AEA458B652D371E409DB71
                                                      Function 05210462 Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 052104F4
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: f37305a952797f4837a555f0b0e477f66f9cb0333012eb6a34704b83a4256f17
                                                      • Instruction ID: 38db69024d268488dfe3853abb96af3818b3580a06953f8f8fd8d6eb27a2a54e
                                                      • Opcode Fuzzy Hash: f37305a952797f4837a555f0b0e477f66f9cb0333012eb6a34704b83a4256f17
                                                      • Instruction Fuzzy Hash: 4C21B072504740AFD721CF51CC48FA3FBF8EF05220F08849AE9498B2A2D364E548CB71
                                                      Function 00FEA7FA Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 00FEA879
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Open
                                                      • String ID:
                                                      • API String ID: 71445658-0
                                                      • Opcode ID: d0e2d52a5e1900772cc933ad9172206fc8a90a61257ad504704200dce7b33841
                                                      • Instruction ID: 5c06d46f608ed9116c134d44d14bcb12c425535f344e132eb972c8efb210da7f
                                                      • Opcode Fuzzy Hash: d0e2d52a5e1900772cc933ad9172206fc8a90a61257ad504704200dce7b33841
                                                      • Instruction Fuzzy Hash: 7221D1B2500204AEE7209F51DC84FABFBECEF14324F04845AE9458B651D324E50ECAB2
                                                      Function 05212A83 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetProcessWorkingSetSize.KERNEL32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05212AFF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ProcessSizeWorking
                                                      • String ID:
                                                      • API String ID: 3584180929-0
                                                      • Opcode ID: 5b076a87743d21587830399dd790e71a5e18ee578b9740c3a9d5387bdd4ba55b
                                                      • Instruction ID: 755a022de9e94ce9cdcff920e626147b5677ebeda4a777333e4e3e0783f73db5
                                                      • Opcode Fuzzy Hash: 5b076a87743d21587830399dd790e71a5e18ee578b9740c3a9d5387bdd4ba55b
                                                      • Instruction Fuzzy Hash: 3E21C2715043806FDB11CF61DC88FA7FFB8EF46224F08849AE945DB2A2D264A509CB75
                                                      Function 0521299F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetProcessWorkingSetSize.KERNEL32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05212A1B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ProcessSizeWorking
                                                      • String ID:
                                                      • API String ID: 3584180929-0
                                                      • Opcode ID: 5b076a87743d21587830399dd790e71a5e18ee578b9740c3a9d5387bdd4ba55b
                                                      • Instruction ID: b68948101bdb5cc1b5fd5b1a9d6bc1b6136704333a4b4c9b9e3472dcef4701e2
                                                      • Opcode Fuzzy Hash: 5b076a87743d21587830399dd790e71a5e18ee578b9740c3a9d5387bdd4ba55b
                                                      • Instruction Fuzzy Hash: 6D21C2715043806FD721CF61DC48FA7BFB8EF45224F08849AE944DB2A2D364A509CBB5
                                                      Function 05210995 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • shutdown.WS2_32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05210A18
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: shutdown
                                                      • String ID:
                                                      • API String ID: 2510479042-0
                                                      • Opcode ID: 4b1193efbfde1c71587bdb00e316a2596406d4ff0f9829e87279bd05d807171a
                                                      • Instruction ID: 6b0ccb668b152c0bedcee325ff0b6c04bde9c4c3fe0f79551de49a1095bc31e0
                                                      • Opcode Fuzzy Hash: 4b1193efbfde1c71587bdb00e316a2596406d4ff0f9829e87279bd05d807171a
                                                      • Instruction Fuzzy Hash: E12195B1409380AFD712CB50DC44F96FFB8EF46224F0884DAE9849F262D368A549C771
                                                      Function 00FEA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CreateMutexW.KERNELBASE(?,?), ref: 00FEA6B9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CreateMutex
                                                      • String ID:
                                                      • API String ID: 1964310414-0
                                                      • Opcode ID: 26cbcef2abc4e52560e9332616d77b5365000f9cfbabe409d1b841ffdf3c955a
                                                      • Instruction ID: 8caed45587b313b342e4406b8bb2ecfd7109d7e3288f9fffa2d3ced2f1b77dda
                                                      • Opcode Fuzzy Hash: 26cbcef2abc4e52560e9332616d77b5365000f9cfbabe409d1b841ffdf3c955a
                                                      • Instruction Fuzzy Hash: DB217F75500240AFE710DF66DC85BA6FBE8EF05324F08886AE9488B651E775E809CA72
                                                      Function 00FEBCC2 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadFile.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEBD41
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 9629515c6e75a7aae10c656a91946d823c446c81760a704c3348dcfb8fdce5fa
                                                      • Instruction ID: d38296484002815694403e8a64e20e22edf69a7dcd3f39b61b4cb6822b6659f5
                                                      • Opcode Fuzzy Hash: 9629515c6e75a7aae10c656a91946d823c446c81760a704c3348dcfb8fdce5fa
                                                      • Instruction Fuzzy Hash: 3D21A171405780AFDB22CF51DC44F97FFB8EF45324F08849AE9449B262D324A509CBB1
                                                      Function 05212417 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ioctlsocket.WS2_32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05212493
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ioctlsocket
                                                      • String ID:
                                                      • API String ID: 3577187118-0
                                                      • Opcode ID: b5a9a70205bb222533c06ab6561b2f6c0ce8634c22b4e63d39c814d9284d0677
