Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
a1K847qsM0.exe

Overview

General Information

Sample name:a1K847qsM0.exe
renamed because original name is a hash value
Original sample name:55e2016fcb659bdf0f46a24ef2876609.exe
Analysis ID:1580216
MD5:55e2016fcb659bdf0f46a24ef2876609
SHA1:5afb69f26ddf1884372643a2b00d16a481fc7c26
SHA256:3825fe6fd9e8754b3d4a374b8c73884647c6898d5e1220a0fe89b1a3dc8e35c4
Tags:exenjratRATuser-abuse_ch
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Njrat
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to disable the Task Manager (.Net Source)
Contains functionality to spread to USB devices (.Net source)
Disables zone checking for all users
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SLDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

  • System is w10x64
  • a1K847qsM0.exe (PID: 1276 cmdline: "C:\Users\user\Desktop\a1K847qsM0.exe" MD5: 55E2016FCB659BDF0F46A24EF2876609)
    • server.exe (PID: 384 cmdline: "C:\Users\user\AppData\Local\Temp\server.exe" MD5: 55E2016FCB659BDF0F46A24EF2876609)
      • netsh.exe (PID: 5040 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 6396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 904 cmdline: netsh firewall delete allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 7056 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • netsh.exe (PID: 7064 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 1576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Explower.exe (PID: 6568 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe" MD5: 55E2016FCB659BDF0F46A24EF2876609)
  • Microsoft Corporation.exe (PID: 3116 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe" MD5: 55E2016FCB659BDF0F46A24EF2876609)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat
{"Campaign ID": "Owned", "Version": "0.7d", "Install Name": "24983f03fb74576bbc5af6aa1085b23d", "Install Dir": "system", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Network Seprator": "|'|'|"}
SourceRuleDescriptionAuthorStrings
a1K847qsM0.exeJoeSecurity_NjratYara detected NjratJoe Security
    a1K847qsM0.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x115d2:$a1: get_Registry
    • 0x15a37:$a2: SEE_MASK_NOZONECHECKS
    • 0x156d9:$a3: Download ERROR
    • 0x15c89:$a4: cmd.exe /c ping 0 -n 2 & del "
    • 0x13c16:$a5: netsh firewall delete allowedprogram "
    a1K847qsM0.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
    • 0x15c89:$x1: cmd.exe /c ping 0 -n 2 & del "
    • 0x137a2:$s1: winmgmts:\\.\root\SecurityCenter2
    • 0x156f7:$s3: Executed As
    • 0x124f0:$s5: Stub.exe
    • 0x156d9:$s6: Download ERROR
    • 0x13764:$s8: Select * From AntiVirusProduct
    a1K847qsM0.execrimeware_njrat_stringsDetects njRAT based on some stringsSekoia.io
    • 0x1547b:$: set cdaudio door closed
    • 0x1543f:$: set cdaudio door open
    • 0x15c9f:$: ping 0
    • 0x13412:$: [endof]
    • 0x132cc:$: TiGeR-Firewall
    • 0x132fa:$: NetSnifferCs
    • 0x132b8:$: IPBlocker
    • 0x13314:$: Sandboxie Control
    a1K847qsM0.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
    • 0x15a37:$reg: SEE_MASK_NOZONECHECKS
    • 0x156bd:$msg: Execute ERROR
    • 0x15711:$msg: Execute ERROR
    • 0x15c89:$ping: cmd.exe /c ping 0 -n 2 & del
    Click to see the 1 entries
    SourceRuleDescriptionAuthorStrings
    C:\Program Files (x86)\Explower.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Program Files (x86)\Explower.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x115d2:$a1: get_Registry
      • 0x15a37:$a2: SEE_MASK_NOZONECHECKS
      • 0x156d9:$a3: Download ERROR
      • 0x15c89:$a4: cmd.exe /c ping 0 -n 2 & del "
      • 0x13c16:$a5: netsh firewall delete allowedprogram "
      C:\Program Files (x86)\Explower.exeCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
      • 0x15c89:$x1: cmd.exe /c ping 0 -n 2 & del "
      • 0x137a2:$s1: winmgmts:\\.\root\SecurityCenter2
      • 0x156f7:$s3: Executed As
      • 0x124f0:$s5: Stub.exe
      • 0x156d9:$s6: Download ERROR
      • 0x13764:$s8: Select * From AntiVirusProduct
      C:\Program Files (x86)\Explower.execrimeware_njrat_stringsDetects njRAT based on some stringsSekoia.io
      • 0x1547b:$: set cdaudio door closed
      • 0x1543f:$: set cdaudio door open
      • 0x15c9f:$: ping 0
      • 0x13412:$: [endof]
      • 0x132cc:$: TiGeR-Firewall
      • 0x132fa:$: NetSnifferCs
      • 0x132b8:$: IPBlocker
      • 0x13314:$: Sandboxie Control
      C:\Program Files (x86)\Explower.exeNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
      • 0x15a37:$reg: SEE_MASK_NOZONECHECKS
      • 0x156bd:$msg: Execute ERROR
      • 0x15711:$msg: Execute ERROR
      • 0x15c89:$ping: cmd.exe /c ping 0 -n 2 & del
      Click to see the 79 entries
      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
        00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
        • 0x115f2:$a1: get_Registry
        • 0x15a57:$a2: SEE_MASK_NOZONECHECKS
        • 0x156f9:$a3: Download ERROR
        • 0x15ca9:$a4: cmd.exe /c ping 0 -n 2 & del "
        • 0x13c36:$a5: netsh firewall delete allowedprogram "
        00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmpNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
        • 0x15a57:$reg: SEE_MASK_NOZONECHECKS
        • 0x156dd:$msg: Execute ERROR
        • 0x15731:$msg: Execute ERROR
        • 0x15ca9:$ping: cmd.exe /c ping 0 -n 2 & del
        00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x113d2:$a1: get_Registry
          • 0x15837:$a2: SEE_MASK_NOZONECHECKS
          • 0x154d9:$a3: Download ERROR
          • 0x15a89:$a4: cmd.exe /c ping 0 -n 2 & del "
          • 0x13a16:$a5: netsh firewall delete allowedprogram "
          Click to see the 4 entries
          SourceRuleDescriptionAuthorStrings
          0.0.a1K847qsM0.exe.d20000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
            0.0.a1K847qsM0.exe.d20000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
            • 0x115d2:$a1: get_Registry
            • 0x15a37:$a2: SEE_MASK_NOZONECHECKS
            • 0x156d9:$a3: Download ERROR
            • 0x15c89:$a4: cmd.exe /c ping 0 -n 2 & del "
            • 0x13c16:$a5: netsh firewall delete allowedprogram "
            0.0.a1K847qsM0.exe.d20000.0.unpackCN_disclosed_20180208_cDetects malware from disclosed CN malware setFlorian Roth
            • 0x15c89:$x1: cmd.exe /c ping 0 -n 2 & del "
            • 0x137a2:$s1: winmgmts:\\.\root\SecurityCenter2
            • 0x156f7:$s3: Executed As
            • 0x124f0:$s5: Stub.exe
            • 0x156d9:$s6: Download ERROR
            • 0x13764:$s8: Select * From AntiVirusProduct
            0.0.a1K847qsM0.exe.d20000.0.unpackcrimeware_njrat_stringsDetects njRAT based on some stringsSekoia.io
            • 0x1547b:$: set cdaudio door closed
            • 0x1543f:$: set cdaudio door open
            • 0x15c9f:$: ping 0
            • 0x13412:$: [endof]
            • 0x132cc:$: TiGeR-Firewall
            • 0x132fa:$: NetSnifferCs
            • 0x132b8:$: IPBlocker
            • 0x13314:$: Sandboxie Control
            0.0.a1K847qsM0.exe.d20000.0.unpackNjratdetect njRAT in memoryJPCERT/CC Incident Response Group
            • 0x15a37:$reg: SEE_MASK_NOZONECHECKS
            • 0x156bd:$msg: Execute ERROR
            • 0x15711:$msg: Execute ERROR
            • 0x15c89:$ping: cmd.exe /c ping 0 -n 2 & del
            Click to see the 1 entries