                                                      • Instruction ID: 2dd997719effea8a63f867349b109f494bdbaf1c68595287c6f6811b57a6e679
                                                      • Opcode Fuzzy Hash: b5a9a70205bb222533c06ab6561b2f6c0ce8634c22b4e63d39c814d9284d0677
                                                      • Instruction Fuzzy Hash: 3921A171409384AFD722CF51DC48FA7FFB8EF45214F08849AE9489B262D264A509C775
                                                      Function 00FEA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEA40C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: c3f742d979c2aef7a22ebdfae656e8df5003279a94428dd51c9bec8127112bbe
                                                      • Instruction ID: e3ab655b3a3d033ae4f0340dbbd4434fe5ba1a6a368943a63495514930f047ce
                                                      • Opcode Fuzzy Hash: c3f742d979c2aef7a22ebdfae656e8df5003279a94428dd51c9bec8127112bbe
                                                      • Instruction Fuzzy Hash: 82218E766006449FE720CF56CC84FA6F7ECEF04724F08845AE9458B6A1D360F809DA72
                                                      Function 05210F26 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05210FA2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Connect
                                                      • String ID:
                                                      • API String ID: 3144859779-0
                                                      • Opcode ID: c852b65d3fd23d577bb3876df8bbfb342f9dfb0ad554d5f537848478936205fd
                                                      • Instruction ID: a8fb98e185879bf62543fc34c5554b6e913f1019a6c3a6d264fa52a28e0f84c6
                                                      • Opcode Fuzzy Hash: c852b65d3fd23d577bb3876df8bbfb342f9dfb0ad554d5f537848478936205fd
                                                      • Instruction Fuzzy Hash: E1219271408384AFDB228F51DC44BA2FFF4EF06310F0984DAED898B162D335A559DB61
                                                      Function 05210032 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 0521009E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Socket
                                                      • String ID:
                                                      • API String ID: 38366605-0
                                                      • Opcode ID: ac8e97db839787ce94f6b99425546d1577f8a8fc251e1948f1d0674d38cadc0d
                                                      • Instruction ID: 6119f9ba446290520df4600c33c315179f174a6f4d436dd50e5a2f3e7e67ab17
                                                      • Opcode Fuzzy Hash: ac8e97db839787ce94f6b99425546d1577f8a8fc251e1948f1d0674d38cadc0d
                                                      • Instruction Fuzzy Hash: F121CF71400240AFEB21CF65DC85FA6FBE4EF04324F04885AED498A651E372A449CB75
                                                      Function 0521071E Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: FileView
                                                      • String ID:
                                                      • API String ID: 3314676101-0
                                                      • Opcode ID: a6306ad6983869a7d44a6c2b97cf0acbc19db33c3f8ac28d1f3d490bc46b36c3
                                                      • Instruction ID: 0f49800bc59c10aa66e3d5b1bd54f2b18e87a676800a55d6b57d7d42c363fe21
                                                      • Opcode Fuzzy Hash: a6306ad6983869a7d44a6c2b97cf0acbc19db33c3f8ac28d1f3d490bc46b36c3
                                                      • Instruction Fuzzy Hash: EA21F071400204AFE721CF55DC88FA6FBE8EF08324F04885EE9498B661E371E44ACBB5
                                                      Function 0521138A Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryA.KERNELBASE(?,00000E24), ref: 05211413
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: 748a95d3a2f5ba6eaeb3d769df542c9319005b459e727512c73d1e17ff7bd19a
                                                      • Instruction ID: ab538d3e12af2a689dc5d13b3e031c5f88f6ade818844b1e3200eb352f865a81
                                                      • Opcode Fuzzy Hash: 748a95d3a2f5ba6eaeb3d769df542c9319005b459e727512c73d1e17ff7bd19a
                                                      • Instruction Fuzzy Hash: F311E4710043806FE721CB11DC85FA3FFB8EF45724F08809AFD488B692D264A949CB76
                                                      Function 00FEA902 Relevance: 1.6, APIs: 1, Instructions: 66windowtimeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SendMessageTimeoutA.USER32(?,00000E24), ref: 00FEA97D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: MessageSendTimeout
                                                      • String ID:
                                                      • API String ID: 1599653421-0
                                                      • Opcode ID: 74d9e408b39ad66a9795e9e7c7b7746820e716a11e3a5bf349f540e6dec871c1
                                                      • Instruction ID: 2a18e1cb8961a2b2e1706e7a9a395467b4cdba5cdbf1ca1339dcc336759af56c
                                                      • Opcode Fuzzy Hash: 74d9e408b39ad66a9795e9e7c7b7746820e716a11e3a5bf349f540e6dec871c1
                                                      • Instruction Fuzzy Hash: 7621E472400640AFEB218F51DC40FA6FBB8EF04724F14845AEE459A6A1D371B409DB72
                                                      Function 05210482 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 052104F4
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: 44343b410d2c732dd838cc9f27fdd7e0ec04958e79dfa2a375d2d2e19c6b6c19
                                                      • Instruction ID: 204c9cac8c60426ab049c3f0ffddbade6fd2342099a40b2bbdf8b8230dd360d5
                                                      • Opcode Fuzzy Hash: 44343b410d2c732dd838cc9f27fdd7e0ec04958e79dfa2a375d2d2e19c6b6c19
                                                      • Instruction Fuzzy Hash: B411AF72500600AFEB20CF55DC88FA7F7E8FF18724F08845AED498B661D364E549CAB5
                                                      Function 00FEA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegSetValueExW.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEA4F8
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Value
                                                      • String ID:
                                                      • API String ID: 3702945584-0
                                                      • Opcode ID: 086f462d451996d5f44ccbfddaacbd210defae1aa84d0a25875c73dfd769b83f
                                                      • Instruction ID: 8e9105587ce6f3e7ad38d5c29de0d34457f4a2966147a4335a26f058c811fbda
                                                      • Opcode Fuzzy Hash: 086f462d451996d5f44ccbfddaacbd210defae1aa84d0a25875c73dfd769b83f
                                                      • Instruction Fuzzy Hash: D7117F76500740AFEB21CF56DC85BA7BBE8EF44724F08845AED458A6A1D360E809DA72
                                                      Function 05210C8A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetProcessTimes.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05210CE9
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ProcessTimes
                                                      • String ID:
                                                      • API String ID: 1995159646-0
                                                      • Opcode ID: 84cba9e11d33a34939dfda36a998b4b032e061e30311e265d6a7e1853e967a76
                                                      • Instruction ID: 1a98558794a11bf67957f6e8e4c0b656712399bcff0d6e7605933f5773155bee
                                                      • Opcode Fuzzy Hash: 84cba9e11d33a34939dfda36a998b4b032e061e30311e265d6a7e1853e967a76
                                                      • Instruction Fuzzy Hash: 5911E676500600AFEB21CF55DC88FA7FBE8EF14324F04846AED498B665D370A449CBB5
                                                      Function 05212AA6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetProcessWorkingSetSize.KERNEL32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05212AFF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ProcessSizeWorking
                                                      • String ID:
                                                      • API String ID: 3584180929-0
                                                      • Opcode ID: dcf34f7381e4668dafc10193531cb3f882236b0130ca3f8157b4a0445179c484
                                                      • Instruction ID: dc9aadff02640f78586d4c128caa2d1c04b026405367520e8e51b488e9ea2b27
                                                      • Opcode Fuzzy Hash: dcf34f7381e4668dafc10193531cb3f882236b0130ca3f8157b4a0445179c484
                                                      • Instruction Fuzzy Hash: 2211B275500241AFEB20CF55DC85BA7F7E8EF14324F08846AED098B661E774A509CBB5
                                                      Function 052129C2 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetProcessWorkingSetSize.KERNEL32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05212A1B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ProcessSizeWorking
                                                      • String ID:
                                                      • API String ID: 3584180929-0
                                                      • Opcode ID: dcf34f7381e4668dafc10193531cb3f882236b0130ca3f8157b4a0445179c484
                                                      • Instruction ID: 80e57577f00f8523cd1484246b8826c1c8a4efe9635a81e75d6ff4e48e9505b9
                                                      • Opcode Fuzzy Hash: dcf34f7381e4668dafc10193531cb3f882236b0130ca3f8157b4a0445179c484
                                                      • Instruction Fuzzy Hash: 8F11EF76500200AFEB20CF55DC84BA7BBE8EF04724F08846AED098B661E370A509CBB5
                                                      Function 00FEB357 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 00FEB3DA
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DisplayNameParse
                                                      • String ID:
                                                      • API String ID: 3580041360-0
                                                      • Opcode ID: 2d4fd8e5edea75c7994f8a3bc96210b6c725a5a369bbfabc3c477d9a45a6a1b6
                                                      • Instruction ID: 2f0e04595bd5ec2cb501d57a93f7041422aa09fa10d33dcc861941e5a93f0b37
                                                      • Opcode Fuzzy Hash: 2d4fd8e5edea75c7994f8a3bc96210b6c725a5a369bbfabc3c477d9a45a6a1b6
                                                      • Instruction Fuzzy Hash: 8F113B71504780BFD311CF15DC41F72BFB8EF86A20F09809AEC484BA42D224B919CBB1
                                                      Function 052128E6 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetExitCodeProcess.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 0521293C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CodeExitProcess
                                                      • String ID:
                                                      • API String ID: 3861947596-0
                                                      • Opcode ID: 6e875c7cca6dfd1b9a8417cdfd7401e2096b3f1713317614498777ebc478ca6d
                                                      • Instruction ID: c6ef31eafef9f62b53fe6366ab78aa12ec15a02b7fb8a29ada67c176fe4e890f
                                                      • Opcode Fuzzy Hash: 6e875c7cca6dfd1b9a8417cdfd7401e2096b3f1713317614498777ebc478ca6d
                                                      • Instruction Fuzzy Hash: C111C175500201AFEB10CF55DC85BA7B7E8EF04224F1884AAED49DF6A1E674A409CAB5
                                                      Function 00FEAF93 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00FEAFFE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 8b3d1f96faeef111cf74b55905752b6fada2da8ef9a63da84105d988fd3a78ba
                                                      • Instruction ID: 7ac16751d70c77948af9ec00a354102f88b9d9372fe72dba5f50a40635135eb7
                                                      • Opcode Fuzzy Hash: 8b3d1f96faeef111cf74b55905752b6fada2da8ef9a63da84105d988fd3a78ba
                                                      • Instruction Fuzzy Hash: D811A271409380AFDB228F51DC44B63FFF4EF4A320F0888DAEE858B162D235A419DB61
                                                      Function 052103BE Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 0521043A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ComputerName
                                                      • String ID:
                                                      • API String ID: 3545744682-0
                                                      • Opcode ID: 807d27cc2b17d21396623852e2a93156d43114e246c401c4ed740350c55901fd
                                                      • Instruction ID: e04437df882939ee80d51bfc046298bd3d733d235a2ca86b3935e5a3a6671946
                                                      • Opcode Fuzzy Hash: 807d27cc2b17d21396623852e2a93156d43114e246c401c4ed740350c55901fd
                                                      • Instruction Fuzzy Hash: 6411C471504340BFD3118B15DC45F76BFB8EBC6A20F05819AEC489B692D325B915CBB2