            System Summary

            barindex
            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\server.exe, ProcessId: 384, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-24T03:42:31.917473+010020211761Malware Command and Control Activity Detected192.168.2.549704167.71.56.11622342TCP
            2024-12-24T03:42:34.840507+010020211761Malware Command and Control Activity Detected192.168.2.549705167.71.56.11622342TCP
            2024-12-24T03:42:38.042047+010020211761Malware Command and Control Activity Detected192.168.2.549707167.71.56.11622342TCP
            2024-12-24T03:42:41.244863+010020211761Malware Command and Control Activity Detected192.168.2.549714167.71.56.11622342TCP
            2024-12-24T03:42:44.450837+010020211761Malware Command and Control Activity Detected192.168.2.549722167.71.56.11622342TCP
            2024-12-24T03:42:47.651430+010020211761Malware Command and Control Activity Detected192.168.2.549729167.71.56.11622342TCP
            2024-12-24T03:42:50.838855+010020211761Malware Command and Control Activity Detected192.168.2.549739167.71.56.11622342TCP
            2024-12-24T03:42:54.026484+010020211761Malware Command and Control Activity Detected192.168.2.549746167.71.56.11622342TCP
            2024-12-24T03:42:57.213455+010020211761Malware Command and Control Activity Detected192.168.2.549752167.71.56.11622342TCP
            2024-12-24T03:43:00.404749+010020211761Malware Command and Control Activity Detected192.168.2.549763167.71.56.11622342TCP
            2024-12-24T03:43:03.604465+010020211761Malware Command and Control Activity Detected192.168.2.549769167.71.56.11622342TCP
            2024-12-24T03:43:06.791787+010020211761Malware Command and Control Activity Detected192.168.2.549780167.71.56.11622342TCP
            2024-12-24T03:43:09.995359+010020211761Malware Command and Control Activity Detected192.168.2.549786167.71.56.11622342TCP
            2024-12-24T03:43:13.182429+010020211761Malware Command and Control Activity Detected192.168.2.549797167.71.56.11622342TCP
            2024-12-24T03:43:16.416324+010020211761Malware Command and Control Activity Detected192.168.2.549803167.71.56.11622342TCP
            2024-12-24T03:43:19.765068+010020211761Malware Command and Control Activity Detected192.168.2.549809167.71.56.11622342TCP
            2024-12-24T03:43:22.960273+010020211761Malware Command and Control Activity Detected192.168.2.549821167.71.56.11622342TCP
            2024-12-24T03:43:26.026530+010020211761Malware Command and Control Activity Detected192.168.2.549827167.71.56.11622342TCP
            2024-12-24T03:43:28.964168+010020211761Malware Command and Control Activity Detected192.168.2.549838167.71.56.11622342TCP
            2024-12-24T03:43:31.792461+010020211761Malware Command and Control Activity Detected192.168.2.549844167.71.56.11622342TCP
            2024-12-24T03:43:34.495186+010020211761Malware Command and Control Activity Detected192.168.2.549850167.71.56.11622342TCP
            2024-12-24T03:43:37.140390+010020211761Malware Command and Control Activity Detected192.168.2.549855167.71.56.11622342TCP
            2024-12-24T03:43:39.651284+010020211761Malware Command and Control Activity Detected192.168.2.549864167.71.56.11622342TCP
            2024-12-24T03:43:42.091237+010020211761Malware Command and Control Activity Detected192.168.2.549872167.71.56.11622342TCP
            2024-12-24T03:43:44.432817+010020211761Malware Command and Control Activity Detected192.168.2.549878167.71.56.11622342TCP
            2024-12-24T03:43:46.714076+010020211761Malware Command and Control Activity Detected192.168.2.549884167.71.56.11622342TCP
            2024-12-24T03:43:48.940559+010020211761Malware Command and Control Activity Detected192.168.2.549890167.71.56.11622342TCP
            2024-12-24T03:43:51.028647+010020211761Malware Command and Control Activity Detected192.168.2.549896167.71.56.11622342TCP
            2024-12-24T03:43:53.088885+010020211761Malware Command and Control Activity Detected192.168.2.549902167.71.56.11622342TCP
            2024-12-24T03:43:55.091466+010020211761Malware Command and Control Activity Detected192.168.2.549908167.71.56.11622342TCP
            2024-12-24T03:43:57.059790+010020211761Malware Command and Control Activity Detected192.168.2.549911167.71.56.11622342TCP
            2024-12-24T03:43:58.997569+010020211761Malware Command and Control Activity Detected192.168.2.549915167.71.56.11622342TCP
            2024-12-24T03:44:00.883734+010020211761Malware Command and Control Activity Detected192.168.2.549921167.71.56.11622342TCP
            2024-12-24T03:44:02.699785+010020211761Malware Command and Control Activity Detected192.168.2.549927167.71.56.11622342TCP
            2024-12-24T03:44:04.487222+010020211761Malware Command and Control Activity Detected192.168.2.549932167.71.56.11622342TCP
            2024-12-24T03:44:06.250790+010020211761Malware Command and Control Activity Detected192.168.2.549935167.71.56.11622342TCP
            2024-12-24T03:44:07.924340+010020211761Malware Command and Control Activity Detected192.168.2.549940167.71.56.11622342TCP
            2024-12-24T03:44:09.619729+010020211761Malware Command and Control Activity Detected192.168.2.549945167.71.56.11622342TCP
            2024-12-24T03:44:11.468913+010020211761Malware Command and Control Activity Detected192.168.2.549948167.71.56.11622342TCP
            2024-12-24T03:44:13.088468+010020211761Malware Command and Control Activity Detected192.168.2.549954167.71.56.11622342TCP
            2024-12-24T03:44:14.670029+010020211761Malware Command and Control Activity Detected192.168.2.549959167.71.56.11622342TCP
            2024-12-24T03:44:16.458588+010020211761Malware Command and Control Activity Detected192.168.2.549961167.71.56.11622342TCP
            2024-12-24T03:44:17.978837+010020211761Malware Command and Control Activity Detected192.168.2.549967167.71.56.11622342TCP
            2024-12-24T03:44:19.527186+010020211761Malware Command and Control Activity Detected192.168.2.549973167.71.56.11622342TCP
            2024-12-24T03:44:21.012032+010020211761Malware Command and Control Activity Detected192.168.2.549974167.71.56.11622342TCP
            2024-12-24T03:44:22.479197+010020211761Malware Command and Control Activity Detected192.168.2.549980167.71.56.11622342TCP
            2024-12-24T03:44:23.916274+010020211761Malware Command and Control Activity Detected192.168.2.549986167.71.56.11622342TCP
            2024-12-24T03:44:25.354344+010020211761Malware Command and Control Activity Detected192.168.2.549987167.71.56.11622342TCP
            2024-12-24T03:44:26.775852+010020211761Malware Command and Control Activity Detected192.168.2.549993167.71.56.11622342TCP
            2024-12-24T03:44:28.169642+010020211761Malware Command and Control Activity Detected192.168.2.549999167.71.56.11622342TCP
            2024-12-24T03:44:29.558902+010020211761Malware Command and Control Activity Detected192.168.2.550000167.71.56.11622342TCP
            2024-12-24T03:44:30.947858+010020211761Malware Command and Control Activity Detected192.168.2.550006167.71.56.11622342TCP
            2024-12-24T03:44:32.322518+010020211761Malware Command and Control Activity Detected192.168.2.550008167.71.56.11622342TCP
            2024-12-24T03:44:33.666668+010020211761Malware Command and Control Activity Detected192.168.2.550013167.71.56.11622342TCP
            2024-12-24T03:44:35.014287+010020211761Malware Command and Control Activity Detected192.168.2.550018167.71.56.11622342TCP
            2024-12-24T03:44:36.339745+010020211761Malware Command and Control Activity Detected192.168.2.550020167.71.56.11622342TCP
            2024-12-24T03:44:37.666445+010020211761Malware Command and Control Activity Detected192.168.2.550025167.71.56.11622342TCP
            2024-12-24T03:44:38.989552+010020211761Malware Command and Control Activity Detected192.168.2.550029167.71.56.11622342TCP
            2024-12-24T03:44:40.293839+010020211761Malware Command and Control Activity Detected192.168.2.550033167.71.56.11622342TCP
            2024-12-24T03:44:41.588169+010020211761Malware Command and Control Activity Detected192.168.2.550035167.71.56.11622342TCP
            2024-12-24T03:44:42.869517+010020211761Malware Command and Control Activity Detected192.168.2.550036167.71.56.11622342TCP
            2024-12-24T03:44:44.228764+010020211761Malware Command and Control Activity Detected192.168.2.550037167.71.56.11622342TCP
            2024-12-24T03:44:45.519523+010020211761Malware Command and Control Activity Detected192.168.2.550038167.71.56.11622342TCP
            2024-12-24T03:44:46.791499+010020211761Malware Command and Control Activity Detected192.168.2.550039167.71.56.11622342TCP
            2024-12-24T03:44:48.060465+010020211761Malware Command and Control Activity Detected192.168.2.550040167.71.56.11622342TCP
            2024-12-24T03:44:49.344442+010020211761Malware Command and Control Activity Detected192.168.2.550041167.71.56.11622342TCP
            2024-12-24T03:44:50.604430+010020211761Malware Command and Control Activity Detected192.168.2.550042167.71.56.11622342TCP
            2024-12-24T03:44:51.853881+010020211761Malware Command and Control Activity Detected192.168.2.550043167.71.56.11622342TCP
            2024-12-24T03:44:53.104831+010020211761Malware Command and Control Activity Detected192.168.2.550044167.71.56.11622342TCP
            2024-12-24T03:44:54.353767+010020211761Malware Command and Control Activity Detected192.168.2.550045167.71.56.11622342TCP
            2024-12-24T03:44:55.605732+010020211761Malware Command and Control Activity Detected192.168.2.550046167.71.56.11622342TCP
            2024-12-24T03:44:56.875912+010020211761Malware Command and Control Activity Detected192.168.2.550047167.71.56.11622342TCP
            2024-12-24T03:44:58.104743+010020211761Malware Command and Control Activity Detected192.168.2.550048167.71.56.11622342TCP
            2024-12-24T03:44:59.338648+010020211761Malware Command and Control Activity Detected192.168.2.550049167.71.56.11622342TCP
            2024-12-24T03:45:00.577961+010020211761Malware Command and Control Activity Detected192.168.2.550050167.71.56.11622342TCP
            2024-12-24T03:45:01.811232+010020211761Malware Command and Control Activity Detected192.168.2.550051167.71.56.11622342TCP
            2024-12-24T03:45:03.041537+010020211761Malware Command and Control Activity Detected192.168.2.550052167.71.56.11622342TCP
            2024-12-24T03:45:04.278874+010020211761Malware Command and Control Activity Detected192.168.2.550053167.71.56.11622342TCP
            2024-12-24T03:45:05.512107+010020211761Malware Command and Control Activity Detected192.168.2.550054167.71.56.11622342TCP
            2024-12-24T03:45:06.733096+010020211761Malware Command and Control Activity Detected192.168.2.550055167.71.56.11622342TCP
            2024-12-24T03:45:07.963717+010020211761Malware Command and Control Activity Detected192.168.2.550056167.71.56.11622342TCP
            2024-12-24T03:45:09.262684+010020211761Malware Command and Control Activity Detected192.168.2.550057167.71.56.11622342TCP
            2024-12-24T03:45:10.482980+010020211761Malware Command and Control Activity Detected192.168.2.550058167.71.56.11622342TCP
            2024-12-24T03:45:11.706340+010020211761Malware Command and Control Activity Detected192.168.2.550059167.71.56.11622342TCP
            2024-12-24T03:45:12.916823+010020211761Malware Command and Control Activity Detected192.168.2.550060167.71.56.11622342TCP
            2024-12-24T03:45:14.160163+010020211761Malware Command and Control Activity Detected192.168.2.550061167.71.56.11622342TCP
            2024-12-24T03:45:15.498213+010020211761Malware Command and Control Activity Detected192.168.2.550062167.71.56.11622342TCP
            2024-12-24T03:45:16.715585+010020211761Malware Command and Control Activity Detected192.168.2.550063167.71.56.11622342TCP
            2024-12-24T03:45:17.916878+010020211761Malware Command and Control Activity Detected192.168.2.550064167.71.56.11622342TCP
            2024-12-24T03:45:19.124611+010020211761Malware Command and Control Activity Detected192.168.2.550065167.71.56.11622342TCP
            2024-12-24T03:45:20.327950+010020211761Malware Command and Control Activity Detected192.168.2.550066167.71.56.11622342TCP
            2024-12-24T03:45:21.525678+010020211761Malware Command and Control Activity Detected192.168.2.550067167.71.56.11622342TCP
            2024-12-24T03:45:22.769407+010020211761Malware Command and Control Activity Detected192.168.2.550068167.71.56.11622342TCP
            2024-12-24T03:45:23.979395+010020211761Malware Command and Control Activity Detected192.168.2.550069167.71.56.11622342TCP
            2024-12-24T03:45:25.260034+010020211761Malware Command and Control Activity Detected192.168.2.550070167.71.56.11622342TCP
            2024-12-24T03:45:26.467431+010020211761Malware Command and Control Activity Detected192.168.2.550071167.71.56.11622342TCP
            2024-12-24T03:45:27.666433+010020211761Malware Command and Control Activity Detected192.168.2.550072167.71.56.11622342TCP
            2024-12-24T03:45:28.870498+010020211761Malware Command and Control Activity Detected192.168.2.550073167.71.56.11622342TCP
            2024-12-24T03:45:30.073173+010020211761Malware Command and Control Activity Detected192.168.2.550074167.71.56.11622342TCP
            2024-12-24T03:45:31.275705+010020211761Malware Command and Control Activity Detected192.168.2.550075167.71.56.11622342TCP
            2024-12-24T03:45:32.479054+010020211761Malware Command and Control Activity Detected192.168.2.550076167.71.56.11622342TCP
            2024-12-24T03:45:33.681805+010020211761Malware Command and Control Activity Detected192.168.2.550077167.71.56.11622342TCP
            2024-12-24T03:45:34.885340+010020211761Malware Command and Control Activity Detected192.168.2.550078167.71.56.11622342TCP
            2024-12-24T03:45:36.088415+010020211761Malware Command and Control Activity Detected192.168.2.550079167.71.56.11622342TCP
            2024-12-24T03:45:37.314723+010020211761Malware Command and Control Activity Detected192.168.2.550080167.71.56.11622342TCP
            2024-12-24T03:45:38.559296+010020211761Malware Command and Control Activity Detected192.168.2.550081167.71.56.11622342TCP
            2024-12-24T03:45:39.762035+010020211761Malware Command and Control Activity Detected192.168.2.550082167.71.56.11622342TCP
            2024-12-24T03:45:40.965123+010020211761Malware Command and Control Activity Detected192.168.2.550083167.71.56.11622342TCP
            2024-12-24T03:45:42.167155+010020211761Malware Command and Control Activity Detected192.168.2.550084167.71.56.11622342TCP
            2024-12-24T03:45:43.369376+010020211761Malware Command and Control Activity Detected192.168.2.550085167.71.56.11622342TCP
            2024-12-24T03:45:44.556778+010020211761Malware Command and Control Activity Detected192.168.2.550086167.71.56.11622342TCP
            2024-12-24T03:45:45.775907+010020211761Malware Command and Control Activity Detected192.168.2.550087167.71.56.11622342TCP
            2024-12-24T03:45:46.978825+010020211761Malware Command and Control Activity Detected192.168.2.550088167.71.56.11622342TCP
            2024-12-24T03:45:48.183546+010020211761Malware Command and Control Activity Detected192.168.2.550089167.71.56.11622342TCP
            2024-12-24T03:45:49.462884+010020211761Malware Command and Control Activity Detected192.168.2.550090167.71.56.11622342TCP
            2024-12-24T03:45:50.670000+010020211761Malware Command and Control Activity Detected192.168.2.550091167.71.56.11622342TCP
            2024-12-24T03:45:51.878338+010020211761Malware Command and Control Activity Detected192.168.2.550092167.71.56.11622342TCP
            2024-12-24T03:45:53.072427+010020211761Malware Command and Control Activity Detected192.168.2.550093167.71.56.11622342TCP
            2024-12-24T03:45:54.285286+010020211761Malware Command and Control Activity Detected192.168.2.550094167.71.56.11622342TCP
            2024-12-24T03:45:55.478700+010020211761Malware Command and Control Activity Detected192.168.2.550095167.71.56.11622342TCP
            2024-12-24T03:45:56.666629+010020211761Malware Command and Control Activity Detected192.168.2.550096167.71.56.11622342TCP
            2024-12-24T03:45:57.853580+010020211761Malware Command and Control Activity Detected192.168.2.550097167.71.56.11622342TCP
            2024-12-24T03:45:59.041215+010020211761Malware Command and Control Activity Detected192.168.2.550098167.71.56.11622342TCP
            2024-12-24T03:46:00.251802+010020211761Malware Command and Control Activity Detected192.168.2.550099167.71.56.11622342TCP
            2024-12-24T03:46:01.433418+010020211761Malware Command and Control Activity Detected192.168.2.550100167.71.56.11622342TCP
            2024-12-24T03:46:02.638499+010020211761Malware Command and Control Activity Detected192.168.2.550101167.71.56.11622342TCP
            2024-12-24T03:46:03.838310+010020211761Malware Command and Control Activity Detected192.168.2.550102167.71.56.11622342TCP
            2024-12-24T03:46:05.041530+010020211761Malware Command and Control Activity Detected192.168.2.550103167.71.56.11622342TCP
            2024-12-24T03:46:06.244540+010020211761Malware Command and Control Activity Detected192.168.2.550104167.71.56.11622342TCP
            2024-12-24T03:46:07.447305+010020211761Malware Command and Control Activity Detected192.168.2.550105167.71.56.11622342TCP
            2024-12-24T03:46:08.650805+010020211761Malware Command and Control Activity Detected192.168.2.550106167.71.56.11622342TCP
            2024-12-24T03:46:09.886639+010020211761Malware Command and Control Activity Detected192.168.2.550107167.71.56.11622342TCP
            2024-12-24T03:46:11.088603+010020211761Malware Command and Control Activity Detected192.168.2.550108167.71.56.11622342TCP
            2024-12-24T03:46:12.291593+010020211761Malware Command and Control Activity Detected192.168.2.550109167.71.56.11622342TCP
            2024-12-24T03:46:13.513078+010020211761Malware Command and Control Activity Detected192.168.2.550110167.71.56.11622342TCP
            2024-12-24T03:46:14.691428+010020211761Malware Command and Control Activity Detected192.168.2.550111167.71.56.11622342TCP
            2024-12-24T03:46:15.879354+010020211761Malware Command and Control Activity Detected192.168.2.550112167.71.56.11622342TCP
            2024-12-24T03:46:17.070069+010020211761Malware Command and Control Activity Detected192.168.2.550113167.71.56.11622342TCP
            2024-12-24T03:46:18.266432+010020211761Malware Command and Control Activity Detected192.168.2.550114167.71.56.11622342TCP
            2024-12-24T03:46:19.447944+010020211761Malware Command and Control Activity Detected192.168.2.550115167.71.56.11622342TCP
            2024-12-24T03:46:20.637359+010020211761Malware Command and Control Activity Detected192.168.2.550116167.71.56.11622342TCP
            2024-12-24T03:46:21.827327+010020211761Malware Command and Control Activity Detected192.168.2.550117167.71.56.11622342TCP
            2024-12-24T03:46:23.012600+010020211761Malware Command and Control Activity Detected192.168.2.550118167.71.56.11622342TCP
            2024-12-24T03:46:24.207497+010020211761Malware Command and Control Activity Detected192.168.2.550119167.71.56.11622342TCP
            2024-12-24T03:46:25.402623+010020211761Malware Command and Control Activity Detected192.168.2.550120167.71.56.11622342TCP
            2024-12-24T03:46:26.619599+010020211761Malware Command and Control Activity Detected192.168.2.550121167.71.56.11622342TCP
            2024-12-24T03:46:27.807153+010020211761Malware Command and Control Activity Detected192.168.2.550122167.71.56.11622342TCP
            2024-12-24T03:46:28.994042+010020211761Malware Command and Control Activity Detected192.168.2.550123167.71.56.11622342TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-24T03:42:31.917473+010020331321Malware Command and Control Activity Detected192.168.2.549704167.71.56.11622342TCP
            2024-12-24T03:42:34.840507+010020331321Malware Command and Control Activity Detected192.168.2.549705167.71.56.11622342TCP
            2024-12-24T03:42:38.042047+010020331321Malware Command and Control Activity Detected192.168.2.549707167.71.56.11622342TCP
            2024-12-24T03:42:41.244863+010020331321Malware Command and Control Activity Detected192.168.2.549714167.71.56.11622342TCP
            2024-12-24T03:42:44.450837+010020331321Malware Command and Control Activity Detected192.168.2.549722167.71.56.11622342TCP
            2024-12-24T03:42:47.651430+010020331321Malware Command and Control Activity Detected192.168.2.549729167.71.56.11622342TCP
            2024-12-24T03:42:50.838855+010020331321Malware Command and Control Activity Detected192.168.2.549739167.71.56.11622342TCP
            2024-12-24T03:42:54.026484+010020331321Malware Command and Control Activity Detected192.168.2.549746167.71.56.11622342TCP
            2024-12-24T03:42:57.213455+010020331321Malware Command and Control Activity Detected192.168.2.549752167.71.56.11622342TCP
            2024-12-24T03:43:00.404749+010020331321Malware Command and Control Activity Detected192.168.2.549763167.71.56.11622342TCP
            2024-12-24T03:43:03.604465+010020331321Malware Command and Control Activity Detected192.168.2.549769167.71.56.11622342TCP
            2024-12-24T03:43:06.791787+010020331321Malware Command and Control Activity Detected192.168.2.549780167.71.56.11622342TCP
            2024-12-24T03:43:09.995359+010020331321Malware Command and Control Activity Detected192.168.2.549786167.71.56.11622342TCP
            2024-12-24T03:43:13.182429+010020331321Malware Command and Control Activity Detected192.168.2.549797167.71.56.11622342TCP
            2024-12-24T03:43:16.416324+010020331321Malware Command and Control Activity Detected192.168.2.549803167.71.56.11622342TCP
            2024-12-24T03:43:19.765068+010020331321Malware Command and Control Activity Detected192.168.2.549809167.71.56.11622342TCP
            2024-12-24T03:43:22.960273+010020331321Malware Command and Control Activity Detected192.168.2.549821167.71.56.11622342TCP
            2024-12-24T03:43:26.026530+010020331321Malware Command and Control Activity Detected192.168.2.549827167.71.56.11622342TCP
            2024-12-24T03:43:28.964168+010020331321Malware Command and Control Activity Detected192.168.2.549838167.71.56.11622342TCP
            2024-12-24T03:43:31.792461+010020331321Malware Command and Control Activity Detected192.168.2.549844167.71.56.11622342TCP
            2024-12-24T03:43:34.495186+010020331321Malware Command and Control Activity Detected192.168.2.549850167.71.56.11622342TCP
            2024-12-24T03:43:37.140390+010020331321Malware Command and Control Activity Detected192.168.2.549855167.71.56.11622342TCP
            2024-12-24T03:43:39.651284+010020331321Malware Command and Control Activity Detected192.168.2.549864167.71.56.11622342TCP
            2024-12-24T03:43:42.091237+010020331321Malware Command and Control Activity Detected192.168.2.549872167.71.56.11622342TCP
            2024-12-24T03:43:44.432817+010020331321Malware Command and Control Activity Detected192.168.2.549878167.71.56.11622342TCP
            2024-12-24T03:43:46.714076+010020331321Malware Command and Control Activity Detected192.168.2.549884167.71.56.11622342TCP
            2024-12-24T03:43:48.940559+010020331321Malware Command and Control Activity Detected192.168.2.549890167.71.56.11622342TCP
            2024-12-24T03:43:51.028647+010020331321Malware Command and Control Activity Detected192.168.2.549896167.71.56.11622342TCP
            2024-12-24T03:43:53.088885+010020331321Malware Command and Control Activity Detected192.168.2.549902167.71.56.11622342TCP
            2024-12-24T03:43:55.091466+010020331321Malware Command and Control Activity Detected192.168.2.549908167.71.56.11622342TCP
            2024-12-24T03:43:57.059790+010020331321Malware Command and Control Activity Detected192.168.2.549911167.71.56.11622342TCP
            2024-12-24T03:43:58.997569+010020331321Malware Command and Control Activity Detected192.168.2.549915167.71.56.11622342TCP
            2024-12-24T03:44:00.883734+010020331321Malware Command and Control Activity Detected192.168.2.549921167.71.56.11622342TCP
            2024-12-24T03:44:02.699785+010020331321Malware Command and Control Activity Detected192.168.2.549927167.71.56.11622342TCP
            2024-12-24T03:44:04.487222+010020331321Malware Command and Control Activity Detected192.168.2.549932167.71.56.11622342TCP
            2024-12-24T03:44:06.250790+010020331321Malware Command and Control Activity Detected192.168.2.549935167.71.56.11622342TCP
            2024-12-24T03:44:07.924340+010020331321Malware Command and Control Activity Detected192.168.2.549940167.71.56.11622342TCP
            2024-12-24T03:44:09.619729+010020331321Malware Command and Control Activity Detected192.168.2.549945167.71.56.11622342TCP
            2024-12-24T03:44:11.468913+010020331321Malware Command and Control Activity Detected192.168.2.549948167.71.56.11622342TCP
            2024-12-24T03:44:13.088468+010020331321Malware Command and Control Activity Detected192.168.2.549954167.71.56.11622342TCP
            2024-12-24T03:44:14.670029+010020331321Malware Command and Control Activity Detected192.168.2.549959167.71.56.11622342TCP
            2024-12-24T03:44:16.458588+010020331321Malware Command and Control Activity Detected192.168.2.549961167.71.56.11622342TCP
            2024-12-24T03:44:17.978837+010020331321Malware Command and Control Activity Detected192.168.2.549967167.71.56.11622342TCP
            2024-12-24T03:44:19.527186+010020331321Malware Command and Control Activity Detected192.168.2.549973167.71.56.11622342TCP
            2024-12-24T03:44:21.012032+010020331321Malware Command and Control Activity Detected192.168.2.549974167.71.56.11622342TCP
            2024-12-24T03:44:22.479197+010020331321Malware Command and Control Activity Detected192.168.2.549980167.71.56.11622342TCP
            2024-12-24T03:44:23.916274+010020331321Malware Command and Control Activity Detected192.168.2.549986167.71.56.11622342TCP
            2024-12-24T03:44:25.354344+010020331321Malware Command and Control Activity Detected192.168.2.549987167.71.56.11622342TCP
            2024-12-24T03:44:26.775852+010020331321Malware Command and Control Activity Detected192.168.2.549993167.71.56.11622342TCP
            2024-12-24T03:44:28.169642+010020331321Malware Command and Control Activity Detected192.168.2.549999167.71.56.11622342TCP
            2024-12-24T03:44:29.558902+010020331321Malware Command and Control Activity Detected192.168.2.550000167.71.56.11622342TCP
            2024-12-24T03:44:30.947858+010020331321Malware Command and Control Activity Detected192.168.2.550006167.71.56.11622342TCP
            2024-12-24T03:44:32.322518+010020331321Malware Command and Control Activity Detected192.168.2.550008167.71.56.11622342TCP
            2024-12-24T03:44:33.666668+010020331321Malware Command and Control Activity Detected192.168.2.550013167.71.56.11622342TCP
            2024-12-24T03:44:35.014287+010020331321Malware Command and Control Activity Detected192.168.2.550018167.71.56.11622342TCP
            2024-12-24T03:44:36.339745+010020331321Malware Command and Control Activity Detected192.168.2.550020167.71.56.11622342TCP
            2024-12-24T03:44:37.666445+010020331321Malware Command and Control Activity Detected192.168.2.550025167.71.56.11622342TCP
            2024-12-24T03:44:38.989552+010020331321Malware Command and Control Activity Detected192.168.2.550029167.71.56.11622342TCP
            2024-12-24T03:44:40.293839+010020331321Malware Command and Control Activity Detected192.168.2.550033167.71.56.11622342TCP
            2024-12-24T03:44:41.588169+010020331321Malware Command and Control Activity Detected192.168.2.550035167.71.56.11622342TCP
            2024-12-24T03:44:42.869517+010020331321Malware Command and Control Activity Detected192.168.2.550036167.71.56.11622342TCP
            2024-12-24T03:44:44.228764+010020331321Malware Command and Control Activity Detected192.168.2.550037167.71.56.11622342TCP
            2024-12-24T03:44:45.519523+010020331321Malware Command and Control Activity Detected192.168.2.550038167.71.56.11622342TCP
            2024-12-24T03:44:46.791499+010020331321Malware Command and Control Activity Detected192.168.2.550039167.71.56.11622342TCP
            2024-12-24T03:44:48.060465+010020331321Malware Command and Control Activity Detected192.168.2.550040167.71.56.11622342TCP
            2024-12-24T03:44:49.344442+010020331321Malware Command and Control Activity Detected192.168.2.550041167.71.56.11622342TCP
            2024-12-24T03:44:50.604430+010020331321Malware Command and Control Activity Detected192.168.2.550042167.71.56.11622342TCP
            2024-12-24T03:44:51.853881+010020331321Malware Command and Control Activity Detected192.168.2.550043167.71.56.11622342TCP
            2024-12-24T03:44:53.104831+010020331321Malware Command and Control Activity Detected192.168.2.550044167.71.56.11622342TCP
            2024-12-24T03:44:54.353767+010020331321Malware Command and Control Activity Detected192.168.2.550045167.71.56.11622342TCP
            2024-12-24T03:44:55.605732+010020331321Malware Command and Control Activity Detected192.168.2.550046167.71.56.11622342TCP
            2024-12-24T03:44:56.875912+010020331321Malware Command and Control Activity Detected192.168.2.550047167.71.56.11622342TCP
            2024-12-24T03:44:58.104743+010020331321Malware Command and Control Activity Detected192.168.2.550048167.71.56.11622342TCP
            2024-12-24T03:44:59.338648+010020331321Malware Command and Control Activity Detected192.168.2.550049167.71.56.11622342TCP
            2024-12-24T03:45:00.577961+010020331321Malware Command and Control Activity Detected192.168.2.550050167.71.56.11622342TCP
            2024-12-24T03:45:01.811232+010020331321Malware Command and Control Activity Detected192.168.2.550051167.71.56.11622342TCP
            2024-12-24T03:45:03.041537+010020331321Malware Command and Control Activity Detected192.168.2.550052167.71.56.11622342TCP
            2024-12-24T03:45:04.278874+010020331321Malware Command and Control Activity Detected192.168.2.550053167.71.56.11622342TCP
            2024-12-24T03:45:05.512107+010020331321Malware Command and Control Activity Detected192.168.2.550054167.71.56.11622342TCP
            2024-12-24T03:45:06.733096+010020331321Malware Command and Control Activity Detected192.168.2.550055167.71.56.11622342TCP
            2024-12-24T03:45:07.963717+010020331321Malware Command and Control Activity Detected192.168.2.550056167.71.56.11622342TCP
            2024-12-24T03:45:09.262684+010020331321Malware Command and Control Activity Detected192.168.2.550057167.71.56.11622342TCP
            2024-12-24T03:45:10.482980+010020331321Malware Command and Control Activity Detected192.168.2.550058167.71.56.11622342TCP
            2024-12-24T03:45:11.706340+010020331321Malware Command and Control Activity Detected192.168.2.550059167.71.56.11622342TCP
            2024-12-24T03:45:12.916823+010020331321Malware Command and Control Activity Detected192.168.2.550060167.71.56.11622342TCP
            2024-12-24T03:45:14.160163+010020331321Malware Command and Control Activity Detected192.168.2.550061167.71.56.11622342TCP
            2024-12-24T03:45:15.498213+010020331321Malware Command and Control Activity Detected192.168.2.550062167.71.56.11622342TCP
            2024-12-24T03:45:16.715585+010020331321Malware Command and Control Activity Detected192.168.2.550063167.71.56.11622342TCP
            2024-12-24T03:45:17.916878+010020331321Malware Command and Control Activity Detected192.168.2.550064167.71.56.11622342TCP
            2024-12-24T03:45:19.124611+010020331321Malware Command and Control Activity Detected192.168.2.550065167.71.56.11622342TCP
            2024-12-24T03:45:20.327950+010020331321Malware Command and Control Activity Detected192.168.2.550066167.71.56.11622342TCP
            2024-12-24T03:45:21.525678+010020331321Malware Command and Control Activity Detected192.168.2.550067167.71.56.11622342TCP
            2024-12-24T03:45:22.769407+010020331321Malware Command and Control Activity Detected192.168.2.550068167.71.56.11622342TCP
            2024-12-24T03:45:23.979395+010020331321Malware Command and Control Activity Detected192.168.2.550069167.71.56.11622342TCP
            2024-12-24T03:45:25.260034+010020331321Malware Command and Control Activity Detected192.168.2.550070167.71.56.11622342TCP
            2024-12-24T03:45:26.467431+010020331321Malware Command and Control Activity Detected192.168.2.550071167.71.56.11622342TCP
            2024-12-24T03:45:27.666433+010020331321Malware Command and Control Activity Detected192.168.2.550072167.71.56.11622342TCP
            2024-12-24T03:45:28.870498+010020331321Malware Command and Control Activity Detected192.168.2.550073167.71.56.11622342TCP
            2024-12-24T03:45:30.073173+010020331321Malware Command and Control Activity Detected192.168.2.550074167.71.56.11622342TCP
            2024-12-24T03:45:31.275705+010020331321Malware Command and Control Activity Detected192.168.2.550075167.71.56.11622342TCP
            2024-12-24T03:45:32.479054+010020331321Malware Command and Control Activity Detected192.168.2.550076167.71.56.11622342TCP
            2024-12-24T03:45:33.681805+010020331321Malware Command and Control Activity Detected192.168.2.550077167.71.56.11622342TCP
            2024-12-24T03:45:34.885340+010020331321Malware Command and Control Activity Detected192.168.2.550078167.71.56.11622342TCP
            2024-12-24T03:45:36.088415+010020331321Malware Command and Control Activity Detected192.168.2.550079167.71.56.11622342TCP
            2024-12-24T03:45:37.314723+010020331321Malware Command and Control Activity Detected192.168.2.550080167.71.56.11622342TCP
            2024-12-24T03:45:38.559296+010020331321Malware Command and Control Activity Detected192.168.2.550081167.71.56.11622342TCP
            2024-12-24T03:45:39.762035+010020331321Malware Command and Control Activity Detected192.168.2.550082167.71.56.11622342TCP
            2024-12-24T03:45:40.965123+010020331321Malware Command and Control Activity Detected192.168.2.550083167.71.56.11622342TCP
            2024-12-24T03:45:42.167155+010020331321Malware Command and Control Activity Detected192.168.2.550084167.71.56.11622342TCP
            2024-12-24T03:45:43.369376+010020331321Malware Command and Control Activity Detected192.168.2.550085167.71.56.11622342TCP
            2024-12-24T03:45:44.556778+010020331321Malware Command and Control Activity Detected192.168.2.550086167.71.56.11622342TCP
            2024-12-24T03:45:45.775907+010020331321Malware Command and Control Activity Detected192.168.2.550087167.71.56.11622342TCP
            2024-12-24T03:45:46.978825+010020331321Malware Command and Control Activity Detected192.168.2.550088167.71.56.11622342TCP
            2024-12-24T03:45:48.183546+010020331321Malware Command and Control Activity Detected192.168.2.550089167.71.56.11622342TCP
            2024-12-24T03:45:49.462884+010020331321Malware Command and Control Activity Detected192.168.2.550090167.71.56.11622342TCP
            2024-12-24T03:45:50.670000+010020331321Malware Command and Control Activity Detected192.168.2.550091167.71.56.11622342TCP
            2024-12-24T03:45:51.878338+010020331321Malware Command and Control Activity Detected192.168.2.550092167.71.56.11622342TCP
            2024-12-24T03:45:53.072427+010020331321Malware Command and Control Activity Detected192.168.2.550093167.71.56.11622342TCP
            2024-12-24T03:45:54.285286+010020331321Malware Command and Control Activity Detected192.168.2.550094167.71.56.11622342TCP
            2024-12-24T03:45:55.478700+010020331321Malware Command and Control Activity Detected192.168.2.550095167.71.56.11622342TCP
            2024-12-24T03:45:56.666629+010020331321Malware Command and Control Activity Detected192.168.2.550096167.71.56.11622342TCP
            2024-12-24T03:45:57.853580+010020331321Malware Command and Control Activity Detected192.168.2.550097167.71.56.11622342TCP
            2024-12-24T03:45:59.041215+010020331321Malware Command and Control Activity Detected192.168.2.550098167.71.56.11622342TCP
            2024-12-24T03:46:00.251802+010020331321Malware Command and Control Activity Detected192.168.2.550099167.71.56.11622342TCP
            2024-12-24T03:46:01.433418+010020331321Malware Command and Control Activity Detected192.168.2.550100167.71.56.11622342TCP
            2024-12-24T03:46:02.638499+010020331321Malware Command and Control Activity Detected192.168.2.550101167.71.56.11622342TCP
            2024-12-24T03:46:03.838310+010020331321Malware Command and Control Activity Detected192.168.2.550102167.71.56.11622342TCP
            2024-12-24T03:46:05.041530+010020331321Malware Command and Control Activity Detected192.168.2.550103167.71.56.11622342TCP
            2024-12-24T03:46:06.244540+010020331321Malware Command and Control Activity Detected192.168.2.550104167.71.56.11622342TCP
            2024-12-24T03:46:07.447305+010020331321Malware Command and Control Activity Detected192.168.2.550105167.71.56.11622342TCP
            2024-12-24T03:46:08.650805+010020331321Malware Command and Control Activity Detected192.168.2.550106167.71.56.11622342TCP
            2024-12-24T03:46:09.886639+010020331321Malware Command and Control Activity Detected192.168.2.550107167.71.56.11622342TCP
            2024-12-24T03:46:11.088603+010020331321Malware Command and Control Activity Detected192.168.2.550108167.71.56.11622342TCP
            2024-12-24T03:46:12.291593+010020331321Malware Command and Control Activity Detected192.168.2.550109167.71.56.11622342TCP
            2024-12-24T03:46:13.513078+010020331321Malware Command and Control Activity Detected192.168.2.550110167.71.56.11622342TCP
            2024-12-24T03:46:14.691428+010020331321Malware Command and Control Activity Detected192.168.2.550111167.71.56.11622342TCP
            2024-12-24T03:46:15.879354+010020331321Malware Command and Control Activity Detected192.168.2.550112167.71.56.11622342TCP
            2024-12-24T03:46:17.070069+010020331321Malware Command and Control Activity Detected192.168.2.550113167.71.56.11622342TCP
            2024-12-24T03:46:18.266432+010020331321Malware Command and Control Activity Detected192.168.2.550114167.71.56.11622342TCP
            2024-12-24T03:46:19.447944+010020331321Malware Command and Control Activity Detected192.168.2.550115167.71.56.11622342TCP
            2024-12-24T03:46:20.637359+010020331321Malware Command and Control Activity Detected192.168.2.550116167.71.56.11622342TCP
            2024-12-24T03:46:21.827327+010020331321Malware Command and Control Activity Detected192.168.2.550117167.71.56.11622342TCP
            2024-12-24T03:46:23.012600+010020331321Malware Command and Control Activity Detected192.168.2.550118167.71.56.11622342TCP
            2024-12-24T03:46:24.207497+010020331321Malware Command and Control Activity Detected192.168.2.550119167.71.56.11622342TCP
            2024-12-24T03:46:25.402623+010020331321Malware Command and Control Activity Detected192.168.2.550120167.71.56.11622342TCP
            2024-12-24T03:46:26.619599+010020331321Malware Command and Control Activity Detected192.168.2.550121167.71.56.11622342TCP
            2024-12-24T03:46:27.807153+010020331321Malware Command and Control Activity Detected192.168.2.550122167.71.56.11622342TCP
            2024-12-24T03:46:28.994042+010020331321Malware Command and Control Activity Detected192.168.2.550123167.71.56.11622342TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-24T03:42:54.315776+010028255641Malware Command and Control Activity Detected192.168.2.549746167.71.56.11622342TCP
            2024-12-24T03:43:20.004427+010028255641Malware Command and Control Activity Detected192.168.2.549809167.71.56.11622342TCP
            2024-12-24T03:44:27.437639+010028255641Malware Command and Control Activity Detected192.168.2.549993167.71.56.11622342TCP
            2024-12-24T03:44:35.345084+010028255641Malware Command and Control Activity Detected192.168.2.550018167.71.56.11622342TCP
            2024-12-24T03:44:41.827411+010028255641Malware Command and Control Activity Detected192.168.2.550035167.71.56.11622342TCP
            2024-12-24T03:44:46.548271+010028255641Malware Command and Control Activity Detected192.168.2.550038167.71.56.11622342TCP
            2024-12-24T03:44:53.468710+010028255641Malware Command and Control Activity Detected192.168.2.550044167.71.56.11622342TCP
            2024-12-24T03:44:57.342983+010028255641Malware Command and Control Activity Detected192.168.2.550047167.71.56.11622342TCP
            2024-12-24T03:44:58.673978+010028255641Malware Command and Control Activity Detected192.168.2.550048167.71.56.11622342TCP
            2024-12-24T03:44:59.718681+010028255641Malware Command and Control Activity Detected192.168.2.550049167.71.56.11622342TCP
            2024-12-24T03:45:02.573559+010028255641Malware Command and Control Activity Detected192.168.2.550051167.71.56.11622342TCP
            2024-12-24T03:45:03.282063+010028255641Malware Command and Control Activity Detected192.168.2.550052167.71.56.11622342TCP
            2024-12-24T03:45:20.567494+010028255641Malware Command and Control Activity Detected192.168.2.550066167.71.56.11622342TCP
            2024-12-24T03:45:45.125637+010028255641Malware Command and Control Activity Detected192.168.2.550086167.71.56.11622342TCP
            2024-12-24T03:45:52.359880+010028255641Malware Command and Control Activity Detected192.168.2.550092167.71.56.11622342TCP
            2024-12-24T03:46:02.176704+010028255641Malware Command and Control Activity Detected192.168.2.550100167.71.56.11622342TCP
            2024-12-24T03:46:10.523203+010028255641Malware Command and Control Activity Detected192.168.2.550107167.71.56.11622342TCP
            2024-12-24T03:46:18.506143+010028255641Malware Command and Control Activity Detected192.168.2.550114167.71.56.11622342TCP
            2024-12-24T03:46:21.163215+010028255641Malware Command and Control Activity Detected192.168.2.550116167.71.56.11622342TCP
            2024-12-24T03:46:27.442555+010028255641Malware Command and Control Activity Detected192.168.2.550121167.71.56.11622342TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: a1K847qsM0.exeAvira: detected
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Notepad.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Users\user\AppData\Local\Temp\server.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: C:\Program Files (x86)\Explower.exeAvira: detection malicious, Label: TR/Dropper.Gen
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpackMalware Configuration Extractor: Njrat {"Campaign ID": "Owned", "Version": "0.7d", "Install Name": "24983f03fb74576bbc5af6aa1085b23d", "Install Dir": "system", "Registry Value": "Software\\Microsoft\\Windows\\CurrentVersion\\Run", "Network Seprator": "|'|'|"}
            Source: C:\Notepad.exeReversingLabs: Detection: 86%
            Source: C:\Notepad.exeVirustotal: Detection: 78%Perma Link
            Source: C:\Program Files (x86)\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Program Files (x86)\Explower.exeVirustotal: Detection: 78%Perma Link
            Source: C:\Users\user\AppData\Local\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Local\Explower.exeVirustotal: Detection: 78%Perma Link
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exeVirustotal: Detection: 78%Perma Link
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Local\Temp\server.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\Desktop\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\Documents\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Users\user\Favorites\Explower.exeReversingLabs: Detection: 86%
            Source: C:\Windows\SysWOW64\Explower.exeReversingLabs: Detection: 86%
            Source: a1K847qsM0.exeReversingLabs: Detection: 86%
            Source: a1K847qsM0.exeVirustotal: Detection: 78%Perma Link
            Source: Yara matchFile source: a1K847qsM0.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\Explower.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
            Source: Yara matchFile source: C:\Notepad.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeJoe Sandbox ML: detected
            Source: C:\Notepad.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\server.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: C:\Program Files (x86)\Explower.exeJoe Sandbox ML: detected
            Source: a1K847qsM0.exeJoe Sandbox ML: detected
            Source: a1K847qsM0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
            Source: a1K847qsM0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Spreading