                                                      Function 00FEBCE2 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadFile.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEBD41
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: eeda4c39a20b616a0ca76f426c4906a1908a81258755f7ede17c436b804139f1
                                                      • Instruction ID: 0e8698fa23887307707153be3e2c49ef603c0d3ad24a3092a89a34d991895da5
                                                      • Opcode Fuzzy Hash: eeda4c39a20b616a0ca76f426c4906a1908a81258755f7ede17c436b804139f1
                                                      • Instruction Fuzzy Hash: 7911E072400640AFEB21CF51DC84FA7FBE8EF04724F08885AEE499B661D374A409DBB1
                                                      Function 052112D5 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CoGetObjectContext.COMBASE(?,?), ref: 05211347
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ContextObject
                                                      • String ID:
                                                      • API String ID: 3343934925-0
                                                      • Opcode ID: 9cac3700f42e696c07f1ef76bee736b9438ac819f73966da4980141d317e8295
                                                      • Instruction ID: 45476e6df5237cb6f864c1daf9b32af096237a836d82b98775f8695d9cbc2be1
                                                      • Opcode Fuzzy Hash: 9cac3700f42e696c07f1ef76bee736b9438ac819f73966da4980141d317e8295
                                                      • Instruction Fuzzy Hash: EA117F754083809FD7128F25CD49B52BFB4EF46220F0984DAD9844F262D265A909DB62
                                                      Function 0521243A Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ioctlsocket.WS2_32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05212493
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ioctlsocket
                                                      • String ID:
                                                      • API String ID: 3577187118-0
                                                      • Opcode ID: 561fd8af5cef771b50d9ebf6d4db6475831ab24da7ff1fe8f819ea2e97f616ad
                                                      • Instruction ID: 5a2c381160fb83cd7e8dfcba48172ae1683b0822519fe4b206fbc8f39cf1ebfd
                                                      • Opcode Fuzzy Hash: 561fd8af5cef771b50d9ebf6d4db6475831ab24da7ff1fe8f819ea2e97f616ad
                                                      • Instruction Fuzzy Hash: 4A11E075400204AFEB20CF55DC84FA7FBE8EF14324F08846AEE489B661D374A409CBB5
                                                      Function 052109C2 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • shutdown.WS2_32(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 05210A18
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: shutdown
                                                      • String ID:
                                                      • API String ID: 2510479042-0
                                                      • Opcode ID: 663083e3f536dcb0011f69864b2f92c46f931b0543fb5c835fe53184d2b5175b
                                                      • Instruction ID: aef210f1c4cf4e383a08aa75b650591cda8ea44d61aaea9f848cbd2bd3ce6b74
                                                      • Opcode Fuzzy Hash: 663083e3f536dcb0011f69864b2f92c46f931b0543fb5c835fe53184d2b5175b
                                                      • Instruction Fuzzy Hash: E211E371400200AFEB10CF50DC88BA7B7E8EF04324F04846AEE089F251E274A449CBB5
                                                      Function 00FEABC1 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: closesocket
                                                      • String ID:
                                                      • API String ID: 2781271927-0
                                                      • Opcode ID: 08410793ba2d6003ea30fbc70bbcc8c33c9787e5af28e2a1c6c48fd65d28acbe
                                                      • Instruction ID: 2f0598e7c4eae288d573470b6f7b771af52143e63af591591651ffd5310b4760
                                                      • Opcode Fuzzy Hash: 08410793ba2d6003ea30fbc70bbcc8c33c9787e5af28e2a1c6c48fd65d28acbe
                                                      • Instruction Fuzzy Hash: 521160714093C05FDB128B25DC45B92BFB4EF47224F0984DAED848F263D275A949DB62
                                                      Function 052113AA Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryA.KERNELBASE(?,00000E24), ref: 05211413
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad
                                                      • String ID:
                                                      • API String ID: 1029625771-0
                                                      • Opcode ID: ff3453a0cd6ee94b7833e02afcc50825839d309f8b12e940fbf5902ae37e9277
                                                      • Instruction ID: 8b3ed2d70e1e8eb10c0e697e11d42af586a242f19cb4a8f39f876c5c1e2a3708
                                                      • Opcode Fuzzy Hash: ff3453a0cd6ee94b7833e02afcc50825839d309f8b12e940fbf5902ae37e9277
                                                      • Instruction Fuzzy Hash: FB11E171510200AEE720CB15DC85FF7FBE8EF04B24F14809AEE488B791D3B4A559CAB6
                                                      Function 00FEA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(?), ref: 00FEA330
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: 9fbd8ba7e7224559444bcf1970804383f09a81e9956d69da197abe202be0460a
                                                      • Instruction ID: 9d9d8c49634038b4f4a22f1f282e80bb007852fc7e26b98b892f751cb3a3a98a
                                                      • Opcode Fuzzy Hash: 9fbd8ba7e7224559444bcf1970804383f09a81e9956d69da197abe202be0460a
                                                      • Instruction Fuzzy Hash: 28118F718093C06FDB128B25DC547A2BFB4DF47624F0980CBED848B263D2656808D772
                                                      Function 05212516 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: select
                                                      • String ID:
                                                      • API String ID: 1274211008-0
                                                      • Opcode ID: 92e4011787b42cce0fa699a4e69dfefa60921a0ed6cc857bfbbc8ccf9c9ccfaf
                                                      • Instruction ID: 6f1035b43d24c801f963804fad30a48fdcd681ada5eef23f0904e6bd594f4291
                                                      • Opcode Fuzzy Hash: 92e4011787b42cce0fa699a4e69dfefa60921a0ed6cc857bfbbc8ccf9c9ccfaf
                                                      • Instruction Fuzzy Hash: 1C115B79510245EFDB20CF16D888FA2FBE9EF14610F0884AAED49CB261D370E449CB71
                                                      Function 00FEA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: send
                                                      • String ID:
                                                      • API String ID: 2809346765-0
                                                      • Opcode ID: 3e9191985d2669c89cddf15c8fedaf06306fe416b6a20825ba880c906ec4ed21
                                                      • Instruction ID: 8482450471de3417ecc9e050810e0940588ec3268bc7b91f6fa1a22bafbb2d89
                                                      • Opcode Fuzzy Hash: 3e9191985d2669c89cddf15c8fedaf06306fe416b6a20825ba880c906ec4ed21
                                                      • Instruction Fuzzy Hash: 0E118275409380AFDB22CF15DC44B52FFB4EF46324F09849AED848F562D275A818DB62
                                                      Function 052125EA Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05212632
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: 1a46b5b03741a8224cac14c55438bed44a79097f58f9721289e1d79582e2d493
                                                      • Instruction ID: 33a85f674eb8cbb32387d0e13e5c1b5f811ea81107680191e311d391c7286360
                                                      • Opcode Fuzzy Hash: 1a46b5b03741a8224cac14c55438bed44a79097f58f9721289e1d79582e2d493
                                                      • Instruction Fuzzy Hash: 19118275614281DFDB50CF26DC85B57FBE8EF14620F0884AAEC49DB792D670E404CA71
                                                      Function 00FEBA22 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetFileType.KERNELBASE(?,00000E24,1B9AC135,00000000,00000000,00000000,00000000), ref: 00FEBA75
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: FileType
                                                      • String ID:
                                                      • API String ID: 3081899298-0
                                                      • Opcode ID: e622ae206244ad273e99399e5d383339de9b042d06b5458a1f9dd31a9ff12ad6
                                                      • Instruction ID: 0e9fdd68d810eb719555801bd29699302af1fa3f652d61026029e5765ac2faf4
                                                      • Opcode Fuzzy Hash: e622ae206244ad273e99399e5d383339de9b042d06b5458a1f9dd31a9ff12ad6
                                                      • Instruction Fuzzy Hash: CB01D675500640AEEB20CF56DC84BA7F7A8DF44B24F18C0AAED048B761D378A909CAB1
                                                      Function 05210F56 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05210FA2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: Connect
                                                      • String ID:
                                                      • API String ID: 3144859779-0
                                                      • Opcode ID: 350bf779f08416298a8f35a4110980772260a7283586009c39c61e5b289612b6
                                                      • Instruction ID: 450e3ce692bf16ad8cde38b846883713a96c36228f316f8d39595b7de9578aea
                                                      • Opcode Fuzzy Hash: 350bf779f08416298a8f35a4110980772260a7283586009c39c61e5b289612b6
                                                      • Instruction Fuzzy Hash: CD117C355002449FDB20CF55D889BA2FBE4FF18320F0888AAED498B662D771E558DF62
                                                      Function 0521111E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 0521116E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: InformationVolume
                                                      • String ID:
                                                      • API String ID: 2039140958-0
                                                      • Opcode ID: a1a534fd6b1d8f3e7d8ceb5e108478c044f1873a3506d4cfb1d7e731dbbbd43c
                                                      • Instruction ID: d0c3d167bd07a25b6122ccda73368935dd32961506468d45a74cb5ca2c25e1f0
                                                      • Opcode Fuzzy Hash: a1a534fd6b1d8f3e7d8ceb5e108478c044f1873a3506d4cfb1d7e731dbbbd43c
                                                      • Instruction Fuzzy Hash: D501B171500600AFD350DF16DC46B66FBE8EB88B20F14812AEC089B741D735B916CBE1
                                                      Function 00FEAFBA Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00FEAFFE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: 00f985792befafbdf7ef97efabe248d5cd9145d063755be1fd4f5275a989c958
                                                      • Instruction ID: fca99903ac769942d727ef5674b1452b3401d86a8016b1bbebb05b36c6d86e16
                                                      • Opcode Fuzzy Hash: 00f985792befafbdf7ef97efabe248d5cd9145d063755be1fd4f5275a989c958
                                                      • Instruction Fuzzy Hash: DE0161324007809FDB218F55DC84B53FBE0EF48725F08C89ADE494A661D375E419EF62
                                                      Function 05212EA2 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegEnumValueW.KERNELBASE(?,00000E24,?,?), ref: 05212EF2
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: EnumValue
                                                      • String ID:
                                                      • API String ID: 2814608202-0
                                                      • Opcode ID: 372bf262f4ebbb572ae4879d9cb673db4525835b261aec2f81837b536a486769
                                                      • Instruction ID: c2446286a55840d24d17822f924825a7ea151eda610e1bf9270a8d7b6af7d88c
                                                      • Opcode Fuzzy Hash: 372bf262f4ebbb572ae4879d9cb673db4525835b261aec2f81837b536a486769
                                                      • Instruction Fuzzy Hash: A801A271600600ABD250DF1ADC46B66FBE8FB88B24F14811AEC089BB41D735F916CBE5
                                                      Function 052103EA Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 0521043A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ComputerName
                                                      • String ID:
                                                      • API String ID: 3545744682-0
                                                      • Opcode ID: 388be53124d9f19073338c1b932c91b7896d5669b226602f646bf336b9cf2112
                                                      • Instruction ID: 833d130701372c7953446e769427eaabd8aac0aba0bec8cf22c897cdd2499d62