            barindex
            Source: a1K847qsM0.exe, Usb1.cs.Net Code: infect
            Source: server.exe.0.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe.2.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe0.2.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe1.2.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe2.2.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe3.2.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe4.2.dr, Usb1.cs.Net Code: infect
            Source: Notepad.exe.2.dr, Usb1.cs.Net Code: infect
            Source: Explower.exe5.2.dr, Usb1.cs.Net Code: infect
            Source: Microsoft Corporation.exe.2.dr, Usb1.cs.Net Code: infect
            Source: a1K847qsM0.exe, 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \autorun.inf
            Source: a1K847qsM0.exe, 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
            Source: a1K847qsM0.exe, 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
            Source: a1K847qsM0.exe, 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: \autorun.inf
            Source: a1K847qsM0.exe, 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
            Source: a1K847qsM0.exe, 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
            Source: a1K847qsM0.exeBinary or memory string: \autorun.inf
            Source: a1K847qsM0.exeBinary or memory string: [autorun]
            Source: a1K847qsM0.exeBinary or memory string: autorun.inf
            Source: 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.drBinary or memory string: \autorun.inf
            Source: 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.drBinary or memory string: [autorun]
            Source: 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.drBinary or memory string: autorun.inf
            Source: Notepad.exe.2.drBinary or memory string: \autorun.inf
            Source: Notepad.exe.2.drBinary or memory string: [autorun]
            Source: Notepad.exe.2.drBinary or memory string: autorun.inf
            Source: Explower.exe7.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe7.2.drBinary or memory string: [autorun]
            Source: Explower.exe7.2.drBinary or memory string: autorun.inf
            Source: Explower.exe2.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe2.2.drBinary or memory string: [autorun]
            Source: Explower.exe2.2.drBinary or memory string: autorun.inf
            Source: Explower.exe5.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe5.2.drBinary or memory string: [autorun]
            Source: Explower.exe5.2.drBinary or memory string: autorun.inf
            Source: Microsoft Corporation.exe.2.drBinary or memory string: \autorun.inf
            Source: Microsoft Corporation.exe.2.drBinary or memory string: [autorun]
            Source: Microsoft Corporation.exe.2.drBinary or memory string: autorun.inf
            Source: Explower.exe4.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe4.2.drBinary or memory string: [autorun]
            Source: Explower.exe4.2.drBinary or memory string: autorun.inf
            Source: Explower.exe0.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe0.2.drBinary or memory string: [autorun]
            Source: Explower.exe0.2.drBinary or memory string: autorun.inf
            Source: Explower.exe8.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe8.2.drBinary or memory string: [autorun]
            Source: Explower.exe8.2.drBinary or memory string: autorun.inf
            Source: server.exe.0.drBinary or memory string: \autorun.inf
            Source: server.exe.0.drBinary or memory string: [autorun]
            Source: server.exe.0.drBinary or memory string: autorun.inf
            Source: Explower.exe1.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe1.2.drBinary or memory string: [autorun]
            Source: Explower.exe1.2.drBinary or memory string: autorun.inf
            Source: Explower.exe.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe.2.drBinary or memory string: [autorun]
            Source: Explower.exe.2.drBinary or memory string: autorun.inf
            Source: Explower.exe3.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe3.2.drBinary or memory string: [autorun]
            Source: Explower.exe3.2.drBinary or memory string: autorun.inf
            Source: Explower.exe6.2.drBinary or memory string: \autorun.inf
            Source: Explower.exe6.2.drBinary or memory string: [autorun]
            Source: Explower.exe6.2.drBinary or memory string: autorun.inf
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49705 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49705 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49707 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49714 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49714 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49704 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49704 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49707 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49722 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49722 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49729 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49729 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49739 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49739 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49746 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49746 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49746 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49752 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49752 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49763 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49763 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49769 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49769 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49780 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49780 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49786 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49786 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49797 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49797 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49809 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49809 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49803 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49803 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49821 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49821 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49838 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49838 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49809 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49827 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49827 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49844 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49844 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49850 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49850 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49855 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49855 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49864 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49864 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49872 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49872 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49884 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49884 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49890 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49890 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49896 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49896 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49902 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49902 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49878 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49878 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49908 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49908 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49911 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49911 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49915 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49915 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49921 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49921 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49927 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49927 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49932 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49932 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49935 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49935 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49940 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49940 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49945 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49945 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49948 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49948 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49959 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49959 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49967 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49967 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49961 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49973 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49961 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49973 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49954 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49954 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49974 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49974 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49980 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49980 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49993 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49987 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49993 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49987 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49986 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49993 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49986 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50000 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50000 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49999 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49999 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50008 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50008 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50018 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50020 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50020 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50018 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50025 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50025 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50018 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50013 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50013 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50033 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50029 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50033 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50029 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50043 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50043 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50045 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50045 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50035 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50035 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50051 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50038 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50051 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50041 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50057 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50038 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50046 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50050 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50046 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50050 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50039 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50039 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50006 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50058 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50052 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50057 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50041 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50058 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50035 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50052 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50067 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50042 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50067 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50042 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50055 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50048 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50038 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50055 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50061 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50048 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50061 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50056 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50060 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50051 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50060 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50052 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50056 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50068 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50068 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50006 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50036 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50054 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50065 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50048 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50065 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50064 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50036 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50054 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50062 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50062 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50049 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50049 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50053 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50063 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50053 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50063 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50049 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50069 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50069 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50064 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50037 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50037 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50040 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50040 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50047 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50047 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50047 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50059 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50059 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50044 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50044 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50044 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50066 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50066 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50066 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50070 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50070 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50073 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50078 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50078 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50077 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50077 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50073 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50075 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50075 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50072 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50080 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50072 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50085 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50080 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50074 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50074 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50091 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50091 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50083 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50083 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50086 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50071 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50086 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50071 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50088 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50088 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50076 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50093 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50093 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50084 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50085 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50082 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50081 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50082 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50081 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50099 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50099 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50096 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50096 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50102 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50105 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50105 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50102 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50086 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50095 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50084 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50095 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50109 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50115 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50097 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50115 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50104 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50097 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50076 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50090 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50119 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50092 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50119 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50108 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50092 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50117 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50112 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50098 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50112 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50104 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50092 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50109 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50100 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50089 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50120 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50089 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50079 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50108 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50103 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50117 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50090 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50101 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50101 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50122 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50100 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50110 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50120 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50116 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50122 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50116 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50100 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50118 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50094 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50079 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50121 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50098 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50087 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50110 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50087 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50118 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50094 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50113 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50123 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50113 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50123 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50107 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50107 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50114 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50116 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50114 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50106 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50106 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50107 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50114 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50103 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50121 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:50121 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:50111 -> 167.71.56.116:22342
            Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:50111 -> 167.71.56.116:22342
            Source: global trafficTCP traffic: 192.168.2.5:49704 -> 167.71.56.116:22342
            Source: Joe Sandbox ViewIP Address: 167.71.56.116 167.71.56.116
            Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: unknownTCP traffic detected without corresponding DNS query: 167.71.56.116
            Source: C:\Users\user\Desktop\a1K847qsM0.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

            E-Banking Fraud

            barindex
            Source: Yara matchFile source: a1K847qsM0.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\Explower.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
            Source: Yara matchFile source: C:\Notepad.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED

            System Summary

            barindex
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects malware from disclosed CN malware set Author: Florian Roth
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects njRAT based on some strings Author: Sekoia.io
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: detect njRAT in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008FBDCA NtQuerySystemInformation,2_2_008FBDCA
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008FBD99 NtQuerySystemInformation,2_2_008FBD99
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Windows\SysWOW64\Explower.exeJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_013F26E70_2_013F26E7
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E42980_2_018E4298
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E470F0_2_018E470F
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E499D0_2_018E499D
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E49360_2_018E4936
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E46300_2_018E4630
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E45440_2_018E4544
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E4B5B0_2_018E4B5B
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E47D40_2_018E47D4
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E42690_2_018E4269
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E49F90_2_018E49F9
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E44F10_2_018E44F1
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E4C8F0_2_018E4C8F
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E50000_2_018E5000
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E4F9D0_2_018E4F9D
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E4F2F0_2_018E4F2F
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E505D0_2_018E505D
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E54590_2_018E5459
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E536F0_2_018E536F
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_018E50E30_2_018E50E3
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F26E72_2_008F26E7
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C42982_2_048C4298
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C74182_2_048C7418
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C499D2_2_048C499D
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C47D42_2_048C47D4
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C73FE2_2_048C73FE
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C49F92_2_048C49F9
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C44F12_2_048C44F1
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C470F2_2_048C470F
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C49362_2_048C4936
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C46302_2_048C4630
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C45442_2_048C4544
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C4B5B2_2_048C4B5B
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C42692_2_048C4269
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C4C8F2_2_048C4C8F
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C4F9D2_2_048C4F9D
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C50E32_2_048C50E3
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C50002_2_048C5000
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C4F2F2_2_048C4F2F
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C505D2_2_048C505D
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C54592_2_048C5459
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_048C536F2_2_048C536F
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeCode function: 13_2_012226E713_2_012226E7
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeCode function: 14_2_013126E714_2_013126E7
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeCode function: 15_2_015A26E715_2_015A26E7
            Source: a1K847qsM0.exe, 00000000.00000002.2089394653.000000000145E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs a1K847qsM0.exe
            Source: a1K847qsM0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: a1K847qsM0.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Program Files (x86)\Explower.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Notepad.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: CN_disclosed_20180208_c date = 2018-02-08, hash1 = 17475d25d40c877284e73890a9dd55fccedc6a5a071c351a8c342c8ef7f9cea7, author = Florian Roth, description = Detects malware from disclosed CN malware set, reference = https://twitter.com/cyberintproject/status/961714165550342146, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: crimeware_njrat_strings author = Sekoia.io, description = Detects njRAT based on some strings, creation_date = 2022-08-22, classification = TLP:CLEAR, version = 1.0, id = 215807ae-fbcb-478d-8941-e0787b883669
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: Njrat hash1 = d5f63213ce11798879520b0e9b0d1b68d55f7727758ec8c120e370699a41379d, author = JPCERT/CC Incident Response Group, description = detect njRAT in memory, rule_usage = memory scan
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
            Source: classification engineClassification label: mal100.spre.phis.troj.adwa.evad.winEXE@16/22@0/1
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008FBC4E AdjustTokenPrivileges,2_2_008FBC4E
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008FBC17 AdjustTokenPrivileges,2_2_008FBC17
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Program Files (x86)\Explower.exeJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile created: C:\Users\user\AppData\Roaming\appJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeMutant created: NULL
            Source: C:\Users\user\AppData\Local\Temp\server.exeMutant created: \Sessions\1\BaseNamedObjects\24983f03fb74576bbc5af6aa1085b23d
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7056:120:WilError_03
            Source: C:\Users\user\AppData\Local\Temp\server.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1576:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6396:120:WilError_03
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile created: C:\Users\user\AppData\Local\Temp\FransescoPast.txtJump to behavior
            Source: a1K847qsM0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: a1K847qsM0.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: a1K847qsM0.exeReversingLabs: Detection: 86%
            Source: a1K847qsM0.exeVirustotal: Detection: 78%
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile read: C:\Users\user\Desktop\a1K847qsM0.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\a1K847qsM0.exe "C:\Users\user\Desktop\a1K847qsM0.exe"
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe"
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall delete allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe"
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe"
            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe"
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLEJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall delete allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe"Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLEJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: acgenral.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: samcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: msacm32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: winmmbase.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: aclayers.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: sfc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
            Source: a1K847qsM0.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
            Source: a1K847qsM0.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Source: a1K847qsM0.exe, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: server.exe.0.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe0.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe1.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe2.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe3.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe4.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Notepad.exe.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Explower.exe5.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: Microsoft Corporation.exe.2.dr, Fransesco.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_013F28F7 push eax; iretd 0_2_013F290E
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_013F26E7 push edi; iretd 0_2_013F2866
            Source: C:\Users\user\Desktop\a1K847qsM0.exeCode function: 0_2_013F27CB push edi; iretd 0_2_013F2866
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F27CB push edi; iretd 2_2_008F2866
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F2F5C push eax; iretd 2_2_008F2F5E
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F30AD push edi; iretd 2_2_008F30AE
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F2EAB push edi; iretd 2_2_008F2ECE
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F26E7 push edi; iretd 2_2_008F2866
            Source: C:\Users\user\AppData\Local\Temp\server.exeCode function: 2_2_008F2F23 push eax; iretd 2_2_008F2F2E
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeCode function: 13_2_012226E7 push edi; iretd 13_2_01222866
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeCode function: 13_2_012228F7 push eax; iretd 13_2_0122290E
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeCode function: 13_2_012227CB push edi; iretd 13_2_01222866
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeCode function: 14_2_013128F7 push eax; iretd 14_2_0131290E
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeCode function: 14_2_013126E7 push edi; iretd 14_2_01312866
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeCode function: 14_2_013127CB push edi; iretd 14_2_01312866
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeCode function: 15_2_015A27CB push edi; iretd 15_2_015A2866
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeCode function: 15_2_015A28F7 push eax; iretd 15_2_015A290E
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeCode function: 15_2_015A26E7 push edi; iretd 15_2_015A2866

            Persistence and Installation Behavior

            barindex
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\Documents\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\Desktop\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Notepad.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Windows\SysWOW64\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Program Files (x86)\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Local\Explower.exeJump to dropped file
            Source: C:\Users\user\Desktop\a1K847qsM0.exeFile created: C:\Users\user\AppData\Local\Temp\server.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\Favorites\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\Documents\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Program Files (x86)\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Windows\SysWOW64\Explower.exeJump to dropped file

            Boot Survival

            barindex
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeMemory allocated: 16B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeMemory allocated: 3450000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeMemory allocated: 1A10000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: BB0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 26E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 46E0000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 56A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 66A0000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 6910000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 4D20000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 7910000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 7910000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeMemory allocated: 6910000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeMemory allocated: 2C30000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeMemory allocated: 3280000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeMemory allocated: 5280000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeMemory allocated: 16E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeMemory allocated: 32F0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeMemory allocated: 52F0000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeMemory allocated: 1860000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeMemory allocated: 34D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeMemory allocated: 54D0000 memory commit | memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeCode function: 15_2_05680006 sldt word ptr [eax]15_2_05680006
            Source: C:\Users\user\Desktop\a1K847qsM0.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: threadDelayed 898Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: threadDelayed 1140Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: threadDelayed 3632Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: foregroundWindowGot 672Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeWindow / User API: foregroundWindowGot 687Jump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exe TID: 6128Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 2316Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 4980Thread sleep time: -1140000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exe TID: 4980Thread sleep time: -3632000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe TID: 6204Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe TID: 5568Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe TID: 5364Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe TID: 4072Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\a1K847qsM0.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
            Source: server.exe, 00000002.00000002.4533296745.00000000006F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW <add nam
            Source: server.exe, 00000002.00000002.4533296745.00000000006F7000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000003.00000003.2124388933.0000000003211000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000006.00000003.2153394359.00000000031F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: netsh.exe, 00000005.00000003.2134957244.0000000003131000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\a1K847qsM0.exeProcess created: C:\Users\user\AppData\Local\Temp\server.exe "C:\Users\user\AppData\Local\Temp\server.exe" Jump to behavior
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:06:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:17:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:16:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 16:52:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:20:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:34:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 10:09:37 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 01:47:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:03:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:09:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:49:07 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:57:34 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:05:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 07:58:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:07:01 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:55:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:27:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:27:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:34:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 14:35:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:33:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 00:41:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:55:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:57:43 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 14:07:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:44:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:25:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:49:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:54:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:47:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:12:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:15:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 14:47:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 14:50:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 02:50:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 18:01:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:37:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:10:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 03:42:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:26:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 18:11:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:43:01 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:37:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:32:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 03:01:21 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 07:59:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 22:06:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:04:29 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 13:56:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:58:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 06:55:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:22:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:22:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:12:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:25:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 18:00:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 21:21:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:25:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 02:33:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:34:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:59:41 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:09:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:17:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:44:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:22:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:40:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:35:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:56:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 13:46:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 18:40:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 12:26:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 15:42:07 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 14:03:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:36:10 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 13:22:41 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:18:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 22:48:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:14:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 08:58:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 16:56:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:06:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:41:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:06:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:58:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:58:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:25:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:51:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:02:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 10:13:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:57:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 13:57:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 10:51:10 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:46:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 15:39:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:22:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:07:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 01:51:43 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:07:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:49:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:59:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:28:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:40:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 21:07:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:28:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:20:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:29:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 17:04:41 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 18:21:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:22:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:34:45 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:19:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 01:55:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:50:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:08:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 04:16:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:20:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:03:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 03:32:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:29:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:30:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/23 | 21:42:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:49:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:18:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:10:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:00:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:35:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:06:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:33:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 13:36:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:02:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 09:33:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:23:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:20:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 00:42:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:33:01 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:59:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:08:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 02:20:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:50:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:12:44 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 02:24:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:47:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:22:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:53:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:20:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 10:31:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:39:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:34:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:32:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:26:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 15:29:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:59:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:05:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:42:01 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 22:41:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 16:27:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 01:37:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:38:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 13:30:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 20:46:01 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:02:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:31:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:48:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 09:59:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:12:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:21:44 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:51:54 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 09:27:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:25:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:29:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:24:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 22:25:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 09:24:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:46:45 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:43:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:34:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:02:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:16:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:45:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 13:31:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:59:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 00:58:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:00:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 13:45:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:35:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:10:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:10:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/26 | 22:14:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:50:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:45:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:13:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:17:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 13:25:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:14:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 04:40:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 15:33:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:21:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 15:54:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:18:27 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:12:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 19:17:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:53:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 13:27:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/23 | 21:43:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:11:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:01:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 09:05:27 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:07:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:34:10 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:09:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:12:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:38:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 04:35:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 09:45:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 08:34:54 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 15:54:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 14:51:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:03:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:16:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:45:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:11:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:11:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:46:29 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:56:41 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 16:43:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 14:04:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:14:34 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:02:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 16:50:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 21:38:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:01:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 16:26:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 00:29:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 21:56:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 15:28:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:11:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:15:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:14:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 18:29:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:07:34 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:48:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 01:54:21 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:30:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:20:45 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:40:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:41:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 13:10:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:57:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:18:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 01:41:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:29:45 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:59:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:55:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 01:51:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:44:10 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:59:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:21:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:23:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:55:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 16:40:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:30:54 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 13:13:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 23:13:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:26:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 01:36:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 16:13:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:43:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:35:27 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 17:46:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:39:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:45:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 18:21:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:31:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:14:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 10:30:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 00:32:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:24:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 14:19:44 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 19:08:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:57:42 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 08:53:01 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:25:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 04:45:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 01:04:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:26:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:03:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:13:29 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:59:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 18:40:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:05:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:38:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:40:37 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 20:39:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:24:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:31:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 17:40:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:45:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 07:10:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 16:58:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:18:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:21:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:02:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 16:34:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:26:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:56:27 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:51:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:22:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 13:59:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 23:57:44 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:16:21 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:11:37 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:00:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 14:53:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:47:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:33:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:21:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:31:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:41:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 23:18:29 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:19:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 22:22:21 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:25:43 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 02:03:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 09:00:10 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:55:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:29:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:21:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:15:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:56:41 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:01:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:52:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:05:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:31:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 14:21:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:42:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:38:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:11:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 07:06:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 14:04:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:50:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:44:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 14:26:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:32:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:46:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:03:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 18:02:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:52:44 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:00:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:24:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/26 | 22:09:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:10:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 23:44:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:47:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 21:51:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 12:18:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 06:32:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:31:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 08:35:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:04:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:37:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 19:59:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 22:47:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 18:41:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:41:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:02:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:08:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 07:40:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:12:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 22:57:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 02:32:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:00:59 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:00:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:31:37 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:02:07 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 23:37:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 07:11:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:08:48 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:46:15 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:12:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:48:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 17:06:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:41:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:44:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:38:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 18:53:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:17:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:42:40 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:17:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:18:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:34:49 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:28:00 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 16:09:19 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 18:32:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 10:31:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:26:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:39:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 15:19:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 11:01:35 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 03:49:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:29:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:44:52 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:50:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 11:02:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/09 | 10:16:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:09:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/11 | 14:10:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 01:38:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:56:05 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:39:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 04:46:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:40:03 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:43:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:43:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:50:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:37:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:13:30 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:47:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:19:53 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 14:29:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 00:47:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:40:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/02 | 23:19:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:45:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 13:32:39 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 06:05:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 02:30:11 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 09:59:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:39:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:48:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 19:42:09 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 15:25:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:09:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 15:51:22 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/05 | 21:00:51 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 13:37:27 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:14:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:18:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:47:50 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:26:52 - Program Manager
            Source: a1K847qsM0.exe, 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe.2.dr, Notepad.exe.2.dr, Explower.exe7.2.dr, Explower.exe2.2.dr, Explower.exe5.2.dr, Microsoft Corporation.exe.2.dr, Explower.exe4.2.dr, Explower.exe0.2.dr, Explower.exe8.2.dr, server.exe.0.drBinary or memory string: Shell_traywnd+MostrarBarraDeTarefas
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:44:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 16:34:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 16:53:25 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 03:07:18 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 03:58:43 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 10:11:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:11:31 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 13:01:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:47:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:58:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:41:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:15:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:33:17 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 17:38:08 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:56:13 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:39:26 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 02:04:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:09:37 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 20:06:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 12:26:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:18:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:22:16 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:18:32 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 08:26:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 15:43:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 06:31:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 02:28:24 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 06:43:44 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 16:51:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 02:57:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 02:58:23 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 08:07:41 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:24:12 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/07 | 02:41:04 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 05:01:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:15:33 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:46:07 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 11:25:36 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 13:54:54 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 10:05:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 09:06:57 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 14:24:07 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 04:34:56 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 03:05:45 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 09:28:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 09:46:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 08:41:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 17:00:46 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/31 | 17:58:14 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/24 | 15:19:55 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 24/12/29 | 07:18:02 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 01:29:47 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 05:06:20 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 06:10:54 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 07:16:54 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:42:38 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/03 | 10:06:06 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 01:13:58 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 04:54:28 - Program Manager
            Source: server.exe, 00000002.00000002.4534461443.0000000004196000.00000004.00000800.00020000.00000000.sdmp, server.exe, 00000002.00000002.4534461443.0000000003796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 25/01/06 | 05:59:57 - Program Manager
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Source: a1K847qsM0.exe, Fransesco.cs.Net Code: INS
            Source: server.exe.0.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe.2.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe0.2.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe1.2.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe2.2.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe3.2.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe4.2.dr, Fransesco.cs.Net Code: INS
            Source: Notepad.exe.2.dr, Fransesco.cs.Net Code: INS
            Source: Explower.exe5.2.dr, Fransesco.cs.Net Code: INS
            Source: Microsoft Corporation.exe.2.dr, Fransesco.cs.Net Code: INS
            Source: C:\Users\user\AppData\Local\Temp\server.exeRegistry value created: HKEY_CURRENT_USER\Environment SEE_MASK_NOZONECHECKSJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
            Source: C:\Users\user\AppData\Local\Temp\server.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: a1K847qsM0.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\Explower.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
            Source: Yara matchFile source: C:\Notepad.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: a1K847qsM0.exe, type: SAMPLE
            Source: Yara matchFile source: 0.0.a1K847qsM0.exe.d20000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: a1K847qsM0.exe PID: 1276, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: server.exe PID: 384, type: MEMORYSTR
            Source: Yara matchFile source: C:\Program Files (x86)\Explower.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, type: DROPPED
            Source: Yara matchFile source: C:\Notepad.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\server.exe, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, type: DROPPED
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure11
            Replication Through Removable Media
            Windows Management Instrumentation12
            Registry Run Keys / Startup Folder
            1
            Access Token Manipulation
            32
            Masquerading
            OS Credential Dumping11
            Security Software Discovery
            Remote Services1
            Archive Collected Data
            1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading
            12
            Process Injection
            41
            Disable or Modify Tools
            LSASS Memory2
            Process Discovery
            Remote Desktop Protocol1
            Clipboard Data
            1
            Non-Standard Port
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)12
            Registry Run Keys / Startup Folder
            41
            Virtualization/Sandbox Evasion
            Security Account Manager41
            Virtualization/Sandbox Evasion
            SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading
            1
            Access Token Manipulation
            NTDS1
            Application Window Discovery
            Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
            Process Injection
            LSA Secrets1
            Peripheral Device Discovery
            SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Obfuscated Files or Information
            Cached Domain Credentials2
            File and Directory Discovery
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Software Packing
            DCSync12
            System Information Discovery
            Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading
            Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 1580216 Sample: a1K847qsM0.exe Startdate: 24/12/2024 Architecture: WINDOWS Score: 100 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 11 other signatures 2->54 8 a1K847qsM0.exe 7 2->8         started        11 24983f03fb74576bbc5af6aa1085b23dWindows Update.exe 3 2->11         started        13 Microsoft Corporation.exe 3 2->13         started        15 2 other processes 2->15 process3 file4 42 C:\Users\user\AppData\Local\Temp\server.exe, PE32 8->42 dropped 44 C:\Users\user\AppData\...\a1K847qsM0.exe.log, ASCII 8->44 dropped 17 server.exe 1 17 8->17         started        process5 dnsIp6 46 167.71.56.116, 22342, 49704, 49705 DIGITALOCEAN-ASNUS United States 17->46 34 C:\Windows\SysWOW64xplower.exe, PE32 17->34 dropped 36 C:\Users\user\Favoritesxplower.exe, PE32 17->36 dropped 38 C:\Users\user\Documentsxplower.exe, PE32 17->38 dropped 40 10 other malicious files 17->40 dropped 56 Antivirus detection for dropped file 17->56 58 Multi AV Scanner detection for dropped file 17->58 60 Drops PE files to the document folder of the user 17->60 62 5 other signatures 17->62 22 netsh.exe 2 17->22         started        24 netsh.exe 2 17->24         started        26 netsh.exe 2 17->26         started        file7 signatures8 process9 process10 28 conhost.exe 22->28         started        30 conhost.exe 24->30         started        32 conhost.exe 26->32         started       