                                                      • Opcode Fuzzy Hash: 388be53124d9f19073338c1b932c91b7896d5669b226602f646bf336b9cf2112
                                                      • Instruction Fuzzy Hash: 5501A271600600ABD250DF1ADC46B66FBE8FB88A24F14815AEC089BB41D735F916CBE5
                                                      Function 00FEBEAE Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 00FEBEFE
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: QueryValue
                                                      • String ID:
                                                      • API String ID: 3660427363-0
                                                      • Opcode ID: 2f0237da85c51c4ca55e6670c054444956161bedcd854a73fde3da052ae417e0
                                                      • Instruction ID: 72f5d562948f9406cdd1b54cb8c2f548945124700b8e48f39aa59915140ad702
                                                      • Opcode Fuzzy Hash: 2f0237da85c51c4ca55e6670c054444956161bedcd854a73fde3da052ae417e0
                                                      • Instruction Fuzzy Hash: 8C01A271600600ABD250DF1ADC46B66FBE8FB88B24F14811AEC089BB41D775F916CBE5
                                                      Function 00FEB38A Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • MkParseDisplayName.OLE32(?,00000E24,?,?), ref: 00FEB3DA
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DisplayNameParse
                                                      • String ID:
                                                      • API String ID: 3580041360-0
                                                      • Opcode ID: 469a5910520c8c2886b749c43db75212cf8e48acdd14e82354bfb21969c1aea8
                                                      • Instruction ID: d7777b8b20e44bc076ec2e082ed882c3b738a01714be8762d0400c8526a62bda
                                                      • Opcode Fuzzy Hash: 469a5910520c8c2886b749c43db75212cf8e48acdd14e82354bfb21969c1aea8
                                                      • Instruction Fuzzy Hash: 5201A271600600ABD250DF1ADC46B66FBE8FB88B24F14811AEC089BB41D735F916CBE5
                                                      Function 00FEA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: send
                                                      • String ID:
                                                      • API String ID: 2809346765-0
                                                      • Opcode ID: 51acd363f6acdb8a3561e8451225bd375fcf0cfb8fd8030ac7946ec1ae799ecf
                                                      • Instruction ID: aabab663bed4f0e03e891fe64a85a834114e427ef39025a596f00a6afc585789
                                                      • Opcode Fuzzy Hash: 51acd363f6acdb8a3561e8451225bd375fcf0cfb8fd8030ac7946ec1ae799ecf
                                                      • Instruction Fuzzy Hash: CA019E368042809FDB60CF56DC84B52FBE0EF04325F08C4AADE498B652D375A418DF72
                                                      Function 00FEABEE Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: closesocket
                                                      • String ID:
                                                      • API String ID: 2781271927-0
                                                      • Opcode ID: e4e8a11fee2fa6123872f337b2ae3c838630c325dd31719198d342c5f9538009
                                                      • Instruction ID: 42ab49344fdcaeeddf6903ba1b6855885bab5f96e9072ebf1aa03229a20cefc8
                                                      • Opcode Fuzzy Hash: e4e8a11fee2fa6123872f337b2ae3c838630c325dd31719198d342c5f9538009
                                                      • Instruction Fuzzy Hash: 4B01AD719042809FDB10CF1AD888BA6FBE4EF04325F18C4AADD488F352D275E448DAA2
                                                      Function 05211312 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CoGetObjectContext.COMBASE(?,?), ref: 05211347
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660207912.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_5210000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ContextObject
                                                      • String ID:
                                                      • API String ID: 3343934925-0
                                                      • Opcode ID: 926c9a502e10b6a78aa76fbc753e3da4ac86f69a511a3722638c263f9edd821d
                                                      • Instruction ID: 958cd3511321f647046af0aa90be75ecce92f912b971d9dcf34baf8fc5b587c9
                                                      • Opcode Fuzzy Hash: 926c9a502e10b6a78aa76fbc753e3da4ac86f69a511a3722638c263f9edd821d
                                                      • Instruction Fuzzy Hash: F0F0DC359102409FDB20CF06D889B62FBE0EF04725F08C09ADE084BB66D3B5A419CAA2
                                                      Function 00FEA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetErrorMode.KERNELBASE(?), ref: 00FEA330
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: ErrorMode
                                                      • String ID:
                                                      • API String ID: 2340568224-0
                                                      • Opcode ID: 665fe35da7abdb000b474e50d800373681a758982b9dde40d98161894efe1fc5
                                                      • Instruction ID: 377d848cf6bfe10bfdb73c0e4a35352254b85cd13683a18e4ffbc9c6e7bc90a9
                                                      • Opcode Fuzzy Hash: 665fe35da7abdb000b474e50d800373681a758982b9dde40d98161894efe1fc5
                                                      • Instruction Fuzzy Hash: 05F0AF35904280CFDB108F0AD888762FBE0EF45725F08C09ADD494F752D376A808DAB2
                                                      Function 050C125B Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 050C128F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660020859.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_50c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: d01b2904bcd07c7673f29f45e29ed6164d8858f332f2d7e27f0cb969ef1f2d25
                                                      • Instruction ID: ea2fe0b6c7548f292025217f60e907ce8819c23978de7b11920b96bbb9a9c5f3
                                                      • Opcode Fuzzy Hash: d01b2904bcd07c7673f29f45e29ed6164d8858f332f2d7e27f0cb969ef1f2d25
                                                      • Instruction Fuzzy Hash: 82F09674D042458FCF50DF79D8459AFBFF2BF89240710466ED406D3295EB749505CBA0