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            a1K847qsM0.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            a1K847qsM0.exe79%VirustotalBrowse
            a1K847qsM0.exe100%AviraTR/Dropper.Gen
            a1K847qsM0.exe100%Joe Sandbox ML
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe100%AviraTR/Dropper.Gen
            C:\Notepad.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Users\user\AppData\Local\Temp\server.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Program Files (x86)\Explower.exe100%AviraTR/Dropper.Gen
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe100%Joe Sandbox ML
            C:\Notepad.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\server.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Program Files (x86)\Explower.exe100%Joe Sandbox ML
            C:\Notepad.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Notepad.exe79%VirustotalBrowse
            C:\Program Files (x86)\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Program Files (x86)\Explower.exe79%VirustotalBrowse
            C:\Users\user\AppData\Local\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Local\Explower.exe79%VirustotalBrowse
            C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Local\Microsoft\Windows\History\Explower.exe79%VirustotalBrowse
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Local\Microsoft\Windows\INetCookies\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Local\Temp\server.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\Desktop\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\Documents\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Users\user\Favorites\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            C:\Windows\SysWOW64\Explower.exe87%ReversingLabsByteCode-MSIL.Backdoor.njRAT
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            No contacted domains info
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            167.71.56.116
            unknownUnited States
            14061DIGITALOCEAN-ASNUStrue
            Joe Sandbox version:41.0.0 Charoite
            Analysis ID:1580216
            Start date and time:2024-12-24 03:41:29 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 8m 57s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:16
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:1
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:a1K847qsM0.exe
            renamed because original name is a hash value
            Original Sample Name:55e2016fcb659bdf0f46a24ef2876609.exe
            Detection:MAL
            Classification:mal100.spre.phis.troj.adwa.evad.winEXE@16/22@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 97%
            • Number of executed functions: 138
            • Number of non-executed functions: 10
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption
            • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.175.87.197
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtDeviceIoControlFile calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            TimeTypeDescription
            03:42:33AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe
            03:42:41AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe
            03:42:50AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
            21:43:01API Interceptor890750x Sleep call for process: server.exe modified
            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            167.71.56.116njrat.exeGet hashmaliciousNjratBrowse
              lz3EbiqoK4.exeGet hashmaliciousQuasarBrowse
                lz3EbiqoK4.exeGet hashmaliciousQuasarBrowse
                  SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exeGet hashmaliciousXWormBrowse
                    SecuriteInfo.com.Trojan.Inject5.1262.5931.28554.exeGet hashmaliciousXWormBrowse
                      X.exeGet hashmaliciousXWormBrowse
                        SecuriteInfo.com.Trojan.MulDrop23.34226.5725.23706.exeGet hashmaliciousXWormBrowse
                          WinScanGuard_v.2.1.batGet hashmaliciousQuasarBrowse
                            Shadow-Stealer.batGet hashmaliciousQuasarBrowse
                              OvA6x5v34G.exeGet hashmaliciousAsyncRATBrowse
                                No context
                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                DIGITALOCEAN-ASNUShttps://flowto.it/8tooc2sec?fc=0Get hashmaliciousUnknownBrowse
                                • 161.35.24.67
                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                • 206.189.225.178
                                https://qulatrics.com/Get hashmaliciousUnknownBrowse
                                • 206.189.225.178
                                https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                • 159.89.55.215
                                OZq1f2sZz3.exeGet hashmaliciousAsyncRATBrowse
                                • 104.236.39.42
                                1.elfGet hashmaliciousUnknownBrowse
                                • 157.230.180.148
                                3.elfGet hashmaliciousUnknownBrowse
                                • 157.245.169.47
                                oAnb4ULQxP.exeGet hashmaliciousAsyncRATBrowse
                                • 104.236.39.42
                                2.elfGet hashmaliciousUnknownBrowse
                                • 157.230.201.7
                                arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                • 165.22.174.231
                                No context
                                No context
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Notepad.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Notepad.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Notepad.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Notepad.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Notepad.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Notepad.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Notepad.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Notepad.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Notepad.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Notepad.exe, Author: ditekSHen
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 87%
                                • Antivirus: Virustotal, Detection: 79%, Browse
                                Reputation:low
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Program Files (x86)\Explower.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Program Files (x86)\Explower.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Program Files (x86)\Explower.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Program Files (x86)\Explower.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Program Files (x86)\Explower.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Program Files (x86)\Explower.exe, Author: ditekSHen
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 87%
                                • Antivirus: Virustotal, Detection: 79%, Browse
                                Reputation:low
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                • Antivirus: Virustotal, Detection: 79%, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):525
                                Entropy (8bit):5.259753436570609
                                Encrypted:false
                                SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                MD5:260E01CC001F9C4643CA7A62F395D747
                                SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                Malicious:false
                                Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):525
                                Entropy (8bit):5.259753436570609
                                Encrypted:false
                                SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                MD5:260E01CC001F9C4643CA7A62F395D747
                                SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                Malicious:false
                                Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):525
                                Entropy (8bit):5.259753436570609
                                Encrypted:false
                                SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                MD5:260E01CC001F9C4643CA7A62F395D747
                                SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                Malicious:false
                                Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                Process:C:\Users\user\Desktop\a1K847qsM0.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):525
                                Entropy (8bit):5.259753436570609
                                Encrypted:false
                                SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                MD5:260E01CC001F9C4643CA7A62F395D747
                                SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                Malicious:true
                                Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                • Antivirus: Virustotal, Detection: 79%, Browse
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\Desktop\a1K847qsM0.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Yara Hits:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: ditekSHen
                                Antivirus:
                                • Antivirus: Avira, Detection: 100%
                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\Desktop\a1K847qsM0.exe
                                File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                Category:dropped
                                Size (bytes):5
                                Entropy (8bit):2.321928094887362
                                Encrypted:false
                                SSDEEP:3:l:l
                                MD5:C2844BC9E1BD64168A727B0680AE4D90
                                SHA1:7BB263540DE557F5A4E09C6C78B7DBB314A0DF9A
                                SHA-256:9C9701AB918368B615FC6A0DBEB5EFA286A232D751982AE70B48AD6914BF01E5
                                SHA-512:360953BB20D91539022FCB1BECF4638970C4452816797A8DCA65E3AE4A542302E6E89F0828087CAAA63A0750AA78605F8034DA7C8663FA4FC677C8F3E53655ED
                                Malicious:false
                                Preview:.23
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Users\user\AppData\Local\Temp\server.exe
                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Category:dropped
                                Size (bytes):95232
                                Entropy (8bit):5.562368913361869
                                Encrypted:false
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                MD5:55E2016FCB659BDF0F46A24EF2876609
                                SHA1:5AFB69F26DDF1884372643A2B00D16A481FC7C26
                                SHA-256:3825FE6FD9E8754B3D4A374B8C73884647C6898D5E1220A0FE89B1A3DC8E35C4
                                SHA-512:4DE0FB035B904BD2557D48AACFEA53346748E0DBDA86B710EE86796C374C37FD35E50F4D8B05CD1C058F95665894629F8848F4BCE45378C00CED771BAAEA3E46
                                Malicious:true
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 87%
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text....o... ...p.................. ..`.reloc...............r..............@..B................................................................H.......................................................................&.(......**..(......*.s.........s ........s!........s".........*.0...........~....o#....+..*.0...........~....o$....+..*.0...........~....o%....+..*.0...........~....o&....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.
                                Process:C:\Windows\SysWOW64\netsh.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):313
                                Entropy (8bit):4.971939296804078
                                Encrypted:false
                                SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                MD5:689E2126A85BF55121488295EE068FA1
                                SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                Malicious:false
                                Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....
                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                Entropy (8bit):5.562368913361869
                                TrID:
                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                • Windows Screen Saver (13104/52) 0.07%
                                • Generic Win/DOS Executable (2004/3) 0.01%
                                File name:a1K847qsM0.exe
                                File size:95'232 bytes
                                MD5:55e2016fcb659bdf0f46a24ef2876609
                                SHA1:5afb69f26ddf1884372643a2b00d16a481fc7c26
                                SHA256:3825fe6fd9e8754b3d4a374b8c73884647c6898d5e1220a0fe89b1a3dc8e35c4
                                SHA512:4de0fb035b904bd2557d48aacfea53346748e0dbda86b710ee86796c374c37fd35e50f4d8b05cd1c058f95665894629f8848f4bce45378c00ced771baaea3e46
                                SSDEEP:1536:jwWmC+xhUa9urgOB9RNvM4jEwzGi1dDID0gS:cWgUa9urgONdGi1dmt
                                TLSH:2793D74977E56524E4BF56F75472F2004E34B48B1602E39E49F258EA0B33AC44F89EEB
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....eg.................p............... ........@.. ....................................@................................
                                Icon Hash:00928e8e8686b000
                                Entrypoint:0x418f0e
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x6765A2A0 [Fri Dec 20 17:00:16 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:4
                                OS Version Minor:0
                                File Version Major:4
                                File Version Minor:0
                                Subsystem Version Major:4
                                Subsystem Version Minor:0
                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                Instruction
                                jmp dword ptr [00402000h]
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                add byte ptr [eax], al
                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x18eb80x53.text
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1a0000xc.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x20000x16f140x17000b932bf9799458044e39c5671fa4bda31False0.3679305366847826data5.5941563909685215IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .reloc0x1a0000xc0x20026def8a0407cc7078ce41b7ef703298eFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                DLLImport
                                mscoree.dll_CorExeMain
                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-12-24T03:42:31.917473+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549704167.71.56.11622342TCP
                                2024-12-24T03:42:31.917473+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549704167.71.56.11622342TCP
                                2024-12-24T03:42:34.840507+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549705167.71.56.11622342TCP
                                2024-12-24T03:42:34.840507+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549705167.71.56.11622342TCP
                                2024-12-24T03:42:38.042047+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549707167.71.56.11622342TCP
                                2024-12-24T03:42:38.042047+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549707167.71.56.11622342TCP
                                2024-12-24T03:42:41.244863+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549714167.71.56.11622342TCP
                                2024-12-24T03:42:41.244863+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549714167.71.56.11622342TCP
                                2024-12-24T03:42:44.450837+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549722167.71.56.11622342TCP
                                2024-12-24T03:42:44.450837+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549722167.71.56.11622342TCP
                                2024-12-24T03:42:47.651430+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549729167.71.56.11622342TCP
                                2024-12-24T03:42:47.651430+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549729167.71.56.11622342TCP
                                2024-12-24T03:42:50.838855+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549739167.71.56.11622342TCP
                                2024-12-24T03:42:50.838855+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549739167.71.56.11622342TCP
                                2024-12-24T03:42:54.026484+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549746167.71.56.11622342TCP
                                2024-12-24T03:42:54.026484+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549746167.71.56.11622342TCP
                                2024-12-24T03:42:54.315776+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549746167.71.56.11622342TCP
                                2024-12-24T03:42:57.213455+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549752167.71.56.11622342TCP
                                2024-12-24T03:42:57.213455+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549752167.71.56.11622342TCP
                                2024-12-24T03:43:00.404749+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549763167.71.56.11622342TCP
                                2024-12-24T03:43:00.404749+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549763167.71.56.11622342TCP
                                2024-12-24T03:43:03.604465+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549769167.71.56.11622342TCP
                                2024-12-24T03:43:03.604465+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549769167.71.56.11622342TCP
                                2024-12-24T03:43:06.791787+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549780167.71.56.11622342TCP
                                2024-12-24T03:43:06.791787+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549780167.71.56.11622342TCP
                                2024-12-24T03:43:09.995359+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549786167.71.56.11622342TCP
                                2024-12-24T03:43:09.995359+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549786167.71.56.11622342TCP
                                2024-12-24T03:43:13.182429+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549797167.71.56.11622342TCP
                                2024-12-24T03:43:13.182429+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549797167.71.56.11622342TCP
                                2024-12-24T03:43:16.416324+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549803167.71.56.11622342TCP
                                2024-12-24T03:43:16.416324+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549803167.71.56.11622342TCP
                                2024-12-24T03:43:19.765068+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549809167.71.56.11622342TCP
                                2024-12-24T03:43:19.765068+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549809167.71.56.11622342TCP
                                2024-12-24T03:43:20.004427+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549809167.71.56.11622342TCP
                                2024-12-24T03:43:22.960273+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549821167.71.56.11622342TCP
                                2024-12-24T03:43:22.960273+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549821167.71.56.11622342TCP
                                2024-12-24T03:43:26.026530+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549827167.71.56.11622342TCP
                                2024-12-24T03:43:26.026530+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549827167.71.56.11622342TCP
                                2024-12-24T03:43:28.964168+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549838167.71.56.11622342TCP
                                2024-12-24T03:43:28.964168+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549838167.71.56.11622342TCP
                                2024-12-24T03:43:31.792461+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549844167.71.56.11622342TCP
                                2024-12-24T03:43:31.792461+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549844167.71.56.11622342TCP
                                2024-12-24T03:43:34.495186+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549850167.71.56.11622342TCP
                                2024-12-24T03:43:34.495186+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549850167.71.56.11622342TCP
                                2024-12-24T03:43:37.140390+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549855167.71.56.11622342TCP
                                2024-12-24T03:43:37.140390+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549855167.71.56.11622342TCP
                                2024-12-24T03:43:39.651284+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549864167.71.56.11622342TCP
                                2024-12-24T03:43:39.651284+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549864167.71.56.11622342TCP
                                2024-12-24T03:43:42.091237+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549872167.71.56.11622342TCP
                                2024-12-24T03:43:42.091237+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549872167.71.56.11622342TCP
                                2024-12-24T03:43:44.432817+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549878167.71.56.11622342TCP
                                2024-12-24T03:43:44.432817+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549878167.71.56.11622342TCP
                                2024-12-24T03:43:46.714076+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549884167.71.56.11622342TCP
                                2024-12-24T03:43:46.714076+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549884167.71.56.11622342TCP
                                2024-12-24T03:43:48.940559+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549890167.71.56.11622342TCP
                                2024-12-24T03:43:48.940559+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549890167.71.56.11622342TCP
                                2024-12-24T03:43:51.028647+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549896167.71.56.11622342TCP
                                2024-12-24T03:43:51.028647+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549896167.71.56.11622342TCP
                                2024-12-24T03:43:53.088885+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549902167.71.56.11622342TCP
                                2024-12-24T03:43:53.088885+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549902167.71.56.11622342TCP
                                2024-12-24T03:43:55.091466+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549908167.71.56.11622342TCP
                                2024-12-24T03:43:55.091466+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549908167.71.56.11622342TCP
                                2024-12-24T03:43:57.059790+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549911167.71.56.11622342TCP
                                2024-12-24T03:43:57.059790+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549911167.71.56.11622342TCP
                                2024-12-24T03:43:58.997569+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549915167.71.56.11622342TCP
                                2024-12-24T03:43:58.997569+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549915167.71.56.11622342TCP
                                2024-12-24T03:44:00.883734+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549921167.71.56.11622342TCP
                                2024-12-24T03:44:00.883734+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549921167.71.56.11622342TCP
                                2024-12-24T03:44:02.699785+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549927167.71.56.11622342TCP
                                2024-12-24T03:44:02.699785+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549927167.71.56.11622342TCP
                                2024-12-24T03:44:04.487222+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549932167.71.56.11622342TCP
                                2024-12-24T03:44:04.487222+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549932167.71.56.11622342TCP
                                2024-12-24T03:44:06.250790+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549935167.71.56.11622342TCP
                                2024-12-24T03:44:06.250790+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549935167.71.56.11622342TCP
                                2024-12-24T03:44:07.924340+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549940167.71.56.11622342TCP
                                2024-12-24T03:44:07.924340+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549940167.71.56.11622342TCP
                                2024-12-24T03:44:09.619729+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549945167.71.56.11622342TCP
                                2024-12-24T03:44:09.619729+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549945167.71.56.11622342TCP
                                2024-12-24T03:44:11.468913+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549948167.71.56.11622342TCP
                                2024-12-24T03:44:11.468913+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549948167.71.56.11622342TCP
                                2024-12-24T03:44:13.088468+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549954167.71.56.11622342TCP
                                2024-12-24T03:44:13.088468+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549954167.71.56.11622342TCP
                                2024-12-24T03:44:14.670029+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549959167.71.56.11622342TCP
                                2024-12-24T03:44:14.670029+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549959167.71.56.11622342TCP
                                2024-12-24T03:44:16.458588+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549961167.71.56.11622342TCP
                                2024-12-24T03:44:16.458588+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549961167.71.56.11622342TCP
                                2024-12-24T03:44:17.978837+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549967167.71.56.11622342TCP
                                2024-12-24T03:44:17.978837+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549967167.71.56.11622342TCP
                                2024-12-24T03:44:19.527186+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549973167.71.56.11622342TCP
                                2024-12-24T03:44:19.527186+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549973167.71.56.11622342TCP
                                2024-12-24T03:44:21.012032+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549974167.71.56.11622342TCP
                                2024-12-24T03:44:21.012032+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549974167.71.56.11622342TCP
                                2024-12-24T03:44:22.479197+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549980167.71.56.11622342TCP
                                2024-12-24T03:44:22.479197+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549980167.71.56.11622342TCP
                                2024-12-24T03:44:23.916274+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549986167.71.56.11622342TCP
                                2024-12-24T03:44:23.916274+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549986167.71.56.11622342TCP
                                2024-12-24T03:44:25.354344+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549987167.71.56.11622342TCP
                                2024-12-24T03:44:25.354344+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549987167.71.56.11622342TCP
                                2024-12-24T03:44:26.775852+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549993167.71.56.11622342TCP
                                2024-12-24T03:44:26.775852+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549993167.71.56.11622342TCP
                                2024-12-24T03:44:27.437639+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549993167.71.56.11622342TCP
                                2024-12-24T03:44:28.169642+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549999167.71.56.11622342TCP
                                2024-12-24T03:44:28.169642+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549999167.71.56.11622342TCP
                                2024-12-24T03:44:29.558902+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550000167.71.56.11622342TCP
                                2024-12-24T03:44:29.558902+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550000167.71.56.11622342TCP
                                2024-12-24T03:44:30.947858+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550006167.71.56.11622342TCP
                                2024-12-24T03:44:30.947858+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550006167.71.56.11622342TCP
                                2024-12-24T03:44:32.322518+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550008167.71.56.11622342TCP
                                2024-12-24T03:44:32.322518+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550008167.71.56.11622342TCP
                                2024-12-24T03:44:33.666668+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550013167.71.56.11622342TCP
                                2024-12-24T03:44:33.666668+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550013167.71.56.11622342TCP
                                2024-12-24T03:44:35.014287+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550018167.71.56.11622342TCP
                                2024-12-24T03:44:35.014287+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550018167.71.56.11622342TCP
                                2024-12-24T03:44:35.345084+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550018167.71.56.11622342TCP
                                2024-12-24T03:44:36.339745+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550020167.71.56.11622342TCP
                                2024-12-24T03:44:36.339745+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550020167.71.56.11622342TCP
                                2024-12-24T03:44:37.666445+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550025167.71.56.11622342TCP
                                2024-12-24T03:44:37.666445+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550025167.71.56.11622342TCP
                                2024-12-24T03:44:38.989552+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550029167.71.56.11622342TCP
                                2024-12-24T03:44:38.989552+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550029167.71.56.11622342TCP
                                2024-12-24T03:44:40.293839+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550033167.71.56.11622342TCP
                                2024-12-24T03:44:40.293839+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550033167.71.56.11622342TCP
                                2024-12-24T03:44:41.588169+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550035167.71.56.11622342TCP
                                2024-12-24T03:44:41.588169+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550035167.71.56.11622342TCP
                                2024-12-24T03:44:41.827411+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550035167.71.56.11622342TCP
                                2024-12-24T03:44:42.869517+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550036167.71.56.11622342TCP
                                2024-12-24T03:44:42.869517+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550036167.71.56.11622342TCP
                                2024-12-24T03:44:44.228764+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550037167.71.56.11622342TCP
                                2024-12-24T03:44:44.228764+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550037167.71.56.11622342TCP
                                2024-12-24T03:44:45.519523+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550038167.71.56.11622342TCP
                                2024-12-24T03:44:45.519523+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550038167.71.56.11622342TCP
                                2024-12-24T03:44:46.548271+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550038167.71.56.11622342TCP
                                2024-12-24T03:44:46.791499+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550039167.71.56.11622342TCP
                                2024-12-24T03:44:46.791499+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550039167.71.56.11622342TCP
                                2024-12-24T03:44:48.060465+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550040167.71.56.11622342TCP
                                2024-12-24T03:44:48.060465+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550040167.71.56.11622342TCP
                                2024-12-24T03:44:49.344442+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550041167.71.56.11622342TCP
                                2024-12-24T03:44:49.344442+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550041167.71.56.11622342TCP
                                2024-12-24T03:44:50.604430+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550042167.71.56.11622342TCP
                                2024-12-24T03:44:50.604430+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550042167.71.56.11622342TCP
                                2024-12-24T03:44:51.853881+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550043167.71.56.11622342TCP
                                2024-12-24T03:44:51.853881+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550043167.71.56.11622342TCP
                                2024-12-24T03:44:53.104831+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550044167.71.56.11622342TCP
                                2024-12-24T03:44:53.104831+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550044167.71.56.11622342TCP
                                2024-12-24T03:44:53.468710+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550044167.71.56.11622342TCP
                                2024-12-24T03:44:54.353767+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550045167.71.56.11622342TCP
                                2024-12-24T03:44:54.353767+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550045167.71.56.11622342TCP
                                2024-12-24T03:44:55.605732+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550046167.71.56.11622342TCP
                                2024-12-24T03:44:55.605732+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550046167.71.56.11622342TCP
                                2024-12-24T03:44:56.875912+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550047167.71.56.11622342TCP
                                2024-12-24T03:44:56.875912+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550047167.71.56.11622342TCP
                                2024-12-24T03:44:57.342983+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550047167.71.56.11622342TCP
                                2024-12-24T03:44:58.104743+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550048167.71.56.11622342TCP
                                2024-12-24T03:44:58.104743+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550048167.71.56.11622342TCP
                                2024-12-24T03:44:58.673978+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550048167.71.56.11622342TCP
                                2024-12-24T03:44:59.338648+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550049167.71.56.11622342TCP
                                2024-12-24T03:44:59.338648+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550049167.71.56.11622342TCP
                                2024-12-24T03:44:59.718681+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550049167.71.56.11622342TCP
                                2024-12-24T03:45:00.577961+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550050167.71.56.11622342TCP
                                2024-12-24T03:45:00.577961+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550050167.71.56.11622342TCP
                                2024-12-24T03:45:01.811232+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550051167.71.56.11622342TCP
                                2024-12-24T03:45:01.811232+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550051167.71.56.11622342TCP
                                2024-12-24T03:45:02.573559+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550051167.71.56.11622342TCP
                                2024-12-24T03:45:03.041537+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550052167.71.56.11622342TCP
                                2024-12-24T03:45:03.041537+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550052167.71.56.11622342TCP
                                2024-12-24T03:45:03.282063+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550052167.71.56.11622342TCP
                                2024-12-24T03:45:04.278874+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550053167.71.56.11622342TCP
                                2024-12-24T03:45:04.278874+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550053167.71.56.11622342TCP
                                2024-12-24T03:45:05.512107+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550054167.71.56.11622342TCP
                                2024-12-24T03:45:05.512107+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550054167.71.56.11622342TCP
                                2024-12-24T03:45:06.733096+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550055167.71.56.11622342TCP
                                2024-12-24T03:45:06.733096+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550055167.71.56.11622342TCP
                                2024-12-24T03:45:07.963717+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550056167.71.56.11622342TCP
                                2024-12-24T03:45:07.963717+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550056167.71.56.11622342TCP
                                2024-12-24T03:45:09.262684+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550057167.71.56.11622342TCP
                                2024-12-24T03:45:09.262684+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550057167.71.56.11622342TCP
                                2024-12-24T03:45:10.482980+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550058167.71.56.11622342TCP
                                2024-12-24T03:45:10.482980+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550058167.71.56.11622342TCP
                                2024-12-24T03:45:11.706340+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550059167.71.56.11622342TCP
                                2024-12-24T03:45:11.706340+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550059167.71.56.11622342TCP
                                2024-12-24T03:45:12.916823+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550060167.71.56.11622342TCP
                                2024-12-24T03:45:12.916823+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550060167.71.56.11622342TCP
                                2024-12-24T03:45:14.160163+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550061167.71.56.11622342TCP
                                2024-12-24T03:45:14.160163+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550061167.71.56.11622342TCP
                                2024-12-24T03:45:15.498213+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550062167.71.56.11622342TCP
                                2024-12-24T03:45:15.498213+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550062167.71.56.11622342TCP
                                2024-12-24T03:45:16.715585+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550063167.71.56.11622342TCP
                                2024-12-24T03:45:16.715585+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550063167.71.56.11622342TCP
                                2024-12-24T03:45:17.916878+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550064167.71.56.11622342TCP
                                2024-12-24T03:45:17.916878+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550064167.71.56.11622342TCP
                                2024-12-24T03:45:19.124611+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550065167.71.56.11622342TCP
                                2024-12-24T03:45:19.124611+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550065167.71.56.11622342TCP
                                2024-12-24T03:45:20.327950+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550066167.71.56.11622342TCP
                                2024-12-24T03:45:20.327950+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550066167.71.56.11622342TCP
                                2024-12-24T03:45:20.567494+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550066167.71.56.11622342TCP
                                2024-12-24T03:45:21.525678+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550067167.71.56.11622342TCP
                                2024-12-24T03:45:21.525678+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550067167.71.56.11622342TCP
                                2024-12-24T03:45:22.769407+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550068167.71.56.11622342TCP
                                2024-12-24T03:45:22.769407+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550068167.71.56.11622342TCP
                                2024-12-24T03:45:23.979395+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550069167.71.56.11622342TCP
                                2024-12-24T03:45:23.979395+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550069167.71.56.11622342TCP
                                2024-12-24T03:45:25.260034+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550070167.71.56.11622342TCP
                                2024-12-24T03:45:25.260034+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550070167.71.56.11622342TCP
                                2024-12-24T03:45:26.467431+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550071167.71.56.11622342TCP
                                2024-12-24T03:45:26.467431+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550071167.71.56.11622342TCP
                                2024-12-24T03:45:27.666433+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550072167.71.56.11622342TCP
                                2024-12-24T03:45:27.666433+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550072167.71.56.11622342TCP
                                2024-12-24T03:45:28.870498+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550073167.71.56.11622342TCP
                                2024-12-24T03:45:28.870498+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550073167.71.56.11622342TCP
                                2024-12-24T03:45:30.073173+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550074167.71.56.11622342TCP
                                2024-12-24T03:45:30.073173+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550074167.71.56.11622342TCP
                                2024-12-24T03:45:31.275705+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550075167.71.56.11622342TCP
                                2024-12-24T03:45:31.275705+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550075167.71.56.11622342TCP
                                2024-12-24T03:45:32.479054+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550076167.71.56.11622342TCP
                                2024-12-24T03:45:32.479054+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550076167.71.56.11622342TCP
                                2024-12-24T03:45:33.681805+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550077167.71.56.11622342TCP
                                2024-12-24T03:45:33.681805+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550077167.71.56.11622342TCP
                                2024-12-24T03:45:34.885340+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550078167.71.56.11622342TCP
                                2024-12-24T03:45:34.885340+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550078167.71.56.11622342TCP
                                2024-12-24T03:45:36.088415+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550079167.71.56.11622342TCP
                                2024-12-24T03:45:36.088415+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550079167.71.56.11622342TCP
                                2024-12-24T03:45:37.314723+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550080167.71.56.11622342TCP
                                2024-12-24T03:45:37.314723+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550080167.71.56.11622342TCP
                                2024-12-24T03:45:38.559296+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550081167.71.56.11622342TCP
                                2024-12-24T03:45:38.559296+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550081167.71.56.11622342TCP
                                2024-12-24T03:45:39.762035+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550082167.71.56.11622342TCP
                                2024-12-24T03:45:39.762035+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550082167.71.56.11622342TCP
                                2024-12-24T03:45:40.965123+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550083167.71.56.11622342TCP
                                2024-12-24T03:45:40.965123+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550083167.71.56.11622342TCP
                                2024-12-24T03:45:42.167155+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550084167.71.56.11622342TCP
                                2024-12-24T03:45:42.167155+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550084167.71.56.11622342TCP
                                2024-12-24T03:45:43.369376+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550085167.71.56.11622342TCP
                                2024-12-24T03:45:43.369376+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550085167.71.56.11622342TCP
                                2024-12-24T03:45:44.556778+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550086167.71.56.11622342TCP
                                2024-12-24T03:45:44.556778+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550086167.71.56.11622342TCP
                                2024-12-24T03:45:45.125637+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550086167.71.56.11622342TCP
                                2024-12-24T03:45:45.775907+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550087167.71.56.11622342TCP
                                2024-12-24T03:45:45.775907+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550087167.71.56.11622342TCP
                                2024-12-24T03:45:46.978825+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550088167.71.56.11622342TCP
                                2024-12-24T03:45:46.978825+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550088167.71.56.11622342TCP
                                2024-12-24T03:45:48.183546+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550089167.71.56.11622342TCP
                                2024-12-24T03:45:48.183546+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550089167.71.56.11622342TCP
                                2024-12-24T03:45:49.462884+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550090167.71.56.11622342TCP
                                2024-12-24T03:45:49.462884+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550090167.71.56.11622342TCP
                                2024-12-24T03:45:50.670000+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550091167.71.56.11622342TCP
                                2024-12-24T03:45:50.670000+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550091167.71.56.11622342TCP
                                2024-12-24T03:45:51.878338+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550092167.71.56.11622342TCP
                                2024-12-24T03:45:51.878338+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550092167.71.56.11622342TCP
                                2024-12-24T03:45:52.359880+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550092167.71.56.11622342TCP
                                2024-12-24T03:45:53.072427+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550093167.71.56.11622342TCP
                                2024-12-24T03:45:53.072427+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550093167.71.56.11622342TCP
                                2024-12-24T03:45:54.285286+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550094167.71.56.11622342TCP
                                2024-12-24T03:45:54.285286+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550094167.71.56.11622342TCP
                                2024-12-24T03:45:55.478700+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550095167.71.56.11622342TCP
                                2024-12-24T03:45:55.478700+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550095167.71.56.11622342TCP
                                2024-12-24T03:45:56.666629+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550096167.71.56.11622342TCP
                                2024-12-24T03:45:56.666629+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550096167.71.56.11622342TCP
                                2024-12-24T03:45:57.853580+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550097167.71.56.11622342TCP
                                2024-12-24T03:45:57.853580+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550097167.71.56.11622342TCP
                                2024-12-24T03:45:59.041215+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550098167.71.56.11622342TCP
                                2024-12-24T03:45:59.041215+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550098167.71.56.11622342TCP
                                2024-12-24T03:46:00.251802+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550099167.71.56.11622342TCP
                                2024-12-24T03:46:00.251802+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550099167.71.56.11622342TCP
                                2024-12-24T03:46:01.433418+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550100167.71.56.11622342TCP
                                2024-12-24T03:46:01.433418+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550100167.71.56.11622342TCP
                                2024-12-24T03:46:02.176704+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550100167.71.56.11622342TCP
                                2024-12-24T03:46:02.638499+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550101167.71.56.11622342TCP
                                2024-12-24T03:46:02.638499+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550101167.71.56.11622342TCP
                                2024-12-24T03:46:03.838310+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550102167.71.56.11622342TCP
                                2024-12-24T03:46:03.838310+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550102167.71.56.11622342TCP
                                2024-12-24T03:46:05.041530+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550103167.71.56.11622342TCP
                                2024-12-24T03:46:05.041530+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550103167.71.56.11622342TCP
                                2024-12-24T03:46:06.244540+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550104167.71.56.11622342TCP
                                2024-12-24T03:46:06.244540+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550104167.71.56.11622342TCP
                                2024-12-24T03:46:07.447305+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550105167.71.56.11622342TCP
                                2024-12-24T03:46:07.447305+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550105167.71.56.11622342TCP
                                2024-12-24T03:46:08.650805+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550106167.71.56.11622342TCP
                                2024-12-24T03:46:08.650805+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550106167.71.56.11622342TCP
                                2024-12-24T03:46:09.886639+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550107167.71.56.11622342TCP
                                2024-12-24T03:46:09.886639+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550107167.71.56.11622342TCP
                                2024-12-24T03:46:10.523203+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550107167.71.56.11622342TCP
                                2024-12-24T03:46:11.088603+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550108167.71.56.11622342TCP
                                2024-12-24T03:46:11.088603+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550108167.71.56.11622342TCP
                                2024-12-24T03:46:12.291593+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550109167.71.56.11622342TCP
                                2024-12-24T03:46:12.291593+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550109167.71.56.11622342TCP
                                2024-12-24T03:46:13.513078+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550110167.71.56.11622342TCP
                                2024-12-24T03:46:13.513078+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550110167.71.56.11622342TCP
                                2024-12-24T03:46:14.691428+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550111167.71.56.11622342TCP
                                2024-12-24T03:46:14.691428+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550111167.71.56.11622342TCP
                                2024-12-24T03:46:15.879354+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550112167.71.56.11622342TCP
                                2024-12-24T03:46:15.879354+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550112167.71.56.11622342TCP
                                2024-12-24T03:46:17.070069+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550113167.71.56.11622342TCP
                                2024-12-24T03:46:17.070069+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550113167.71.56.11622342TCP
                                2024-12-24T03:46:18.266432+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550114167.71.56.11622342TCP
                                2024-12-24T03:46:18.266432+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550114167.71.56.11622342TCP
                                2024-12-24T03:46:18.506143+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550114167.71.56.11622342TCP
                                2024-12-24T03:46:19.447944+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550115167.71.56.11622342TCP
                                2024-12-24T03:46:19.447944+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550115167.71.56.11622342TCP
                                2024-12-24T03:46:20.637359+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550116167.71.56.11622342TCP
                                2024-12-24T03:46:20.637359+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550116167.71.56.11622342TCP
                                2024-12-24T03:46:21.163215+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550116167.71.56.11622342TCP
                                2024-12-24T03:46:21.827327+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550117167.71.56.11622342TCP
                                2024-12-24T03:46:21.827327+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550117167.71.56.11622342TCP
                                2024-12-24T03:46:23.012600+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550118167.71.56.11622342TCP
                                2024-12-24T03:46:23.012600+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550118167.71.56.11622342TCP
                                2024-12-24T03:46:24.207497+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550119167.71.56.11622342TCP
                                2024-12-24T03:46:24.207497+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550119167.71.56.11622342TCP
                                2024-12-24T03:46:25.402623+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550120167.71.56.11622342TCP
                                2024-12-24T03:46:25.402623+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550120167.71.56.11622342TCP
                                2024-12-24T03:46:26.619599+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550121167.71.56.11622342TCP
                                2024-12-24T03:46:26.619599+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550121167.71.56.11622342TCP
                                2024-12-24T03:46:27.442555+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.550121167.71.56.11622342TCP
                                2024-12-24T03:46:27.807153+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550122167.71.56.11622342TCP
                                2024-12-24T03:46:27.807153+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550122167.71.56.11622342TCP
                                2024-12-24T03:46:28.994042+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.550123167.71.56.11622342TCP
                                2024-12-24T03:46:28.994042+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.550123167.71.56.11622342TCP
                                TimestampSource PortDest PortSource IPDest IP
                                Dec 24, 2024 03:42:31.524642944 CET4970422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:31.644256115 CET2234249704167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:31.644598007 CET4970422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:31.917473078 CET4970422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:32.037026882 CET2234249704167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:32.037096977 CET4970422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:32.156613111 CET2234249704167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:32.710587025 CET2234249704167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:32.710668087 CET4970422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:34.718803883 CET4970422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:34.719243050 CET4970522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:34.839144945 CET2234249704167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:34.839201927 CET2234249705167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:34.839289904 CET4970522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:34.840507030 CET4970522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:34.960200071 CET2234249705167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:34.960264921 CET4970522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:35.079869986 CET2234249705167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:35.907987118 CET2234249705167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:35.908083916 CET4970522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:37.921550989 CET4970522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:37.921845913 CET4970722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:38.041248083 CET2234249705167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:38.041431904 CET2234249707167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:38.041516066 CET4970722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:38.042047024 CET4970722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:38.161569118 CET2234249707167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:38.161626101 CET4970722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:38.281209946 CET2234249707167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:39.109716892 CET2234249707167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:39.109783888 CET4970722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:41.124336004 CET4970722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:41.124696016 CET4971422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:41.244008064 CET2234249707167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:41.244296074 CET2234249714167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:41.244388103 CET4971422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:41.244863033 CET4971422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:41.364648104 CET2234249714167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:41.364799023 CET4971422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:41.484385967 CET2234249714167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:42.312114000 CET2234249714167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:42.312172890 CET4971422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:44.327518940 CET4971422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:44.327877998 CET4972222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:44.447521925 CET2234249714167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:44.447617054 CET2234249722167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:44.447732925 CET4972222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:44.450836897 CET4972222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:44.570339918 CET2234249722167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:44.570415974 CET4972222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:44.689924002 CET2234249722167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:45.515281916 CET2234249722167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:45.515347004 CET4972222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:47.530864954 CET4972222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:47.531248093 CET4972922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:47.650382042 CET2234249722167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:47.650862932 CET2234249729167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:47.650945902 CET4972922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:47.651429892 CET4972922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:47.770998001 CET2234249729167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:47.772252083 CET4972922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:47.891896963 CET2234249729167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:48.715989113 CET2234249729167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:48.716053963 CET4972922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:50.718470097 CET4972922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:50.718774080 CET4973922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:50.838032007 CET2234249729167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:50.838265896 CET2234249739167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:50.838335991 CET4973922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:50.838855028 CET4973922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:50.958863974 CET2234249739167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:50.960190058 CET4973922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:51.080517054 CET2234249739167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:51.902333975 CET2234249739167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:51.904222965 CET4973922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:53.905483007 CET4973922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:53.905977964 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:54.025053024 CET2234249739167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:54.025417089 CET2234249746167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:54.025484085 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:54.026484013 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:54.145944118 CET2234249746167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:54.146003962 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:54.265481949 CET2234249746167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:54.315776110 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:54.435317993 CET2234249746167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:55.089643955 CET2234249746167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:55.089807987 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:57.092972994 CET4974622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:57.093336105 CET4975222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:57.212505102 CET2234249746167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:57.212764025 CET2234249752167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:57.212883949 CET4975222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:57.213454962 CET4975222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:57.332869053 CET2234249752167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:57.335108042 CET4975222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:42:57.454746008 CET2234249752167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:58.279402971 CET2234249752167.71.56.116192.168.2.5