                                                      Function 050C1268 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • KiUserExceptionDispatcher.NTDLL ref: 050C128F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660020859.00000000050C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_50c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID: DispatcherExceptionUser
                                                      • String ID:
                                                      • API String ID: 6842923-0
                                                      • Opcode ID: 777f5f5a7d3a33e9537832b48f7496531fed8aee26dd445d90b9180354e242b4
                                                      • Instruction ID: f20c275b561e9e0553566a9a54732432c779842213b49229d4797b2a4c1b9042
                                                      • Opcode Fuzzy Hash: 777f5f5a7d3a33e9537832b48f7496531fed8aee26dd445d90b9180354e242b4
                                                      • Instruction Fuzzy Hash: 13F01270D042099F8B44EF7AD84559EBFF6AF89240B10852AD409E3315EB349911CBA0
                                                      Function 00FEA710 Relevance: 1.3, APIs: 1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CloseHandle.KERNELBASE(?), ref: 00FEA780
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID:
                                                      • API String ID: 2962429428-0
                                                      • Opcode ID: 6767227081fb127f5fb59ce61ba4123354d521075b51b5ce3ca22bb1bf823fe1
                                                      • Instruction ID: f3181a6e9e0bcd8d03a8467b3f1b81ae2c319eff23403a124695184b99b7dd23
                                                      • Opcode Fuzzy Hash: 6767227081fb127f5fb59ce61ba4123354d521075b51b5ce3ca22bb1bf823fe1
                                                      • Instruction Fuzzy Hash: 4221D5B55043809FDB11CF25DD85752BFB4EF02324F0984EADC848B653D235A909DB62
                                                      Function 00FEA74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • CloseHandle.KERNELBASE(?), ref: 00FEA780
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658402771.0000000000FEA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FEA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fea000_enai2.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID:
                                                      • API String ID: 2962429428-0
                                                      • Opcode ID: 9f156cf8a7bde5a99d187938fb073742bd0f98b6a7215fa1757d3c2b78d25230
                                                      • Instruction ID: 33425f06ae8052010d9af93d4514fba27c159b736d1917549a590765212ee4c9
                                                      • Opcode Fuzzy Hash: 9f156cf8a7bde5a99d187938fb073742bd0f98b6a7215fa1757d3c2b78d25230
                                                      • Instruction Fuzzy Hash: C701DF759002808FDB10CF26DC897A6FBE4DF04325F08C4ABDC498F752D274E808DAA2
                                                      Function 056C1E30 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660408754.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_56c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f0d63adf617341f74961005a141a1777d3554cedcef585bd1c14ac054f2ccb8e
                                                      • Instruction ID: 5e5c49c1592795d3decffd1c27a665e9dee5a4ba17d77f6224e05ddd93fc283d
                                                      • Opcode Fuzzy Hash: f0d63adf617341f74961005a141a1777d3554cedcef585bd1c14ac054f2ccb8e
                                                      • Instruction Fuzzy Hash: E611BDB5508341AFD340CF19D840A5BFBE4FB89664F04895EF998D7311D231E9088FA2
                                                      Function 013B0814 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658908420.00000000013B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_13b0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 367d3acb4d7f6b7a7ee3ac8957b6758ac7c5e42c1e699db25ae2cca82f8209cf
                                                      • Instruction ID: d7798c9904eb959a9b8f175e6afcd970b96331eb25cf5d77c42a25d3c7872d2f
                                                      • Opcode Fuzzy Hash: 367d3acb4d7f6b7a7ee3ac8957b6758ac7c5e42c1e699db25ae2cca82f8209cf
                                                      • Instruction Fuzzy Hash: 721102306042449FD719CB14C480B53BBA5AB8870CF24C9ACEA499BB53D37BD902CA81
                                                      Function 013B07DE Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658908420.00000000013B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_13b0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 608ed2ced7b671e271c6ca8add279be07778e1449e6befee092b594d4a525ca2
                                                      • Instruction ID: ad4bd4610b283c2a23124ceff99164459222d16ee02484abf21f1641a2877725
                                                      • Opcode Fuzzy Hash: 608ed2ced7b671e271c6ca8add279be07778e1449e6befee092b594d4a525ca2
                                                      • Instruction Fuzzy Hash: 62216F3550D3C09FC717CB20C990B51BFB1AF47218F1985DED4899BAA3D33A990ACB52
                                                      Function 00FFAFBC Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658440701.0000000000FFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_ffa000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30bf6bf09411a4a4a09cc900130d3ab7034db64b5fdd413596fbe9cf89137e53
                                                      • Instruction ID: 9cb40fd8300050066cd428861faa99643b4b1a44dd5aee0fe97f03748ee174dc
                                                      • Opcode Fuzzy Hash: 30bf6bf09411a4a4a09cc900130d3ab7034db64b5fdd413596fbe9cf89137e53
                                                      • Instruction Fuzzy Hash: D011FEB5608301AFD350CF09DC44E57FBE8EB89660F04891EF95897311D231E9088FA2
                                                      Function 056C1CD4 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660408754.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_56c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0fbea5a35026f2d5f346d1203b30636df0806d4855a631eb007ca58f92a84720
                                                      • Instruction ID: 16bbd7fd681fc3fb365750db0af6ea0d6807e5ed940481083dd71e2a47734745
                                                      • Opcode Fuzzy Hash: 0fbea5a35026f2d5f346d1203b30636df0806d4855a631eb007ca58f92a84720
                                                      • Instruction Fuzzy Hash: 6211FEB5608301AFD750CF09DC84E57FBE8EB88660F04891EF95997311D231E9088FA2
                                                      Function 013B05DF Relevance: .0, Instructions: 44COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658908420.00000000013B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_13b0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc3a341e408b6aec42886bf20476072f42cc62213b239ed06d2fca15e39b12f2