                                Dec 24, 2024 03:42:58.279485941 CET4975222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:00.283761978 CET4975222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:00.284185886 CET4976322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:00.403474092 CET2234249752167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:00.403825998 CET2234249763167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:00.403928995 CET4976322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:00.404748917 CET4976322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:00.524187088 CET2234249763167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:00.524290085 CET4976322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:00.644022942 CET2234249763167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:01.472302914 CET2234249763167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:01.472382069 CET4976322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:03.483633041 CET4976322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:03.484390974 CET4976922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:03.603182077 CET2234249763167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:03.603913069 CET2234249769167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:03.604027033 CET4976922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:03.604465008 CET4976922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:03.724033117 CET2234249769167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:03.726285934 CET4976922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:03.845871925 CET2234249769167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:04.668406010 CET2234249769167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:04.668483019 CET4976922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:06.671164989 CET4976922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:06.671427011 CET4978022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:06.791135073 CET2234249769167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:06.791182041 CET2234249780167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:06.791290998 CET4978022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:06.791786909 CET4978022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:06.911393881 CET2234249780167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:06.916230917 CET4978022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:07.035875082 CET2234249780167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:07.858625889 CET2234249780167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:07.858757973 CET4978022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:09.874408007 CET4978022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:09.874697924 CET4978622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:09.994016886 CET2234249780167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:09.994535923 CET2234249786167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:09.994658947 CET4978622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:09.995358944 CET4978622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:10.114898920 CET2234249786167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:10.115130901 CET4978622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:10.234751940 CET2234249786167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:11.058911085 CET2234249786167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:11.059097052 CET4978622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:13.061831951 CET4978622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:13.062210083 CET4979722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:13.181583881 CET2234249786167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:13.181771040 CET2234249797167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:13.181854010 CET4979722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:13.182429075 CET4979722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:13.301908016 CET2234249797167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:13.301987886 CET4979722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:13.421623945 CET2234249797167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:14.262290001 CET2234249797167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:14.262360096 CET4979722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:16.281040907 CET4979722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:16.282618046 CET4980322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:16.400648117 CET2234249797167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:16.402252913 CET2234249803167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:16.402358055 CET4980322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:16.416323900 CET4980322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:16.535758972 CET2234249803167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:16.535881042 CET4980322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:16.655405045 CET2234249803167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:17.505769014 CET2234249803167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:17.506660938 CET4980322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:19.638889074 CET4980322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:19.639328003 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:19.758547068 CET2234249803167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:19.758882999 CET2234249809167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:19.758981943 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:19.765068054 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:19.884622097 CET2234249809167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:19.884722948 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:20.004336119 CET2234249809167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:20.004426956 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:20.124109983 CET2234249809167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:20.822928905 CET2234249809167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:20.823101044 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:22.827373028 CET4980922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:22.839835882 CET4982122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:22.947043896 CET2234249809167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:22.959438086 CET2234249821167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:22.959518909 CET4982122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:22.960273027 CET4982122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:23.079838991 CET2234249821167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:23.080235958 CET4982122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:23.199882984 CET2234249821167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:24.024162054 CET2234249821167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:24.024234056 CET4982122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:25.905648947 CET4982122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:25.906061888 CET4982722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:26.025372028 CET2234249821167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:26.025743961 CET2234249827167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:26.025840044 CET4982722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:26.026530027 CET4982722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:26.146842003 CET2234249827167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:26.146994114 CET4982722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:26.266659975 CET2234249827167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:27.095182896 CET2234249827167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:27.095253944 CET4982722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:28.843146086 CET4982722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:28.843561888 CET4983822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:28.962764978 CET2234249827167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:28.963238955 CET2234249838167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:28.963422060 CET4983822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:28.964168072 CET4983822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:29.083767891 CET2234249838167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:29.083848953 CET4983822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:29.203748941 CET2234249838167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:30.031864882 CET2234249838167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:30.031948090 CET4983822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:31.671307087 CET4983822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:31.671605110 CET4984422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:31.791295052 CET2234249838167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:31.791331053 CET2234249844167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:31.791479111 CET4984422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:31.792460918 CET4984422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:31.911959887 CET2234249844167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:31.912209988 CET4984422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:32.032130957 CET2234249844167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:32.855138063 CET2234249844167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:32.855294943 CET4984422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:34.374290943 CET4984422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:34.374727011 CET4985022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:34.494018078 CET2234249844167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:34.494201899 CET2234249850167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:34.494309902 CET4985022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:34.495186090 CET4985022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:34.614671946 CET2234249850167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:34.614794016 CET4985022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:34.734442949 CET2234249850167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:35.558032990 CET2234249850167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:35.558106899 CET4985022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:36.983581066 CET4985022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:36.983999014 CET4985522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:37.138780117 CET2234249850167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:37.138803005 CET2234249855167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:37.138988018 CET4985522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:37.140389919 CET4985522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:37.260123968 CET2234249855167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:37.260262012 CET4985522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:37.379770041 CET2234249855167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:38.205540895 CET2234249855167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:38.205687046 CET4985522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:39.530385017 CET4985522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:39.530760050 CET4986422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:39.649924040 CET2234249855167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:39.650249958 CET2234249864167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:39.650312901 CET4986422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:39.651283979 CET4986422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:39.770819902 CET2234249864167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:39.770921946 CET4986422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:39.890491009 CET2234249864167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:40.719006062 CET2234249864167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:40.720160961 CET4986422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:41.969252110 CET4986422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:41.969839096 CET4987222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:42.088836908 CET2234249864167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:42.089411974 CET2234249872167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:42.089551926 CET4987222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:42.091237068 CET4987222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:42.210880041 CET2234249872167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:42.210982084 CET4987222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:42.331384897 CET2234249872167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:43.155756950 CET2234249872167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:43.155819893 CET4987222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:44.311717033 CET4987222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:44.312167883 CET4987822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:44.431435108 CET2234249872167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:44.431647062 CET2234249878167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:44.431790113 CET4987822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:44.432816982 CET4987822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:44.552268982 CET2234249878167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:44.552963018 CET4987822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:44.672534943 CET2234249878167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:45.495562077 CET2234249878167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:45.495784998 CET4987822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:46.592888117 CET4987822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:46.593285084 CET4988422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:46.712629080 CET2234249878167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:46.712817907 CET2234249884167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:46.712881088 CET4988422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:46.714076042 CET4988422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:46.833548069 CET2234249884167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:46.833710909 CET4988422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:46.953440905 CET2234249884167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:47.776396990 CET2234249884167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:47.776500940 CET4988422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:48.780405998 CET4988422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:48.780993938 CET4989022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:48.900213957 CET2234249884167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:48.900846004 CET2234249890167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:48.900994062 CET4989022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:48.940558910 CET4989022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:49.060132027 CET2234249890167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:49.060343027 CET4989022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:49.181072950 CET2234249890167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:49.968728065 CET2234249890167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:49.968811035 CET4989022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:50.905436993 CET4989022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:50.905895948 CET4989622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:51.025170088 CET2234249890167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:51.025355101 CET2234249896167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:51.025437117 CET4989622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:51.028646946 CET4989622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:51.148185968 CET2234249896167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:51.148261070 CET4989622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:51.269179106 CET2234249896167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:52.089844942 CET2234249896167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:52.089942932 CET4989622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:52.967865944 CET4989622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:52.968229055 CET4990222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:53.087727070 CET2234249896167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:53.087762117 CET2234249902167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:53.087857962 CET4990222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:53.088885069 CET4990222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:53.208462000 CET2234249902167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:53.208601952 CET4990222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:53.328232050 CET2234249902167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:54.152012110 CET2234249902167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:54.152139902 CET4990222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:54.969032049 CET4990222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:54.970489979 CET4990822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:55.089617968 CET2234249902167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:55.090038061 CET2234249908167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:55.090214968 CET4990822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:55.091465950 CET4990822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:55.212065935 CET2234249908167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:55.216134071 CET4990822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:55.336128950 CET2234249908167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:56.161418915 CET2234249908167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:56.161567926 CET4990822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:56.938700914 CET4990822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:56.939188004 CET4991122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:57.058165073 CET2234249908167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:57.058654070 CET2234249911167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:57.058753967 CET4991122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:57.059789896 CET4991122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:57.181466103 CET2234249911167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:57.184169054 CET4991122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:57.305675030 CET2234249911167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:58.128096104 CET2234249911167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:58.128369093 CET4991122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:58.869865894 CET4991122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:58.870666981 CET4991522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:58.989384890 CET2234249911167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:58.990062952 CET2234249915167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:58.990132093 CET4991522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:58.997569084 CET4991522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:59.117111921 CET2234249915167.71.56.116192.168.2.5
                                Dec 24, 2024 03:43:59.117171049 CET4991522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:43:59.236696005 CET2234249915167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:00.054264069 CET2234249915167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:00.054371119 CET4991522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:00.717819929 CET4991522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:00.718194962 CET4992122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:00.881242990 CET2234249915167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:00.881268978 CET2234249921167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:00.881371975 CET4992122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:00.883733988 CET4992122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:01.003160954 CET2234249921167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:01.006220102 CET4992122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:01.125720978 CET2234249921167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:01.945458889 CET2234249921167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:01.945534945 CET4992122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:02.579387903 CET4992122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:02.579668045 CET4992722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:02.699028969 CET2234249921167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:02.699148893 CET2234249927167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:02.699261904 CET4992722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:02.699784994 CET4992722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:02.819353104 CET2234249927167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:02.819431067 CET4992722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:02.938991070 CET2234249927167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:03.766463995 CET2234249927167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:03.766530991 CET4992722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:04.366779089 CET4992722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:04.367136955 CET4993222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:04.486332893 CET2234249927167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:04.486572027 CET2234249932167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:04.486666918 CET4993222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:04.487221956 CET4993222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:04.606646061 CET2234249932167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:04.608205080 CET4993222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:04.727710962 CET2234249932167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:05.554316998 CET2234249932167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:05.554378986 CET4993222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:06.108398914 CET4993222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:06.108691931 CET4993522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:06.227837086 CET2234249932167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:06.228130102 CET2234249935167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:06.228267908 CET4993522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:06.250790119 CET4993522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:06.370342970 CET2234249935167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:06.370465994 CET4993522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:06.489903927 CET2234249935167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:07.291582108 CET2234249935167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:07.291635036 CET4993522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:07.803390980 CET4993522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:07.803836107 CET4994022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:07.922816038 CET2234249935167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:07.923347950 CET2234249940167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:07.923432112 CET4994022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:07.924340010 CET4994022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:08.045253038 CET2234249940167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:08.045372963 CET4994022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:08.166344881 CET2234249940167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:09.014683962 CET2234249940167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:09.014770031 CET4994022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:09.499275923 CET4994022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:09.499646902 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:09.618772030 CET2234249940167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:09.619082928 CET2234249945167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:09.619148016 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:09.619729042 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:09.739223003 CET2234249945167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:09.739269018 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:09.858762980 CET2234249945167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:10.683661938 CET2234249945167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:10.684072971 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.124036074 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.124326944 CET4994822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.467753887 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.468190908 CET2234249945167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:11.468205929 CET2234249948167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:11.468302011 CET4994822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.468913078 CET4994822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.587449074 CET2234249945167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:11.587563038 CET4994522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.588325977 CET2234249948167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:11.588396072 CET4994822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:11.707848072 CET2234249948167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:12.546797037 CET2234249948167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:12.546880960 CET4994822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:12.967964888 CET4994822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:12.968286037 CET4995422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:13.087426901 CET2234249948167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:13.087750912 CET2234249954167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:13.087852955 CET4995422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:13.088468075 CET4995422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:13.207926035 CET2234249954167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:13.208074093 CET4995422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:13.327548981 CET2234249954167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:14.151683092 CET2234249954167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:14.151746988 CET4995422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:14.546009064 CET4995422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:14.549663067 CET4995922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:14.665676117 CET2234249954167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:14.669245005 CET2234249959167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:14.669517994 CET4995922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:14.670028925 CET4995922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:14.789513111 CET2234249959167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:14.789596081 CET4995922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:14.909301043 CET2234249959167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:15.963793993 CET2234249959167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:15.964169025 CET4995922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:16.337768078 CET4995922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:16.338221073 CET4996122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:16.457175970 CET2234249959167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:16.457688093 CET2234249961167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:16.457763910 CET4996122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:16.458587885 CET4996122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:16.578010082 CET2234249961167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:16.578118086 CET4996122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:16.697623014 CET2234249961167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:17.521580935 CET2234249961167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:17.521728992 CET4996122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:17.858381033 CET4996122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:17.858678102 CET4996722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:17.978024006 CET2234249961167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:17.978161097 CET2234249967167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:17.978243113 CET4996722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:17.978837013 CET4996722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:18.098349094 CET2234249967167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:18.100100040 CET4996722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:18.219629049 CET2234249967167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:19.077261925 CET2234249967167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:19.080102921 CET4996722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:19.405807972 CET4996722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:19.406328917 CET4997322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:19.525398016 CET2234249967167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:19.525752068 CET2234249973167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:19.525840044 CET4997322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:19.527185917 CET4997322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:19.646694899 CET2234249973167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:19.646779060 CET4997322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:19.766843081 CET2234249973167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:20.592859983 CET2234249973167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:20.592982054 CET4997322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:20.891470909 CET4997322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:20.891858101 CET4997422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:21.011076927 CET2234249973167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:21.011348963 CET2234249974167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:21.011451006 CET4997422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:21.012032032 CET4997422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:21.131475925 CET2234249974167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:21.132122993 CET4997422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:21.251873016 CET2234249974167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:22.075711966 CET2234249974167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:22.078284979 CET4997422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:22.358478069 CET4997422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:22.358908892 CET4998022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:22.478239059 CET2234249974167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:22.478526115 CET2234249980167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:22.478610039 CET4998022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:22.479197025 CET4998022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:22.598689079 CET2234249980167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:22.598901987 CET4998022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:22.718530893 CET2234249980167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:23.541385889 CET2234249980167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:23.541455030 CET4998022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:23.795850039 CET4998022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:23.796154976 CET4998622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:23.915385008 CET2234249980167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:23.915538073 CET2234249986167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:23.915606976 CET4998622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:23.916274071 CET4998622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:24.035830975 CET2234249986167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:24.035913944 CET4998622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:24.155500889 CET2234249986167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:24.982942104 CET2234249986167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:24.983134031 CET4998622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:25.233412027 CET4998622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:25.233830929 CET4998722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:25.352878094 CET2234249986167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:25.353322029 CET2234249987167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:25.353435993 CET4998722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:25.354343891 CET4998722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:25.473944902 CET2234249987167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:25.474494934 CET4998722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:25.594022036 CET2234249987167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:26.421269894 CET2234249987167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:26.421375990 CET4998722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:26.655389071 CET4998722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:26.655692101 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:26.774980068 CET2234249987167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:26.775151014 CET2234249993167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:26.775235891 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:26.775851965 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:26.895364046 CET2234249993167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:26.895471096 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:27.015275955 CET2234249993167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:27.437638998 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:27.557092905 CET2234249993167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:27.839102983 CET2234249993167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:27.839204073 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:28.046984911 CET4999322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:28.047246933 CET4999922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:28.168653011 CET2234249993167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:28.168940067 CET2234249999167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:28.169019938 CET4999922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:28.169641972 CET4999922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:28.290437937 CET2234249999167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:28.290538073 CET4999922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:28.411406040 CET2234249999167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:29.238157034 CET2234249999167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:29.238221884 CET4999922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:29.436991930 CET4999922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:29.438354015 CET5000022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:29.557497978 CET2234249999167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:29.558182001 CET2234250000167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:29.558394909 CET5000022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:29.558902025 CET5000022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:29.678355932 CET2234250000167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:29.678492069 CET5000022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:29.798079014 CET2234250000167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:30.634094000 CET2234250000167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:30.634160995 CET5000022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:30.827193022 CET5000022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:30.827491045 CET5000622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:30.946856976 CET2234250000167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:30.947117090 CET2234250006167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:30.947201014 CET5000622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:30.947858095 CET5000622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:31.067392111 CET2234250006167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:31.067490101 CET5000622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:31.187165022 CET2234250006167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:32.019258022 CET2234250006167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:32.020081997 CET5000622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:32.202088118 CET5000622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:32.202378035 CET5000822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:32.321712017 CET2234250006167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:32.321839094 CET2234250008167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:32.321914911 CET5000822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:32.322518110 CET5000822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:32.441931963 CET2234250008167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:32.441988945 CET5000822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:32.561561108 CET2234250008167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:33.386013985 CET2234250008167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:33.386089087 CET5000822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:33.545881033 CET5000822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:33.546261072 CET5001322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:33.665461063 CET2234250008167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:33.665718079 CET2234250013167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:33.665803909 CET5001322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:33.666667938 CET5001322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:33.786231041 CET2234250013167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:33.786325932 CET5001322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:33.905917883 CET2234250013167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:34.729979992 CET2234250013167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:34.730055094 CET5001322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:34.893825054 CET5001322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:34.894176006 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:35.013487101 CET2234250013167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:35.013623953 CET2234250018167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:35.013708115 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:35.014286995 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:35.133806944 CET2234250018167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:35.134107113 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:35.254729033 CET2234250018167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:35.345083952 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:35.464736938 CET2234250018167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:36.076786041 CET2234250018167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:36.078231096 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:36.217772961 CET5001822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:36.219573021 CET5002022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:36.337305069 CET2234250018167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:36.339054108 CET2234250020167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:36.339190960 CET5002022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:36.339745045 CET5002022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:36.459187031 CET2234250020167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:36.459271908 CET5002022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:36.580610991 CET2234250020167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:37.406591892 CET2234250020167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:37.406671047 CET5002022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:37.545984983 CET5002022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:37.546225071 CET5002522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:37.665575027 CET2234250020167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:37.665734053 CET2234250025167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:37.665939093 CET5002522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:37.666445017 CET5002522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:37.786123037 CET2234250025167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:37.786247969 CET5002522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:37.905875921 CET2234250025167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:38.729310989 CET2234250025167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:38.729372025 CET5002522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:38.869196892 CET5002522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:38.869401932 CET5002922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:38.988796949 CET2234250025167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:38.988900900 CET2234250029167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:38.988961935 CET5002922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:38.989552021 CET5002922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:39.109153986 CET2234250029167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:39.109252930 CET5002922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:39.229212046 CET2234250029167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:40.052607059 CET2234250029167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:40.054177046 CET5002922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:40.170871019 CET5002922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:40.171219110 CET5003322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:40.290417910 CET2234250029167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:40.290677071 CET2234250033167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:40.290760994 CET5003322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:40.293838978 CET5003322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:40.413345098 CET2234250033167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:40.413420916 CET5003322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:40.532980919 CET2234250033167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:41.358712912 CET2234250033167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:41.358795881 CET5003322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.467741013 CET5003322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.468039036 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.587332964 CET2234250033167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:41.587503910 CET2234250035167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:41.587613106 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.588169098 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.707747936 CET2234250035167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:41.707843065 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.827362061 CET2234250035167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:41.827410936 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:41.946903944 CET2234250035167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:42.651595116 CET2234250035167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:42.651655912 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:42.749032021 CET5003522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:42.749524117 CET5003622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:42.868484974 CET2234250035167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:42.868944883 CET2234250036167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:42.869010925 CET5003622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:42.869517088 CET5003622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:43.033920050 CET2234250036167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:43.034010887 CET5003622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:43.153506041 CET2234250036167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:43.999070883 CET2234250036167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:44.004107952 CET5003622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:44.108323097 CET5003622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:44.108577967 CET5003722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:44.227823019 CET2234250036167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:44.228046894 CET2234250037167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:44.228136063 CET5003722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:44.228764057 CET5003722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:44.349155903 CET2234250037167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:44.349277020 CET5003722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:44.471873999 CET2234250037167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:45.291857958 CET2234250037167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:45.292102098 CET5003722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:45.398418903 CET5003722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:45.399025917 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:45.518146038 CET2234250037167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:45.518580914 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:45.518743038 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:45.519522905 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:45.639072895 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:45.639291048 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:45.758961916 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.548270941 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:46.582377911 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.582511902 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:46.668946981 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.670846939 CET5003822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:46.671303988 CET5003922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:46.702059984 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.790605068 CET2234250038167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.790802002 CET2234250039167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.790899992 CET5003922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:46.791498899 CET5003922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:46.911032915 CET2234250039167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:46.911103964 CET5003922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:47.030723095 CET2234250039167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:47.854635000 CET2234250039167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:47.854702950 CET5003922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:47.939784050 CET5003922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:47.940042019 CET5004022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:48.059566975 CET2234250039167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:48.059608936 CET2234250040167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:48.059845924 CET5004022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:48.060465097 CET5004022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:48.180800915 CET2234250040167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:48.180895090 CET5004022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:48.300663948 CET2234250040167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:49.127621889 CET2234250040167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:49.127744913 CET5004022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:49.203008890 CET5004022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:49.222783089 CET5004122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:49.322731972 CET2234250040167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:49.343206882 CET2234250041167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:49.343328953 CET5004122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:49.344441891 CET5004122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:49.464066982 CET2234250041167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:49.464133024 CET5004122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:49.583766937 CET2234250041167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:50.410413980 CET2234250041167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:50.410603046 CET5004122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:50.483892918 CET5004122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:50.484173059 CET5004222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:50.603446960 CET2234250041167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:50.603730917 CET2234250042167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:50.603858948 CET5004222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:50.604429960 CET5004222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:50.724035978 CET2234250042167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:50.726485014 CET5004222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:50.846122026 CET2234250042167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:51.666882992 CET2234250042167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:51.667067051 CET5004222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:51.733372927 CET5004222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:51.733705997 CET5004322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:51.852963924 CET2234250042167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:51.853187084 CET2234250043167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:51.853359938 CET5004322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:51.853880882 CET5004322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:51.973289013 CET2234250043167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:51.973375082 CET5004322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:52.093106031 CET2234250043167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:52.925816059 CET2234250043167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:52.926184893 CET5004322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:52.983639956 CET5004322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:52.983959913 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:53.103286028 CET2234250043167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:53.103764057 CET2234250044167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:53.103954077 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:53.104830980 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:53.225382090 CET2234250044167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:53.225526094 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:53.345149040 CET2234250044167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:53.468709946 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:53.588140965 CET2234250044167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:54.172200918 CET2234250044167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:54.176064014 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:54.233309031 CET5004422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:54.233603954 CET5004522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:54.352840900 CET2234250044167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:54.353071928 CET2234250045167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:54.353198051 CET5004522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:54.353766918 CET5004522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:54.473193884 CET2234250045167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:54.476049900 CET5004522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:54.595638037 CET2234250045167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:55.421289921 CET2234250045167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:55.421411991 CET5004522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:55.484869003 CET5004522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:55.485161066 CET5004622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:55.604578972 CET2234250045167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:55.604665041 CET2234250046167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:55.604737043 CET5004622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:55.605731964 CET5004622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:55.725368977 CET2234250046167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:55.725493908 CET5004622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:55.845236063 CET2234250046167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:56.686033964 CET2234250046167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:56.690248966 CET5004622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:56.749212980 CET5004622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:56.751182079 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:56.868789911 CET2234250046167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:56.870688915 CET2234250047167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:56.874962091 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:56.875911951 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:56.995424032 CET2234250047167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:56.998230934 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:57.131597042 CET2234250047167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:57.342983007 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:57.462605000 CET2234250047167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:57.939362049 CET2234250047167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:57.939450026 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:57.983849049 CET5004722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:57.984534979 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:58.103406906 CET2234250047167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:58.104085922 CET2234250048167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:58.104173899 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:58.104743004 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:58.224278927 CET2234250048167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:58.224404097 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:58.344135046 CET2234250048167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:58.673978090 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:58.793665886 CET2234250048167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:59.173089981 CET2234250048167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:59.173190117 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.217736959 CET5004822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.218100071 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.337251902 CET2234250048167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:59.337553978 CET2234250049167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:59.337745905 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.338648081 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.458101988 CET2234250049167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:59.458317041 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.577872992 CET2234250049167.71.56.116192.168.2.5
                                Dec 24, 2024 03:44:59.718681097 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:44:59.838201046 CET2234250049167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:00.404632092 CET2234250049167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:00.404731989 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:00.452033997 CET5004922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:00.452501059 CET5005022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:00.571508884 CET2234250049167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:00.572053909 CET2234250050167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:00.576076031 CET5005022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:00.577960968 CET5005022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:00.697511911 CET2234250050167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:00.697572947 CET5005022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:00.817226887 CET2234250050167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:01.649081945 CET2234250050167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:01.650233984 CET5005022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:01.686434984 CET5005022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:01.690104008 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:01.806016922 CET2234250050167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:01.809631109 CET2234250051167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:01.810431957 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:01.811232090 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:01.930838108 CET2234250051167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:01.932106972 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:02.051788092 CET2234250051167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:02.573559046 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:02.693471909 CET2234250051167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:02.874141932 CET2234250051167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:02.874233961 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:02.920784950 CET5005122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:02.921184063 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:03.040323973 CET2234250051167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:03.040610075 CET2234250052167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:03.040688992 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:03.041537046 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:03.160970926 CET2234250052167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:03.161151886 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:03.280670881 CET2234250052167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:03.282063007 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:03.401525974 CET2234250052167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:04.112489939 CET2234250052167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:04.114433050 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:04.155739069 CET5005222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:04.158307076 CET5005322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:04.275418997 CET2234250052167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:04.277761936 CET2234250053167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:04.277913094 CET5005322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:04.278873920 CET5005322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:04.398396015 CET2234250053167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:04.398488045 CET5005322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:04.517999887 CET2234250053167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:05.351277113 CET2234250053167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:05.351394892 CET5005322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:05.389653921 CET5005322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:05.390595913 CET5005422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:05.509376049 CET2234250053167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:05.510309935 CET2234250054167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:05.511006117 CET5005422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:05.512106895 CET5005422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:05.631495953 CET2234250054167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:05.631737947 CET5005422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:05.751251936 CET2234250054167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:06.575464010 CET2234250054167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:06.575527906 CET5005422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:06.609211922 CET5005422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:06.612416983 CET5005522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:06.728904009 CET2234250054167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:06.731964111 CET2234250055167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:06.732048035 CET5005522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:06.733095884 CET5005522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:06.852551937 CET2234250055167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:06.852650881 CET5005522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:06.972198963 CET2234250055167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:07.808325052 CET2234250055167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:07.810126066 CET5005522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:07.842796087 CET5005522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:07.843280077 CET5005622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:07.962543011 CET2234250055167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:07.962810993 CET2234250056167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:07.962923050 CET5005622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:07.963716984 CET5005622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:08.083416939 CET2234250056167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:08.083492994 CET5005622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:08.203130007 CET2234250056167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:09.028553963 CET2234250056167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:09.028677940 CET5005622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:09.062933922 CET5005622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:09.063316107 CET5005722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:09.261548042 CET2234250056167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:09.261600971 CET2234250057167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:09.261749983 CET5005722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:09.262684107 CET5005722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:09.384536028 CET2234250057167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:09.384654999 CET5005722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:09.504390001 CET2234250057167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:10.328217983 CET2234250057167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:10.328285933 CET5005722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:10.359973907 CET5005722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:10.362358093 CET5005822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:10.479680061 CET2234250057167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:10.481987000 CET2234250058167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:10.482086897 CET5005822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:10.482980013 CET5005822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:10.602565050 CET2234250058167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:10.602766037 CET5005822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:10.722465992 CET2234250058167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:11.549957991 CET2234250058167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:11.550219059 CET5005822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:11.580199003 CET5005822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:11.580586910 CET5005922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:11.699743032 CET2234250058167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:11.700026989 CET2234250059167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:11.700103998 CET5005922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:11.706340075 CET5005922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:11.825974941 CET2234250059167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:11.828125000 CET5005922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:11.947860956 CET2234250059167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:12.764564991 CET2234250059167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:12.764651060 CET5005922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:12.795761108 CET5005922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:12.796113014 CET5006022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:12.915416956 CET2234250059167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:12.915601015 CET2234250060167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:12.915750027 CET5006022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:12.916822910 CET5006022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:13.036281109 CET2234250060167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:13.040040016 CET5006022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:13.159585953 CET2234250060167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:13.983272076 CET2234250060167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:13.983364105 CET5006022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:14.014692068 CET5006022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:14.039658070 CET5006122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:14.134306908 CET2234250060167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:14.159231901 CET2234250061167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:14.159331083 CET5006122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:14.160162926 CET5006122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:14.279706955 CET2234250061167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:14.279803991 CET5006122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:14.399386883 CET2234250061167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:15.223442078 CET2234250061167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:15.223592997 CET5006122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:15.374366999 CET5006122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:15.374793053 CET5006222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:15.494019985 CET2234250061167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:15.494306087 CET2234250062167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:15.494381905 CET5006222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:15.498213053 CET5006222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:15.617902040 CET2234250062167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:15.617969990 CET5006222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:15.737662077 CET2234250062167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:16.562777996 CET2234250062167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:16.564068079 CET5006222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:16.592611074 CET5006222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:16.592905045 CET5006322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:16.712263107 CET2234250062167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:16.712433100 CET2234250063167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:16.712764978 CET5006322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:16.715584993 CET5006322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:16.835139036 CET2234250063167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:16.837263107 CET5006322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:16.957133055 CET2234250063167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:17.780714035 CET2234250063167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:17.780795097 CET5006322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:17.795870066 CET5006322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:17.796376944 CET5006422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:17.915492058 CET2234250063167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:17.915919065 CET2234250064167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:17.916074038 CET5006422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:17.916877985 CET5006422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:18.036520958 CET2234250064167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:18.036619902 CET5006422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:18.156294107 CET2234250064167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:18.982906103 CET2234250064167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:18.984028101 CET5006422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:18.998847961 CET5006422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:19.000766993 CET5006522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:19.118489981 CET2234250064167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:19.120383024 CET2234250065167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:19.124008894 CET5006522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:19.124610901 CET5006522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:19.244129896 CET2234250065167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:19.244266987 CET5006522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:19.363874912 CET2234250065167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:20.186839104 CET2234250065167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:20.186912060 CET5006522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.202523947 CET5006522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.204206944 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.322135925 CET2234250065167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:20.323787928 CET2234250066167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:20.323858976 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.327950001 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.447652102 CET2234250066167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:20.447776079 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.567421913 CET2234250066167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:20.567493916 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:20.687127113 CET2234250066167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:21.388793945 CET2234250066167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:21.392023087 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:21.405085087 CET5006622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:21.405359030 CET5006722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:21.524657965 CET2234250066167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:21.524976015 CET2234250067167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:21.525118113 CET5006722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:21.525677919 CET5006722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:21.645272017 CET2234250067167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:21.645363092 CET5006722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:21.765176058 CET2234250067167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:22.593254089 CET2234250067167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:22.593396902 CET5006722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:22.642764091 CET5006722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:22.643177986 CET5006822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:22.762563944 CET2234250067167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:22.762712955 CET2234250068167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:22.762864113 CET5006822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:22.769407034 CET5006822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:22.889097929 CET2234250068167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:22.889349937 CET5006822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:23.009185076 CET2234250068167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:23.835278988 CET2234250068167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:23.835438967 CET5006822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:23.858442068 CET5006822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:23.858706951 CET5006922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:23.978169918 CET2234250068167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:23.978295088 CET2234250069167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:23.978367090 CET5006922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:23.979394913 CET5006922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:24.172465086 CET2234250069167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:24.172521114 CET5006922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:24.294640064 CET2234250069167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:25.117381096 CET2234250069167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:25.120093107 CET5006922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:25.139576912 CET5006922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:25.139831066 CET5007022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:25.259129047 CET2234250069167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:25.259344101 CET2234250070167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:25.259612083 CET5007022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:25.260034084 CET5007022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:25.379621983 CET2234250070167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:25.379920006 CET5007022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:25.499639988 CET2234250070167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:26.327482939 CET2234250070167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:26.327625036 CET5007022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:26.342953920 CET5007022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:26.346859932 CET5007122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:26.462532043 CET2234250070167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:26.466454983 CET2234250071167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:26.466686964 CET5007122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:26.467431068 CET5007122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:26.586913109 CET2234250071167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:26.586973906 CET5007122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:26.709131956 CET2234250071167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:27.531819105 CET2234250071167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:27.531946898 CET5007122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:27.545718908 CET5007122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:27.546051025 CET5007222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:27.665426970 CET2234250071167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:27.665640116 CET2234250072167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:27.665790081 CET5007222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:27.666433096 CET5007222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:27.785948038 CET2234250072167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:27.786191940 CET5007222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:27.906671047 CET2234250072167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:28.731231928 CET2234250072167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:28.731465101 CET5007222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:28.748867989 CET5007222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:28.749185085 CET5007322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:28.869826078 CET2234250072167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:28.869877100 CET2234250073167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:28.870085955 CET5007322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:28.870497942 CET5007322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:28.991893053 CET2234250073167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:28.991986036 CET5007322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:29.111886978 CET2234250073167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:29.937962055 CET2234250073167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:29.938150883 CET5007322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:29.951961040 CET5007322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:29.952275991 CET5007422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:30.072463036 CET2234250073167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:30.072501898 CET2234250074167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:30.072622061 CET5007422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:30.073173046 CET5007422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:30.192754984 CET2234250074167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:30.192992926 CET5007422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:30.312665939 CET2234250074167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:31.136800051 CET2234250074167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:31.136874914 CET5007422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:31.155085087 CET5007422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:31.155410051 CET5007522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:31.274688005 CET2234250074167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:31.275029898 CET2234250075167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:31.275106907 CET5007522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:31.275705099 CET5007522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:31.395246983 CET2234250075167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:31.395328045 CET5007522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:31.515043974 CET2234250075167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:32.346652031 CET2234250075167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:32.346760988 CET5007522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:32.358357906 CET5007522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:32.358793974 CET5007622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:32.478012085 CET2234250075167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:32.478394032 CET2234250076167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:32.478540897 CET5007622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:32.479053974 CET5007622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:32.599924088 CET2234250076167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:32.600071907 CET5007622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:32.719701052 CET2234250076167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:33.542802095 CET2234250076167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:33.542865038 CET5007622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:33.561359882 CET5007622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:33.561634064 CET5007722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:33.681072950 CET2234250076167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:33.681220055 CET2234250077167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:33.681299925 CET5007722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:33.681804895 CET5007722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:33.801331043 CET2234250077167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:33.801481009 CET5007722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:33.921083927 CET2234250077167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:34.748887062 CET2234250077167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:34.750044107 CET5007722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:34.764467955 CET5007722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:34.764831066 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:34.884047031 CET2234250077167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:34.884371996 CET2234250078167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:34.884455919 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:34.885339975 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:35.004843950 CET2234250078167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:35.006031990 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:35.358202934 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:35.367522001 CET2234250078167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:35.483576059 CET2234250078167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:35.955367088 CET2234250078167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:35.955502033 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:35.967876911 CET5007822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:35.967880964 CET5007922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:36.087544918 CET2234250078167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:36.087603092 CET2234250079167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:36.087676048 CET5007922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:36.088414907 CET5007922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:36.208044052 CET2234250079167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:36.208158970 CET5007922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:36.328075886 CET2234250079167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:37.155668020 CET2234250079167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:37.155783892 CET5007922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:37.170721054 CET5007922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:37.170991898 CET5008022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:37.313994884 CET2234250079167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:37.314023018 CET2234250080167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:37.314100981 CET5008022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:37.314723015 CET5008022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:37.437596083 CET2234250080167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:37.437720060 CET5008022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:37.557647943 CET2234250080167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:38.428632021 CET2234250080167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:38.428709984 CET5008022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:38.436316013 CET5008022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:38.436865091 CET5008122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:38.555880070 CET2234250080167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:38.556471109 CET2234250081167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:38.556587934 CET5008122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:38.559295893 CET5008122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:38.679003000 CET2234250081167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:38.679136992 CET5008122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:38.799030066 CET2234250081167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:39.624435902 CET2234250081167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:39.624526978 CET5008122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:39.639427900 CET5008122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:39.641593933 CET5008222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:39.759198904 CET2234250081167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:39.761265039 CET2234250082167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:39.761396885 CET5008222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:39.762034893 CET5008222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:39.881551981 CET2234250082167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:39.881680965 CET5008222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:40.001351118 CET2234250082167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:40.825606108 CET2234250082167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:40.825675964 CET5008222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:40.843744993 CET5008222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:40.844074011 CET5008322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:40.964390993 CET2234250082167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:40.964432001 CET2234250083167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:40.964550018 CET5008322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:40.965122938 CET5008322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:41.085038900 CET2234250083167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:41.085115910 CET5008322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:41.205853939 CET2234250083167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:42.032124996 CET2234250083167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:42.032248020 CET5008322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:42.045722008 CET5008322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:42.046055079 CET5008422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:42.166055918 CET2234250083167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:42.166249037 CET2234250084167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:42.166321993 CET5008422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:42.167155027 CET5008422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:42.286703110 CET2234250084167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:42.287986040 CET5008422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:42.407618999 CET2234250084167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:43.233848095 CET2234250084167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:43.236021042 CET5008422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:43.248895884 CET5008422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:43.249108076 CET5008522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:43.368508101 CET2234250084167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:43.368649960 CET2234250085167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:43.368846893 CET5008522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:43.369375944 CET5008522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:43.488909006 CET2234250085167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:43.489011049 CET5008522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:43.608628988 CET2234250085167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:44.432182074 CET2234250085167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:44.432377100 CET5008522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:44.436302900 CET5008522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:44.436610937 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:44.556035042 CET2234250085167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:44.556123972 CET2234250086167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:44.556215048 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:44.556777954 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:44.676320076 CET2234250086167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:44.676377058 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:44.796125889 CET2234250086167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:45.125637054 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:45.245551109 CET2234250086167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:45.644686937 CET2234250086167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:45.644784927 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:45.655046940 CET5008622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:45.655345917 CET5008722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:45.774607897 CET2234250086167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:45.774920940 CET2234250087167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:45.774993896 CET5008722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:45.775907040 CET5008722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:45.895417929 CET2234250087167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:45.895493984 CET5008722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:46.015161991 CET2234250087167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:46.848474026 CET2234250087167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:46.852081060 CET5008722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:46.858207941 CET5008722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:46.858604908 CET5008822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:46.977802038 CET2234250087167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:46.978116035 CET2234250088167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:46.978238106 CET5008822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:46.978825092 CET5008822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:47.098383904 CET2234250088167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:47.099997044 CET5008822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:47.219600916 CET2234250088167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:48.045624018 CET2234250088167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:48.045728922 CET5008822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:48.061297894 CET5008822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:48.061599016 CET5008922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:48.181031942 CET2234250088167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:48.181185007 CET2234250089167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:48.181271076 CET5008922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:48.183546066 CET5008922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:48.303886890 CET2234250089167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:48.304044008 CET5008922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:48.424058914 CET2234250089167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:49.249043941 CET2234250089167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:49.249135017 CET5008922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:49.264400959 CET5008922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:49.267911911 CET5009022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:49.462009907 CET2234250089167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:49.462060928 CET2234250090167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:49.462160110 CET5009022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:49.462883949 CET5009022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:49.583386898 CET2234250090167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:49.583487988 CET5009022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:49.703089952 CET2234250090167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:50.529417038 CET2234250090167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:50.529489994 CET5009022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:50.546138048 CET5009022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:50.547525883 CET5009122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:50.665715933 CET2234250090167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:50.667109966 CET2234250091167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:50.667205095 CET5009122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:50.670000076 CET5009122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:50.789602995 CET2234250091167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:50.789678097 CET5009122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:50.909362078 CET2234250091167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:51.731445074 CET2234250091167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:51.731564999 CET5009122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:51.757628918 CET5009122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:51.757982969 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:51.877285957 CET2234250091167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:51.877490997 CET2234250092167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:51.877623081 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:51.878338099 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:51.997806072 CET2234250092167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:51.999994040 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:52.119519949 CET2234250092167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:52.359879971 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:52.479522943 CET2234250092167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:52.942560911 CET2234250092167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:52.942679882 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:52.952019930 CET5009222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:52.952368975 CET5009322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:53.071482897 CET2234250092167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:53.071825981 CET2234250093167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:53.071916103 CET5009322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:53.072427034 CET5009322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:53.191888094 CET2234250093167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:53.191939116 CET5009322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:53.311523914 CET2234250093167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:54.135561943 CET2234250093167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:54.135907888 CET5009322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:54.139666080 CET5009322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:54.165019989 CET5009422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:54.259253025 CET2234250093167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:54.284679890 CET2234250094167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:54.284765005 CET5009422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:54.285285950 CET5009422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:54.404870987 CET2234250094167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:54.404987097 CET5009422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:54.524544001 CET2234250094167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:55.353247881 CET2234250094167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:55.356036901 CET5009422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:55.358139038 CET5009422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:55.358463049 CET5009522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:55.477803946 CET2234250094167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:55.478017092 CET2234250095167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:55.478087902 CET5009522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:55.478699923 CET5009522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:55.598201036 CET2234250095167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:55.599982023 CET5009522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:55.719579935 CET2234250095167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:56.541286945 CET2234250095167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:56.541378021 CET5009522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:56.545701981 CET5009522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:56.546148062 CET5009622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:56.665239096 CET2234250095167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:56.665704966 CET2234250096167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:56.665807962 CET5009622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:56.666629076 CET5009622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:56.786171913 CET2234250096167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:56.786250114 CET5009622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:56.908670902 CET2234250096167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:57.729933977 CET2234250096167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:57.730073929 CET5009622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:57.733144045 CET5009622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:57.733424902 CET5009722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:57.852756023 CET2234250096167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:57.852948904 CET2234250097167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:57.853030920 CET5009722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:57.853579998 CET5009722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:57.974159956 CET2234250097167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:57.974220037 CET5009722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:58.093936920 CET2234250097167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:58.918433905 CET2234250097167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:58.918633938 CET5009722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:58.920650959 CET5009722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:58.920959949 CET5009822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:59.040117025 CET2234250097167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:59.040497065 CET2234250098167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:59.040608883 CET5009822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:59.041214943 CET5009822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:59.160763025 CET2234250098167.71.56.116192.168.2.5
                                Dec 24, 2024 03:45:59.160866022 CET5009822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:45:59.280479908 CET2234250098167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:00.107825041 CET2234250098167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:00.107970953 CET5009822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:00.123852015 CET5009822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:00.124043941 CET5009922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:00.244044065 CET2234250098167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:00.244098902 CET2234250099167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:00.244235039 CET5009922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:00.251801968 CET5009922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:00.371536016 CET2234250099167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:00.371773958 CET5009922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:00.491539001 CET2234250099167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:01.307868004 CET2234250099167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:01.307982922 CET5009922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:01.311336040 CET5009922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:01.311676025 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:01.432131052 CET2234250099167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:01.432408094 CET2234250100167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:01.432472944 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:01.433418036 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:01.554270983 CET2234250100167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:01.554399014 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:01.674227953 CET2234250100167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:02.176703930 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.364957094 CET2234250100167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:02.499583006 CET2234250100167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:02.499982119 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.514422894 CET5010022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.514698029 CET5010122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.637821913 CET2234250100167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:02.637864113 CET2234250101167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:02.637958050 CET5010122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.638499022 CET5010122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.758971930 CET2234250101167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:02.759057999 CET5010122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:02.879395008 CET2234250101167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:03.707940102 CET2234250101167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:03.708009005 CET5010122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:03.717900038 CET5010122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:03.718190908 CET5010222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:03.837451935 CET2234250101167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:03.837676048 CET2234250102167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:03.837770939 CET5010222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:03.838310003 CET5010222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:03.957900047 CET2234250102167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:03.958004951 CET5010222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:04.077631950 CET2234250102167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:04.902367115 CET2234250102167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:04.906099081 CET5010222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:04.920630932 CET5010222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:04.920993090 CET5010322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:05.040158033 CET2234250102167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:05.040519953 CET2234250103167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:05.040657043 CET5010322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:05.041529894 CET5010322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:05.161096096 CET2234250103167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:05.162060976 CET5010322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:05.281707048 CET2234250103167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:06.106869936 CET2234250103167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:06.106941938 CET5010322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:06.123796940 CET5010322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:06.124386072 CET5010422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:06.243371964 CET2234250103167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:06.243889093 CET2234250104167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:06.243988991 CET5010422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:06.244539976 CET5010422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:06.365154982 CET2234250104167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:06.366180897 CET5010422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:06.486392975 CET2234250104167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:07.312721014 CET2234250104167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:07.314114094 CET5010422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:07.326977968 CET5010422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:07.327167988 CET5010522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:07.446603060 CET2234250104167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:07.446657896 CET2234250105167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:07.446744919 CET5010522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:07.447304964 CET5010522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:07.566911936 CET2234250105167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:07.568262100 CET5010522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:07.687926054 CET2234250105167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:08.515688896 CET2234250105167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:08.515805960 CET5010522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:08.530051947 CET5010522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:08.530464888 CET5010622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:08.649682045 CET2234250105167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:08.650001049 CET2234250106167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:08.650080919 CET5010622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:08.650804996 CET5010622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:08.770337105 CET2234250106167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:08.770462990 CET5010622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:08.890114069 CET2234250106167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:09.755903959 CET2234250106167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:09.756027937 CET5010622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:09.764414072 CET5010622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:09.764728069 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:09.885561943 CET2234250106167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:09.885656118 CET2234250107167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:09.885795116 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:09.886639118 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:10.007683992 CET2234250107167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:10.008033037 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:10.129405975 CET2234250107167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:10.523202896 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:10.643198013 CET2234250107167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:10.954551935 CET2234250107167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:10.954646111 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:10.967535973 CET5010722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:10.967947960 CET5010822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:11.087187052 CET2234250107167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:11.087488890 CET2234250108167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:11.087567091 CET5010822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:11.088603020 CET5010822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:11.208139896 CET2234250108167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:11.208288908 CET5010822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:11.328018904 CET2234250108167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:12.152261972 CET2234250108167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:12.154129028 CET5010822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:12.170708895 CET5010822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:12.171086073 CET5010922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:12.290332079 CET2234250108167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:12.290633917 CET2234250109167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:12.290806055 CET5010922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:12.291593075 CET5010922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:12.411149025 CET2234250109167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:12.411222935 CET5010922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:12.530920029 CET2234250109167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:13.357316971 CET2234250109167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:13.357430935 CET5010922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:13.373821974 CET5010922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:13.377624989 CET5011022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:13.493406057 CET2234250109167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:13.497208118 CET2234250110167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:13.497345924 CET5011022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:13.513077974 CET5011022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:13.632855892 CET2234250110167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:13.632968903 CET5011022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:13.752651930 CET2234250110167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:14.565586090 CET2234250110167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:14.568028927 CET5011022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:14.570333958 CET5011022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:14.570899963 CET5011122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:14.690097094 CET2234250110167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:14.690432072 CET2234250111167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:14.690515041 CET5011122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:14.691427946 CET5011122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:14.811042070 CET2234250111167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:14.811105013 CET5011122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:14.931128979 CET2234250111167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:15.754221916 CET2234250111167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:15.755980968 CET5011122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:15.756320953 CET5011122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:15.758826971 CET5011222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:15.875998974 CET2234250111167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:15.878457069 CET2234250112167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:15.878608942 CET5011222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:15.879354000 CET5011222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:15.998982906 CET2234250112167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:15.999953985 CET5011222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:16.119785070 CET2234250112167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:16.946835041 CET2234250112167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:16.947002888 CET5011222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:16.949232101 CET5011222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:16.949600935 CET5011322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:17.068979979 CET2234250112167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:17.069127083 CET2234250113167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:17.069261074 CET5011322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:17.070069075 CET5011322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:17.189757109 CET2234250113167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:17.189934969 CET5011322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:17.309830904 CET2234250113167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:18.139039993 CET2234250113167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:18.139148951 CET5011322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.139276981 CET5011322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.142887115 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.259093046 CET2234250113167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:18.262478113 CET2234250114167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:18.262598991 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.266432047 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.386171103 CET2234250114167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:18.386286974 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.506056070 CET2234250114167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:18.506143093 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:18.625694036 CET2234250114167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:19.326628923 CET2234250114167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:19.326778889 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:19.326927900 CET5011422342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:19.327274084 CET5011522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:19.446568966 CET2234250114167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:19.446857929 CET2234250115167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:19.447021008 CET5011522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:19.447943926 CET5011522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:19.567507029 CET2234250115167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:19.572040081 CET5011522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:19.691673994 CET2234250115167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:20.511085033 CET2234250115167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:20.511172056 CET5011522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:20.512021065 CET5011522342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:20.516750097 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:20.631587982 CET2234250115167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:20.636368990 CET2234250116167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:20.636557102 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:20.637358904 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:20.756866932 CET2234250116167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:20.757045031 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:20.877578020 CET2234250116167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:21.163214922 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:21.282834053 CET2234250116167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:21.705096960 CET2234250116167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:21.706315994 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:21.706515074 CET5011622342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:21.706892967 CET5011722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:21.826015949 CET2234250116167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:21.826407909 CET2234250117167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:21.826488018 CET5011722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:21.827327013 CET5011722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:21.946840048 CET2234250117167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:21.950720072 CET5011722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:22.070409060 CET2234250117167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:22.891395092 CET2234250117167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:22.891540051 CET5011722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:22.892093897 CET5011722342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:22.892400980 CET5011822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:23.011573076 CET2234250117167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:23.011928082 CET2234250118167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:23.012012959 CET5011822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:23.012599945 CET5011822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:23.132134914 CET2234250118167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:23.132344961 CET5011822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:23.251975060 CET2234250118167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:24.084656954 CET2234250118167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:24.084759951 CET5011822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:24.086561918 CET5011822342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:24.087002993 CET5011922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:24.206176996 CET2234250118167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:24.206587076 CET2234250119167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:24.206810951 CET5011922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:24.207496881 CET5011922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:24.327179909 CET2234250119167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:24.327279091 CET5011922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:24.447052002 CET2234250119167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:25.276141882 CET2234250119167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:25.276281118 CET5011922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:25.276921988 CET5011922342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:25.280098915 CET5012022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:25.398339987 CET2234250119167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:25.401637077 CET2234250120167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:25.401735067 CET5012022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:25.402622938 CET5012022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:25.522100925 CET2234250120167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:25.522195101 CET5012022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:25.641849995 CET2234250120167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:26.493707895 CET2234250120167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:26.495969057 CET5012022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:26.498759031 CET5012022342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:26.499186039 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:26.618320942 CET2234250120167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:26.618710041 CET2234250121167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:26.618879080 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:26.619599104 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:26.739218950 CET2234250121167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:26.742254019 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:26.861965895 CET2234250121167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:27.442554951 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:27.562171936 CET2234250121167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:27.685966015 CET2234250121167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:27.686242104 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:27.686511040 CET5012122342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:27.686912060 CET5012222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:27.806207895 CET2234250121167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:27.806410074 CET2234250122167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:27.806610107 CET5012222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:27.807152987 CET5012222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:27.926763058 CET2234250122167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:27.926902056 CET5012222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:28.047100067 CET2234250122167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:28.870069027 CET2234250122167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:28.871985912 CET5012222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:28.873403072 CET5012222342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:28.873765945 CET5012322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:28.993019104 CET2234250122167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:28.993305922 CET2234250123167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:28.993424892 CET5012322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:28.994041920 CET5012322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:29.113656998 CET2234250123167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:29.113749027 CET5012322342192.168.2.5167.71.56.116
                                Dec 24, 2024 03:46:29.311219931 CET2234250123167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:30.061492920 CET2234250123167.71.56.116192.168.2.5
                                Dec 24, 2024 03:46:30.061943054 CET5012322342192.168.2.5167.71.56.116