                                                      • Instruction ID: 4a6fc62c404f6ad0072d17b144713233a8a76ade69a062764a3f977a50e1b1cf
                                                      • Opcode Fuzzy Hash: bc3a341e408b6aec42886bf20476072f42cc62213b239ed06d2fca15e39b12f2
                                                      • Instruction Fuzzy Hash: C70186B65097806FD7118F16AC45863FFF8DF86620709C49FEC498B752D225A909CBB2
                                                      Function 013B08D0 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658908420.00000000013B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_13b0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 283714cfe41929ed12b715864eb7c66c14cde9648cc8af888f9cc9ae7122e2c6
                                                      • Instruction ID: 0ab9da6e1d395b72eac4ed7d97f66d6b2664a71d76bcc3b8bb58349bfa5b48ae
                                                      • Opcode Fuzzy Hash: 283714cfe41929ed12b715864eb7c66c14cde9648cc8af888f9cc9ae7122e2c6
                                                      • Instruction Fuzzy Hash: 67F06935108644DFC706CF00C980B16FBA2EB88718F24CAADE9481BB62C337E913DA81
                                                      Function 013B0606 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658908420.00000000013B0000.00000040.00000020.00020000.00000000.sdmp, Offset: 013B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_13b0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a13ed3fd1c57f13db24fa6142d8a0f6e920a425f1ae79a3dd4186a08bd52af4e
                                                      • Instruction ID: 777fac9344de74dca52fbff2383821a75b37567419d64afdc683d8814e2a0416
                                                      • Opcode Fuzzy Hash: a13ed3fd1c57f13db24fa6142d8a0f6e920a425f1ae79a3dd4186a08bd52af4e
                                                      • Instruction Fuzzy Hash: FCE092B66006404B9650CF0AEC85492F7E8EB84630B08C07FDC0D8B711E235B509CAB5
                                                      Function 00FFB00B Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658440701.0000000000FFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FFA000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_ffa000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9ebd06d257565c77f462779f8eda309318dfbeb6efb4b65c28aaf63436492a79
                                                      • Instruction ID: d50a6275d8055740881cc17584ab31c7ad3280c01e00a3b08fb008af48e18287
                                                      • Opcode Fuzzy Hash: 9ebd06d257565c77f462779f8eda309318dfbeb6efb4b65c28aaf63436492a79
                                                      • Instruction Fuzzy Hash: DCE0D8B264020467D2508F06AC45F52FB98DB51A31F04C55BED085B702E171B50489F1
                                                      Function 056C1747 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660408754.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_56c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 05fa98166f35bafbb102450abb95a2e4ec64195ca45a253b11e7cd9ee979cd9b
                                                      • Instruction ID: e707d7197f2c09f4dae6ea354110bf9a0b31d0069e8139f2e6e9db472d457ba9
                                                      • Opcode Fuzzy Hash: 05fa98166f35bafbb102450abb95a2e4ec64195ca45a253b11e7cd9ee979cd9b
                                                      • Instruction Fuzzy Hash: 12E0D8B260020067D2509F06AC49F53FB98DB80A30F04C45BED0C1B701E172B514C9F1
                                                      Function 056C1D23 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660408754.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_56c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d255b0ae0b8027475dca68597f51d60a87f6e2746ce75210a4327406fcfd3bfc
                                                      • Instruction ID: 31dca8730dd0b7692c80392311080fe21bfe7d2ef5054474d781be478b93b747
                                                      • Opcode Fuzzy Hash: d255b0ae0b8027475dca68597f51d60a87f6e2746ce75210a4327406fcfd3bfc
                                                      • Instruction Fuzzy Hash: E5E0D8F260020467D6509F06AC45F53FB98DB40A30F04C45BED0D1B702E172B51889F1
                                                      Function 056C1E9B Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4660408754.00000000056C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_56c0000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d4830ffbfe9d39db22e8412366ed52092ae95b233a1aacdf004fc0dc3794394
                                                      • Instruction ID: a2d4d70c45259544fa5294b8d86433d6d54efc0b3bd3f539157ee5a31ea6d6d9
                                                      • Opcode Fuzzy Hash: 1d4830ffbfe9d39db22e8412366ed52092ae95b233a1aacdf004fc0dc3794394
                                                      • Instruction Fuzzy Hash: 73E0D8B264020467D7508F06AC45F52FB98DB94A31F04C46BED081B742E171B5188AF1
                                                      Function 00FE23F4 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658390440.0000000000FE2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE2000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fe2000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8c1aca928eba71664b8b99ebce539ba80aff31dbd3c4f1861e97af50ba0a7c04
                                                      • Instruction ID: 169d75e01fb57fe68cc746b89c7307b3a78e0fee26f081a9f1536340e4477a31
                                                      • Opcode Fuzzy Hash: 8c1aca928eba71664b8b99ebce539ba80aff31dbd3c4f1861e97af50ba0a7c04
                                                      • Instruction Fuzzy Hash: D6D05E796056C14FD316DB1DC1A4B9537D8AB51724F4A44FAA8008BBB3C768E981E650
                                                      Function 00FE23BC Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.4658390440.0000000000FE2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FE2000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_fe2000_enai2.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0391d12ed6c316d621c3793ce6792a659d92aa482d37a436c9ab60be4ac36678
                                                      • Instruction ID: f951f5f26579cffa52f7cfede06d6f4d3c8c3721884ed5e822e0283c25cc6a4e
                                                      • Opcode Fuzzy Hash: 0391d12ed6c316d621c3793ce6792a659d92aa482d37a436c9ab60be4ac36678
                                                      • Instruction Fuzzy Hash: 70D05E346002C14FC715DB0DC6D4F5977D8AB40725F1A44E8AC108B762C7A8E8C0DE00