                                Click to jump to process

                                Click to jump to process

                                Click to dive into process behavior distribution

                                Click to jump to process

                                Target ID:0
                                Start time:21:42:22
                                Start date:23/12/2024
                                Path:C:\Users\user\Desktop\a1K847qsM0.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\a1K847qsM0.exe"
                                Imagebase:0xd20000
                                File size:95'232 bytes
                                MD5 hash:55E2016FCB659BDF0F46A24EF2876609
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000002.2090087518.0000000004458000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                                • Rule: Njrat, Description: detect njRAT in memory, Source: 00000000.00000000.2063530458.0000000000D22000.00000002.00000001.01000000.00000003.sdmp, Author: JPCERT/CC Incident Response Group
                                Reputation:low
                                Has exited:true

                                Target ID:2
                                Start time:21:42:23
                                Start date:23/12/2024
                                Path:C:\Users\user\AppData\Local\Temp\server.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Local\Temp\server.exe"
                                Imagebase:0xf0000
                                File size:95'232 bytes
                                MD5 hash:55E2016FCB659BDF0F46A24EF2876609
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000002.00000002.4534386921.00000000026E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\server.exe, Author: ditekSHen
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 87%, ReversingLabs
                                Reputation:low
                                Has exited:false

                                Target ID:3
                                Start time:21:42:26
                                Start date:23/12/2024
                                Path:C:\Windows\SysWOW64\netsh.exe
                                Wow64 process (32bit):true
                                Commandline:netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
                                Imagebase:0x1080000
                                File size:82'432 bytes
                                MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:4
                                Start time:21:42:26
                                Start date:23/12/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:5
                                Start time:21:42:28
                                Start date:23/12/2024
                                Path:C:\Windows\SysWOW64\netsh.exe
                                Wow64 process (32bit):true
                                Commandline:netsh firewall delete allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe"
                                Imagebase:0x1080000
                                File size:82'432 bytes
                                MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:6
                                Start time:21:42:28
                                Start date:23/12/2024
                                Path:C:\Windows\SysWOW64\netsh.exe
                                Wow64 process (32bit):true
                                Commandline:netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\server.exe" "server.exe" ENABLE
                                Imagebase:0x1080000
                                File size:82'432 bytes
                                MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:7
                                Start time:21:42:28
                                Start date:23/12/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:8
                                Start time:21:42:28
                                Start date:23/12/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6d64d0000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Target ID:10
                                Start time:21:42:41
                                Start date:23/12/2024
                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe"
                                Imagebase:0x9c0000
                                File size:95'232 bytes
                                MD5 hash:55E2016FCB659BDF0F46A24EF2876609
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe, Author: ditekSHen
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 87%, ReversingLabs
                                Reputation:low
                                Has exited:true

                                Target ID:13
                                Start time:21:42:42
                                Start date:23/12/2024
                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\24983f03fb74576bbc5af6aa1085b23dWindows Update.exe"
                                Imagebase:0xc70000
                                File size:95'232 bytes
                                MD5 hash:55E2016FCB659BDF0F46A24EF2876609
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                Target ID:14
                                Start time:21:42:50
                                Start date:23/12/2024
                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Explower.exe"
                                Imagebase:0xd20000
                                File size:95'232 bytes
                                MD5 hash:55E2016FCB659BDF0F46A24EF2876609
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Antivirus matches:
                                • Detection: 87%, ReversingLabs
                                Reputation:low
                                Has exited:true

                                Target ID:15
                                Start time:21:42:58
                                Start date:23/12/2024
                                Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe"
                                Imagebase:0xed0000
                                File size:95'232 bytes
                                MD5 hash:55E2016FCB659BDF0F46A24EF2876609
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Joe Security
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: unknown
                                • Rule: CN_disclosed_20180208_c, Description: Detects malware from disclosed CN malware set, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Florian Roth
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: crimeware_njrat_strings, Description: Detects njRAT based on some strings, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: Sekoia.io
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: Njrat, Description: detect njRAT in memory, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: JPCERT/CC Incident Response Group
                                • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Corporation.exe, Author: ditekSHen
                                Antivirus matches:
                                • Detection: 100%, Avira
                                • Detection: 100%, Joe Sandbox ML
                                • Detection: 87%, ReversingLabs
                                Reputation:low
                                Has exited:true

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:2.5%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:0%
                                  Total number of Nodes:58
                                  Total number of Limit Nodes:4
                                  execution_graph 14279 13fa9bf 14280 13fa9c9 SetErrorMode 14279->14280 14282 13faa53 14280->14282 14208 13fa65e 14209 13fa68a OleInitialize 14208->14209 14211 13fa6c0 14208->14211 14210 13fa698 14209->14210 14211->14209 14212 13fabbe 14213 13fabea CloseHandle 14212->14213 14214 13fac29 14212->14214 14215 13fabf8 14213->14215 14214->14213 14259 13fa61e 14261 13fa65e OleInitialize 14259->14261 14262 13fa698 14261->14262 14263 13fab7c 14265 13fabbe CloseHandle 14263->14265 14266 13fabf8 14265->14266 14216 13fa59a 14217 13fa5d8 DuplicateHandle 14216->14217 14218 13fa610 14216->14218 14219 13fa5e6 14217->14219 14218->14217 14247 13fac37 14248 13fac6a GetFileType 14247->14248 14250 13faccc 14248->14250 14267 13fae77 14268 13faeae WriteFile 14267->14268 14270 13faf15 14268->14270 14251 13fb036 14253 13fb06a CreateMutexW 14251->14253 14254 13fb0e5 14253->14254 14271 13faa75 14272 13faaa6 CreateFileW 14271->14272 14274 13fab2d 14272->14274 14275 13fa573 14276 13fa59a DuplicateHandle 14275->14276 14278 13fa5e6 14276->14278 14220 13faa12 14221 13faa3e SetErrorMode 14220->14221 14222 13faa67 14220->14222 14223 13faa53 14221->14223 14222->14221 14227 13faeae 14228 13faee3 WriteFile 14227->14228 14230 13faf15 14228->14230 14283 13fa6ce 14284 13fa72e OleGetClipboard 14283->14284 14286 13fa78c 14284->14286 14235 13fb06a 14236 13fb0a2 CreateMutexW 14235->14236 14238 13fb0e5 14236->14238 14239 13fb446 14240 13fb46c ShellExecuteExW 14239->14240 14242 13fb488 14240->14242 14243 13faaa6 14244 13faade CreateFileW 14243->14244 14246 13fab2d 14244->14246 14255 13fb424 14258 13fb446 ShellExecuteExW 14255->14258 14257 13fb488 14258->14257

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 18e4298-18e42c9 3 18e42cf-18e4350 0->3 4 18e4352-18e435a 0->4 3->4 32 18e435c 3->32 5 18e4366-18e437a 4->5 6 18e452f-18e467d 5->6 7 18e4380-18e43bc 5->7 44 18e480d-18e4821 6->44 45 18e4683-18e47d2 6->45 19 18e43be-18e43e6 7->19 20 18e43ed-18e44ea 7->20 19->20 142 18e44ef 20->142 32->5 47 18e496f-18e4983 44->47 48 18e4827-18e4934 44->48 45->44 50 18e49d6-18e49ea 47->50 51 18e4985-18e499b call 18e4210 47->51 48->47 55 18e49ec-18e49f7 50->55 56 18e4a32-18e4a46 50->56 51->50 55->56 57 18e4a4c-18e4b59 56->57 58 18e4b94-18e4ba8 56->58 57->58 63 18e4bae-18e4bc2 58->63 64 18e4cd4-18e4ce8 58->64 71 18e4bc4-18e4bcb 63->71 72 18e4bd0-18e4be4 63->72 69 18e4cee-18e4f2d 64->69 70 18e4f74-18e4f88 64->70 69->70 77 18e4f8a-18e4f9b 70->77 78 18e4fe2-18e4ff6 70->78 79 18e4c48-18e4c5c 71->79 74 18e4bef-18e4c03 72->74 75 18e4be6-18e4bed 72->75 87 18e4c0e-18e4c22 74->87 88 18e4c05-18e4c0c 74->88 75->79 77->78 83 18e4ff8-18e4ffe 78->83 84 18e5045-18e5059 78->84 80 18e4c5e-18e4c74 79->80 81 18e4c76-18e4c82 79->81 90 18e4c8d 80->90 81->90 83->84 91 18e505b 84->91 92 18e50a2-18e50b6 84->92 94 18e4c2d-18e4c41 87->94 95 18e4c24-18e4c2b 87->95 88->79 90->64 91->92 102 18e512d-18e5141 92->102 103 18e50b8-18e50e1 92->103 94->79 105 18e4c43-18e4c45 94->105 95->79 107 18e5147-18e5363 102->107 108 18e53b4-18e53c8 102->108 103->102 105->79 487 18e5367 107->487 488 18e5365 107->488 111 18e549e-18e54b2 108->111 112 18e53ce-18e5457 108->112 120 18e566f-18e5683 111->120 121 18e54b8-18e5628 111->121 112->111 122 18e5689-18e579f 120->122 123 18e57e6-18e57fa 120->123 121->120 122->123 133 18e595d-18e5971 123->133 134 18e5800-18e5916 123->134 138 18e5977-18e5a8d 133->138 139 18e5ad4-18e5ae8 133->139 134->133 138->139 147 18e5aee-18e5c04 139->147 148 18e5c4b-18e5c5f 139->148 142->6 147->148 151 18e5c65-18e5d7b 148->151 152 18e5dc2-18e5dd6 148->152 151->152 158 18e5ddc-18e5ef2 152->158 159 18e5f39-18e5f4d 152->159 158->159 166 18e5f53-18e6069 159->166 167 18e60b0-18e60c4 159->167 166->167 180 18e60ca-18e61e0 167->180 181 18e6227-18e623b 167->181 180->181 189 18e639e-18e63b2 181->189 190 18e6241-18e6357 181->190 199 18e63b8-18e63fd call 18e4278 189->199 200 18e6536-18e654a 189->200 190->189 321 18e64bd-18e64df 199->321 204 18e668d-18e66a1 200->204 205 18e6550-18e656f 200->205 217 18e67ee-18e6802 204->217 218 18e66a7-18e67a7 204->218 238 18e6614-18e6636 205->238 224 18e694f-18e6963 217->224 225 18e6808-18e6908 217->225 218->217 243 18e6969-18e6a69 224->243 244 18e6ab0-18e6ada 224->244 225->224 252 18e663c 238->252 253 18e6574-18e6583 238->253 243->244 263 18e6b9a-18e6bae 244->263 264 18e6ae0-18e6b53 244->264 252->204 268 18e663e 253->268 269 18e6589-18e65bc 253->269 279 18e6c8b-18e6c9f 263->279 280 18e6bb4-18e6c44 263->280 264->263 288 18e6643-18e668b 268->288 348 18e65be-18e65f8 269->348 349 18e6603-18e660c 269->349 285 18e6de5-18e6df9 279->285 286 18e6ca5-18e6d9e 279->286 280->279 298 18e6dff-18e6e4f 285->298 299 18e705c-18e7070 285->299 286->285 288->204 410 18e6ebd-18e6ee8 298->410 411 18e6e51-18e6e77 298->411 307 18e7158-18e715f 299->307 308 18e7076-18e7111 call 18e4278 * 2 299->308 308->307 334 18e64e5 321->334 335 18e6402-18e6411 321->335 334->200 358 18e64e7 335->358 359 18e6417-18e64b5 335->359 348->349 349->288 361 18e660e 349->361 381 18e64ec-18e6534 358->381 359->381 489 18e64b7 359->489 361->238 381->200 493 18e6eee-18e6fc1 410->493 494 18e6fc6-18e7057 410->494 490 18e6eb8 411->490 491 18e6e79-18e6e99 411->491 497 18e536d 487->497 488->497 489->321 490->299 491->490 493->299 494->299 497->108
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 90d965ee7b5fb50a6b1766fc8ab278809be6dd5706e0db9fcdc3a483820e1950
                                  • Instruction ID: 1a89b326751c7377224fcf809f5078147a8f3b9ebe2f743308e6faf7ea91642d
                                  • Opcode Fuzzy Hash: 90d965ee7b5fb50a6b1766fc8ab278809be6dd5706e0db9fcdc3a483820e1950
                                  • Instruction Fuzzy Hash: 7F233A74A01228CFEB25DF74D954BA9B7B6FB49308F1041E9D509AB3A1DB399E81CF40

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 556 18e4269-18e4288 557 18e428a-18e42af 556->557 558 18e42b1-18e42c9 556->558 557->558 562 18e42cf-18e4350 558->562 563 18e4352-18e435a 558->563 562->563 591 18e435c 562->591 564 18e4366-18e437a 563->564 565 18e452f-18e467d 564->565 566 18e4380-18e43bc 564->566 603 18e480d-18e4821 565->603 604 18e4683-18e47d2 565->604 578 18e43be-18e43e6 566->578 579 18e43ed-18e44ea 566->579 578->579 701 18e44ef 579->701 591->564 606 18e496f-18e4983 603->606 607 18e4827-18e4934 603->607 604->603 609 18e49d6-18e49ea 606->609 610 18e4985-18e499b call 18e4210 606->610 607->606 614 18e49ec-18e49f7 609->614 615 18e4a32-18e4a46 609->615 610->609 614->615 616 18e4a4c-18e4b59 615->616 617 18e4b94-18e4ba8 615->617 616->617 622 18e4bae-18e4bc2 617->622 623 18e4cd4-18e4ce8 617->623 630 18e4bc4-18e4bcb 622->630 631 18e4bd0-18e4be4 622->631 628 18e4cee-18e4f2d 623->628 629 18e4f74-18e4f88 623->629 628->629 636 18e4f8a-18e4f9b 629->636 637 18e4fe2-18e4ff6 629->637 638 18e4c48-18e4c5c 630->638 633 18e4bef-18e4c03 631->633 634 18e4be6-18e4bed 631->634 646 18e4c0e-18e4c22 633->646 647 18e4c05-18e4c0c 633->647 634->638 636->637 642 18e4ff8-18e4ffe 637->642 643 18e5045-18e5059 637->643 639 18e4c5e-18e4c74 638->639 640 18e4c76-18e4c82 638->640 649 18e4c8d 639->649 640->649 642->643 650 18e505b 643->650 651 18e50a2-18e50b6 643->651 653 18e4c2d-18e4c41 646->653 654 18e4c24-18e4c2b 646->654 647->638 649->623 650->651 661 18e512d-18e5141 651->661 662 18e50b8-18e50e1 651->662 653->638 664 18e4c43-18e4c45 653->664 654->638 666 18e5147-18e5363 661->666 667 18e53b4-18e53c8 661->667 662->661 664->638 1046 18e5367 666->1046 1047 18e5365 666->1047 670 18e549e-18e54b2 667->670 671 18e53ce-18e5457 667->671 679 18e566f-18e5683 670->679 680 18e54b8-18e5628 670->680 671->670 681 18e5689-18e579f 679->681 682 18e57e6-18e57fa 679->682 680->679 681->682 692 18e595d-18e5971 682->692 693 18e5800-18e5916 682->693 697 18e5977-18e5a8d 692->697 698 18e5ad4-18e5ae8 692->698 693->692 697->698 706 18e5aee-18e5c04 698->706 707 18e5c4b-18e5c5f 698->707 701->565 706->707 710 18e5c65-18e5d7b 707->710 711 18e5dc2-18e5dd6 707->711 710->711 717 18e5ddc-18e5ef2 711->717 718 18e5f39-18e5f4d 711->718 717->718 725 18e5f53-18e6069 718->725 726 18e60b0-18e60c4 718->726 725->726 739 18e60ca-18e61e0 726->739 740 18e6227-18e623b 726->740 739->740 748 18e639e-18e63b2 740->748 749 18e6241-18e6357 740->749 758 18e63b8-18e63fd call 18e4278 748->758 759 18e6536-18e654a 748->759 749->748 880 18e64bd-18e64df 758->880 763 18e668d-18e66a1 759->763 764 18e6550-18e656f 759->764 776 18e67ee-18e6802 763->776 777 18e66a7-18e67a7 763->777 797 18e6614-18e6636 764->797 783 18e694f-18e6963 776->783 784 18e6808-18e6908 776->784 777->776 802 18e6969-18e6a69 783->802 803 18e6ab0-18e6ada 783->803 784->783 811 18e663c 797->811 812 18e6574-18e6583 797->812 802->803 822 18e6b9a-18e6bae 803->822 823 18e6ae0-18e6b53 803->823 811->763 827 18e663e 812->827 828 18e6589-18e65bc 812->828 838 18e6c8b-18e6c9f 822->838 839 18e6bb4-18e6c44 822->839 823->822 847 18e6643-18e668b 827->847 907 18e65be-18e65f8 828->907 908 18e6603-18e660c 828->908 844 18e6de5-18e6df9 838->844 845 18e6ca5-18e6d9e 838->845 839->838 857 18e6dff-18e6e4f 844->857 858 18e705c-18e7070 844->858 845->844 847->763 969 18e6ebd-18e6ee8 857->969 970 18e6e51-18e6e77 857->970 866 18e7158-18e715f 858->866 867 18e7076-18e7111 call 18e4278 * 2 858->867 867->866 893 18e64e5 880->893 894 18e6402-18e6411 880->894 893->759 917 18e64e7 894->917 918 18e6417-18e64b5 894->918 907->908 908->847 920 18e660e 908->920 940 18e64ec-18e6534 917->940 918->940 1048 18e64b7 918->1048 920->797 940->759 1052 18e6eee-18e6fc1 969->1052 1053 18e6fc6-18e7057 969->1053 1049 18e6eb8 970->1049 1050 18e6e79-18e6e99 970->1050 1056 18e536d 1046->1056 1047->1056 1048->880 1049->858 1050->1049 1052->858 1053->858 1056->667
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: e45557faf04fd2d05225fceff2ccf87b310b247981596b39e68cff5b1becbb54
                                  • Instruction ID: 0073fece7f74bbe8390c7dde38dfa5f82e5241e0c0de42b2ec4711dc6a20f5e0
                                  • Opcode Fuzzy Hash: e45557faf04fd2d05225fceff2ccf87b310b247981596b39e68cff5b1becbb54
                                  • Instruction Fuzzy Hash: 85134E74A01228CFEB25DF74D954BA9B7B6FB49308F1041E9D509AB3A1DB399E81CF40

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1115 18e00b8-18e00cd 1137 18e00d0 call 13fa20c 1115->1137 1138 18e00d0 call 13fa23a 1115->1138 1139 18e00d0 call 1af0649 1115->1139 1140 18e00d0 call 1af0606 1115->1140 1141 18e00d0 call 1af05e0 1115->1141 1117 18e00d5-18e00f7 1120 18e010b-18e01d5 1117->1120 1121 18e00f9-18e010a 1117->1121 1142 18e01d5 call 18e39bf 1120->1142 1143 18e01d5 call 18e3b18 1120->1143 1144 18e01d5 call 1af0649 1120->1144 1145 18e01d5 call 1af0606 1120->1145 1146 18e01d5 call 18e37e1 1120->1146 1147 18e01d5 call 1af05e0 1120->1147 1136 18e01db-18e01de 1137->1117 1138->1117 1139->1117 1140->1117 1141->1117 1142->1136 1143->1136 1144->1136 1145->1136 1146->1136 1147->1136
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 5]Hk^$E]Hk^
                                  • API String ID: 0-806510779
                                  • Opcode ID: d3b9b746fe86bf1a65c75fab7310e2e7db0456d6c283a84e7f680d2a93997e60
                                  • Instruction ID: 6907811f7746220f1548364a4d29c9523380694b6375ebbb93b2d588fa74e85f
                                  • Opcode Fuzzy Hash: d3b9b746fe86bf1a65c75fab7310e2e7db0456d6c283a84e7f680d2a93997e60
                                  • Instruction Fuzzy Hash: 2831D632B043409FD715DBBA9461BAE3BA7ABC6258B1449BED105CF3A1CF798C05C791

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1148 18e0118-18e0169 1153 18e0174-18e017a 1148->1153 1154 18e0181-18e01bd 1153->1154 1159 18e01c8-18e01d5 1154->1159 1162 18e01d5 call 18e39bf 1159->1162 1163 18e01d5 call 18e3b18 1159->1163 1164 18e01d5 call 1af0649 1159->1164 1165 18e01d5 call 1af0606 1159->1165 1166 18e01d5 call 18e37e1 1159->1166 1167 18e01d5 call 1af05e0 1159->1167 1161 18e01db-18e01de 1162->1161 1163->1161 1164->1161 1165->1161 1166->1161 1167->1161
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 5]Hk^$E]Hk^
                                  • API String ID: 0-806510779
                                  • Opcode ID: 6e198aa89f681ddd5eece73a5a36b087499ea96ef7d9148b0c3fe50b43e16634
                                  • Instruction ID: 0c15754817a35d7a3ba025506fb7c72c0c6ae3ba3f9b9f0d8520de14d42590ef
                                  • Opcode Fuzzy Hash: 6e198aa89f681ddd5eece73a5a36b087499ea96ef7d9148b0c3fe50b43e16634
                                  • Instruction Fuzzy Hash: 3B1186327042418FD726D7BEA451AAE37A7ABC625871448BED005CF365CF7D8C05D7A2

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1168 13faa75-13faafe 1172 13fab03-13fab0f 1168->1172 1173 13fab00 1168->1173 1174 13fab14-13fab1d 1172->1174 1175 13fab11 1172->1175 1173->1172 1176 13fab1f-13fab43 CreateFileW 1174->1176 1177 13fab6e-13fab73 1174->1177 1175->1174 1180 13fab75-13fab7a 1176->1180 1181 13fab45-13fab6b 1176->1181 1177->1176 1180->1181
                                  APIs
                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 013FAB25
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 595e62cc78ae9f123287c92fa86282212abecf863a7b86ef74f849980915f229
                                  • Instruction ID: 5e1770964362ce902c8deeed8ab2e7ae7d398a987d07f3d9039a5845aaa263a0
                                  • Opcode Fuzzy Hash: 595e62cc78ae9f123287c92fa86282212abecf863a7b86ef74f849980915f229
                                  • Instruction Fuzzy Hash: 5C318071508344AFE722CF25CC84F56BFF8EF05214F08889EE9898B652D365E808CB61

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1184 13fb036-13fb0b9 1188 13fb0be-13fb0c7 1184->1188 1189 13fb0bb 1184->1189 1190 13fb0cc-13fb0d5 1188->1190 1191 13fb0c9 1188->1191 1189->1188 1192 13fb0d7-13fb0fb CreateMutexW 1190->1192 1193 13fb126-13fb12b 1190->1193 1191->1190 1196 13fb12d-13fb132 1192->1196 1197 13fb0fd-13fb123 1192->1197 1193->1192 1196->1197
                                  APIs
                                  • CreateMutexW.KERNELBASE(?,?), ref: 013FB0DD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: CreateMutex
                                  • String ID:
                                  • API String ID: 1964310414-0
                                  • Opcode ID: 8845815c07d86fa36b0da0aba4bc563ec7d8b561ebdf27f558aedfb477b38400
                                  • Instruction ID: 68a709bd276156c5b7377ec9dbe2a4e2447ff976a021b42656c0c0f424532c54
                                  • Opcode Fuzzy Hash: 8845815c07d86fa36b0da0aba4bc563ec7d8b561ebdf27f558aedfb477b38400
                                  • Instruction Fuzzy Hash: AF3181B55097806FE712CB25DC45B96FFF8EF06214F08849EE984CB293D365E908C762

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1200 13fa6ce-13fa72b 1201 13fa72e-13fa786 OleGetClipboard 1200->1201 1203 13fa78c-13fa7a2 1201->1203
                                  APIs
                                  • OleGetClipboard.OLE32(?,00000E24,?,?), ref: 013FA77E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: Clipboard
                                  • String ID:
                                  • API String ID: 220874293-0
                                  • Opcode ID: c05ddd6c83d22901f86e4e09e041c16d32bb6c930dae3491db00fb18ba18591f
                                  • Instruction ID: 5fe2264e079a56d89deb0f70ac6a595dad6d4f684cab0411918ffa52fc67bfb8
                                  • Opcode Fuzzy Hash: c05ddd6c83d22901f86e4e09e041c16d32bb6c930dae3491db00fb18ba18591f
                                  • Instruction Fuzzy Hash: 3E31807554D3C06FD3138B259C61B61BFB4EF47614F0A80CBE884CB6A3D229A919D772

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1204 13fae77-13faf05 1208 13faf49-13faf4e 1204->1208 1209 13faf07-13faf27 WriteFile 1204->1209 1208->1209 1212 13faf29-13faf46 1209->1212 1213 13faf50-13faf55 1209->1213 1213->1212
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000E24,CC366C44,00000000,00000000,00000000,00000000), ref: 013FAF0D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: 2158a0da60a08583f82851b4adc16bb657babf52ec418819c749aaec16d50927
                                  • Instruction ID: 92c2f6b0c08be216350e43c8ee016e9320cb77c3bad51c3359f6008ac86c0043
                                  • Opcode Fuzzy Hash: 2158a0da60a08583f82851b4adc16bb657babf52ec418819c749aaec16d50927
                                  • Instruction Fuzzy Hash: 9C21B1B2508380AFD722CB11DD44F96BFB8EF06314F08849AE9849F192D225A508CB65

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1216 13faaa6-13faafe 1219 13fab03-13fab0f 1216->1219 1220 13fab00 1216->1220 1221 13fab14-13fab1d 1219->1221 1222 13fab11 1219->1222 1220->1219 1223 13fab1f-13fab27 CreateFileW 1221->1223 1224 13fab6e-13fab73 1221->1224 1222->1221 1225 13fab2d-13fab43 1223->1225 1224->1223 1227 13fab75-13fab7a 1225->1227 1228 13fab45-13fab6b 1225->1228 1227->1228
                                  APIs
                                  • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 013FAB25
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: CreateFile
                                  • String ID:
                                  • API String ID: 823142352-0
                                  • Opcode ID: 612c188be713cb4ba5553871840b4263fee9eb8618f1cfab936c06546d791cd3
                                  • Instruction ID: 311b7a69fc541aa1b665adf1e8b96dff8df93e28b3437b2d15f9c6c2928d2ee3
                                  • Opcode Fuzzy Hash: 612c188be713cb4ba5553871840b4263fee9eb8618f1cfab936c06546d791cd3
                                  • Instruction Fuzzy Hash: BF21AE71604604AFEB21CF29CD84F66FBE8EF04214F04886EEA498B751D375E808CB71

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1231 13fa9bf-13faa3c 1236 13faa3e-13faa51 SetErrorMode 1231->1236 1237 13faa67-13faa6c 1231->1237 1238 13faa6e-13faa73 1236->1238 1239 13faa53-13faa66 1236->1239 1237->1236 1238->1239
                                  APIs
                                  • SetErrorMode.KERNELBASE(?), ref: 013FAA44
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: 5f771fab99338dec1094627715d6a7e6131a1ec6c802c5a0b83ed50041a5b49b
                                  • Instruction ID: aabc418f9f3aa22ae420bfa2b64b98ffec856860c23508b58b975f4f04874a4d
                                  • Opcode Fuzzy Hash: 5f771fab99338dec1094627715d6a7e6131a1ec6c802c5a0b83ed50041a5b49b
                                  • Instruction Fuzzy Hash: 9121366540E7C09FDB138B259D64A51BFB4EF53624B0A80DBD9848F6A3C268980CCB72

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1242 13fac37-13facb5 1246 13facea-13facef 1242->1246 1247 13facb7-13facca GetFileType 1242->1247 1246->1247 1248 13faccc-13face9 1247->1248 1249 13facf1-13facf6 1247->1249 1249->1248
                                  APIs
                                  • GetFileType.KERNELBASE(?,00000E24,CC366C44,00000000,00000000,00000000,00000000), ref: 013FACBD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: FileType
                                  • String ID:
                                  • API String ID: 3081899298-0
                                  • Opcode ID: 9b1494e5a2da552a254eef828e36570f8266c2e9abc5c2c189d55e91b8c450f5
                                  • Instruction ID: e9b99fc74b4cc77c6fcf882b6425e92c7dd77b741c63aa2e5b96aafdfc4b4ea0
                                  • Opcode Fuzzy Hash: 9b1494e5a2da552a254eef828e36570f8266c2e9abc5c2c189d55e91b8c450f5
                                  • Instruction Fuzzy Hash: 8021E7B55083806FE7128B15DC40BA2BFBCEF57714F0880DBE984CB293D268A909D775

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1253 13fb06a-13fb0b9 1256 13fb0be-13fb0c7 1253->1256 1257 13fb0bb 1253->1257 1258 13fb0cc-13fb0d5 1256->1258 1259 13fb0c9 1256->1259 1257->1256 1260 13fb0d7-13fb0df CreateMutexW 1258->1260 1261 13fb126-13fb12b 1258->1261 1259->1258 1263 13fb0e5-13fb0fb 1260->1263 1261->1260 1264 13fb12d-13fb132 1263->1264 1265 13fb0fd-13fb123 1263->1265 1264->1265
                                  APIs
                                  • CreateMutexW.KERNELBASE(?,?), ref: 013FB0DD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: CreateMutex
                                  • String ID:
                                  • API String ID: 1964310414-0
                                  • Opcode ID: 65600d709a089cb62359d27d26f4214435bd0dfde40cee625b992157e22ba2e5
                                  • Instruction ID: 07745cfa12b47baead4445920a931fe7f42d17036c29a79046c2cfb97768e235
                                  • Opcode Fuzzy Hash: 65600d709a089cb62359d27d26f4214435bd0dfde40cee625b992157e22ba2e5
                                  • Instruction Fuzzy Hash: F12162B16042449FE720DF29DD45BA6FBE8EF04218F04846EEA45CB746D775E408CB75

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1268 13fa61e-13fa688 1270 13fa68a-13fa692 OleInitialize 1268->1270 1271 13fa6c0-13fa6c5 1268->1271 1272 13fa698-13fa6aa 1270->1272 1271->1270 1274 13fa6ac-13fa6bf 1272->1274 1275 13fa6c7-13fa6cc 1272->1275 1275->1274
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: Initialize
                                  • String ID:
                                  • API String ID: 2538663250-0
                                  • Opcode ID: ed699b6c9be33191599ffb0bbe1ea33c56df4dfccf6ad42cf34362c0c3981269
                                  • Instruction ID: d3ced6e3a46d69c62625ebc6f765bc7232032858802acf16ff4496588af0c1c7
                                  • Opcode Fuzzy Hash: ed699b6c9be33191599ffb0bbe1ea33c56df4dfccf6ad42cf34362c0c3981269
                                  • Instruction Fuzzy Hash: 4321587150D3C09FDB138B259C94652BFB4DF07224F0984DBD9858F2A3D2699908CBB2

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1277 13fa573-13fa5d6 1279 13fa5d8-13fa5e0 DuplicateHandle 1277->1279 1280 13fa610-13fa615 1277->1280 1282 13fa5e6-13fa5f8 1279->1282 1280->1279 1283 13fa5fa-13fa60d 1282->1283 1284 13fa617-13fa61c 1282->1284 1284->1283
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FA5DE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 1acc7ce61b7a226697a7a222c0f052eb2601ce4ef8c82bcad1e61708d0c2702f
                                  • Instruction ID: 579c52cdb508d7c91f83268e1a3170aa4b2870926dcfd77cc5c57b47ba1088bf
                                  • Opcode Fuzzy Hash: 1acc7ce61b7a226697a7a222c0f052eb2601ce4ef8c82bcad1e61708d0c2702f
                                  • Instruction Fuzzy Hash: 7111B771408780AFDB228F55DC44A52FFF4EF46314F0888DEED858B553C235A418DB61

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1286 13faeae-13faf05 1289 13faf49-13faf4e 1286->1289 1290 13faf07-13faf0f WriteFile 1286->1290 1289->1290 1292 13faf15-13faf27 1290->1292 1293 13faf29-13faf46 1292->1293 1294 13faf50-13faf55 1292->1294 1294->1293
                                  APIs
                                  • WriteFile.KERNELBASE(?,00000E24,CC366C44,00000000,00000000,00000000,00000000), ref: 013FAF0D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: 6fd81bf1637aa8fec26c65c5352abb9d3ff71c41d1972fcb86340adca2bc39ac
                                  • Instruction ID: 78928ac5b96049b2b1031de2d00128ac37168f87822944e3415aa36a869ca777
                                  • Opcode Fuzzy Hash: 6fd81bf1637aa8fec26c65c5352abb9d3ff71c41d1972fcb86340adca2bc39ac
                                  • Instruction Fuzzy Hash: 3A119071504204AFEB21CF55DD44BA6FBE8EF14318F04846AEA498B651C375E4088BB5
                                  APIs
                                  • ShellExecuteExW.SHELL32(?), ref: 013FB480
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: ExecuteShell
                                  • String ID:
                                  • API String ID: 587946157-0
                                  • Opcode ID: a508adb4f469bec8f0660b6c63d5c3332c678e5b5d2b33d9b2513d09f1c5d892
                                  • Instruction ID: 9d0e6d82466842c606ad508fed18672712b1c79b391ccf0f03c5099da5739e54
                                  • Opcode Fuzzy Hash: a508adb4f469bec8f0660b6c63d5c3332c678e5b5d2b33d9b2513d09f1c5d892
                                  • Instruction Fuzzy Hash: 7A1151715093849FD712CF25DD54B52BFB8DF06214F0884AAED45CB252D265E808CB61
                                  APIs
                                  • GetFileType.KERNELBASE(?,00000E24,CC366C44,00000000,00000000,00000000,00000000), ref: 013FACBD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: FileType
                                  • String ID:
                                  • API String ID: 3081899298-0
                                  • Opcode ID: b60cce1ca0cab9ecef95b91752f8b92f1f831dc472f291ee891da7b655c71f88
                                  • Instruction ID: ade8ba3779e8862554794e9c4e4f998c98d82f44c8e0dd05418e656ff4815fb0
                                  • Opcode Fuzzy Hash: b60cce1ca0cab9ecef95b91752f8b92f1f831dc472f291ee891da7b655c71f88
                                  • Instruction Fuzzy Hash: 2301D671504204AFEB20CB05DD84BA6F7ECDF14628F04C06AEE098B741D778E4088AB5
                                  APIs
                                  • ShellExecuteExW.SHELL32(?), ref: 013FB480
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: ExecuteShell
                                  • String ID:
                                  • API String ID: 587946157-0
                                  • Opcode ID: 4a85c2a7b73554b1fea391eaf022987cf3a6b1431e5a0e318269aea85f3407b3
                                  • Instruction ID: 37943783b59cb5abc96ef8830626d3ec74593b8c7235601c363f4aa205df7245
                                  • Opcode Fuzzy Hash: 4a85c2a7b73554b1fea391eaf022987cf3a6b1431e5a0e318269aea85f3407b3
                                  • Instruction Fuzzy Hash: D90140B16042448FDB10CF29DA85756FBE8EF04624F08C4AADE49DB756D779E404CB61
                                  APIs
                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 013FA5DE
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: DuplicateHandle
                                  • String ID:
                                  • API String ID: 3793708945-0
                                  • Opcode ID: 0dcea44dc73e5fd557a0a1e8214834507122c82568259dfd85d7029bcbcfcad1
                                  • Instruction ID: 259496c79d5003c2c2c112f54ec85d87ac4ac166bd4bf26caf5fd3e9692f749b
                                  • Opcode Fuzzy Hash: 0dcea44dc73e5fd557a0a1e8214834507122c82568259dfd85d7029bcbcfcad1
                                  • Instruction Fuzzy Hash: B50139725046049FDB218F59D944B52FBE4EF48624F0888AEDE8A4BA52C376E418DF62
                                  APIs
                                  • OleGetClipboard.OLE32(?,00000E24,?,?), ref: 013FA77E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: Clipboard
                                  • String ID:
                                  • API String ID: 220874293-0
                                  • Opcode ID: d52dea2c428b87dc8f1e6b10b6fc03b56196c57ad39ea994c1d2470e007a5c40
                                  • Instruction ID: bcfebfbcc20b056137d9c6e827d2795b9c1547ec33a549d11a1e975b620b557c
                                  • Opcode Fuzzy Hash: d52dea2c428b87dc8f1e6b10b6fc03b56196c57ad39ea994c1d2470e007a5c40
                                  • Instruction Fuzzy Hash: 1C01A271600600ABD310DF16DC46B66FBE8FB88A20F14815AEC089BB41D735F955CBE5
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: Initialize
                                  • String ID:
                                  • API String ID: 2538663250-0
                                  • Opcode ID: 417e3a4724804a0c176f504b4cae2d2475c2f08523c63bd5ed0fd9ed088ce2f5
                                  • Instruction ID: 3081c8d6ac3ec0707aee71441066c47c427409c9b45d6ec2ff28d0c2b9882524
                                  • Opcode Fuzzy Hash: 417e3a4724804a0c176f504b4cae2d2475c2f08523c63bd5ed0fd9ed088ce2f5
                                  • Instruction Fuzzy Hash: 230162715042449FDB10CF59D984755FBE8EF44229F08C4AADD498F656D379E404CEA2
                                  APIs
                                  • SetErrorMode.KERNELBASE(?), ref: 013FAA44
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: ErrorMode
                                  • String ID:
                                  • API String ID: 2340568224-0
                                  • Opcode ID: e3e26048a1f3887c384890d32e29902b962052296397befb16d0511a7a1c06e6
                                  • Instruction ID: fc71a46b2998edf02de058890bb9a066d2d612cb0d1032a7c96c8dbb57445e37
                                  • Opcode Fuzzy Hash: e3e26048a1f3887c384890d32e29902b962052296397befb16d0511a7a1c06e6
                                  • Instruction Fuzzy Hash: BFF0A4355046449FEB20CF09DA84761FBE4EF04628F08C0AADE494B752D279E50CCE62
                                  APIs
                                  • CloseHandle.KERNELBASE(00000000), ref: 013FABF0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: CloseHandle
                                  • String ID:
                                  • API String ID: 2962429428-0
                                  • Opcode ID: 3f94128c1b6fec50b5592db74a797373136b07a63d18ad50f037ecea2c150c2d
                                  • Instruction ID: 1dba6997ffa0bacae187b9a9b5885832d5224b990f2751acf7c15d3a665d3599
                                  • Opcode Fuzzy Hash: 3f94128c1b6fec50b5592db74a797373136b07a63d18ad50f037ecea2c150c2d
                                  • Instruction Fuzzy Hash: 0321F2715097C09FDB138B25DC91752BFB8EF07224F0984DBDD858F2A3D2249908CB62
                                  APIs
                                  • CloseHandle.KERNELBASE(00000000), ref: 013FABF0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088945125.00000000013FA000.00000040.00000800.00020000.00000000.sdmp, Offset: 013FA000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13fa000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID: CloseHandle
                                  • String ID:
                                  • API String ID: 2962429428-0
                                  • Opcode ID: 8897cb153658311fb2484ca84b58be199f46934ccf0477da4faaa3ef980b2505
                                  • Instruction ID: b82aff593d31f05da447ca3e85ce96fc636447ee9d94591cc4385c863eae543c
                                  • Opcode Fuzzy Hash: 8897cb153658311fb2484ca84b58be199f46934ccf0477da4faaa3ef980b2505
                                  • Instruction Fuzzy Hash: FF0184756042448FDB10CF19D985755FBE8DF04224F08C4BFDD49CB652D679E804CA61
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ac07be4b88e37db76a4c467b9fb9d51617794657f07dcc57cb5ecdbb812fc82e
                                  • Instruction ID: f79c33ebc6a8ad75a9ed60eb2fc8ba6efe6cd90af694f27e1bcc92bf8a680589
                                  • Opcode Fuzzy Hash: ac07be4b88e37db76a4c467b9fb9d51617794657f07dcc57cb5ecdbb812fc82e
                                  • Instruction Fuzzy Hash: B5322630A00218CFEB24DF74D955BADB7B6FB49308F1045A9D509AB3A5DB399E81CF50
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 853b245a95f55074ba5cc70d2314278b415af1c6bdf0ce0396a8bc75928c5cbf
                                  • Instruction ID: 65527bc9f785fafe5b771151452659b5eb42ae0f8dce2339f4be03399b6dcd11
                                  • Opcode Fuzzy Hash: 853b245a95f55074ba5cc70d2314278b415af1c6bdf0ce0396a8bc75928c5cbf
                                  • Instruction Fuzzy Hash: 54814C31A01218CFDB24DFB8C955BADB7B2FF85308F1045A9D50AAB2A4DB798E44CF51
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29dda20199453e17ac37d4f181aa83d4f0ac4afffef821918a2c365174c4b71c
                                  • Instruction ID: e7ea4b90b38dfba41d36b348d6f684d0d8d3849ddb39c8b6442059479072d618
                                  • Opcode Fuzzy Hash: 29dda20199453e17ac37d4f181aa83d4f0ac4afffef821918a2c365174c4b71c
                                  • Instruction Fuzzy Hash: 8B413C31A00218CFDB24DBB9C954BADB7F2FF45308F5044AAD409AB2A5DB798E44CF51
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14b95f0e85fc932995e1baeed46fed9a5474557c7c36b5349809f56cee744522
                                  • Instruction ID: fe36bb15a68459365a560f55692dc294b78c4b3dc23a65c3eb7e9e6e29018683
                                  • Opcode Fuzzy Hash: 14b95f0e85fc932995e1baeed46fed9a5474557c7c36b5349809f56cee744522
                                  • Instruction Fuzzy Hash: 7731E031B002119FDB14AB7CD911BBE77AADB88208F00443AE509D77A5DF7CDD168B91
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aecf8a07b44f1a62c7249962da9a9675bd4fdf0dce11f6c3f885fee36d1250c0
                                  • Instruction ID: cb84b6833c5723fb02b7a16945b00f5ad8bdf031596c2b68a25a5398af487214
                                  • Opcode Fuzzy Hash: aecf8a07b44f1a62c7249962da9a9675bd4fdf0dce11f6c3f885fee36d1250c0
                                  • Instruction Fuzzy Hash: 4C11806148E3C19FD7138B7498606C03FB0AF07618B5A44DBC480CF2B7E6AE4D0AD7A2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089962954.0000000001AF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1af0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d160e2438d30b40b248e20fcd4fd60125163b56df9bcb324112799db0ad3baca
                                  • Instruction ID: 8b6bb5e0f7d4f62a477f76dd5acc929a21061c5fde7563a18441509c26425e9a
                                  • Opcode Fuzzy Hash: d160e2438d30b40b248e20fcd4fd60125163b56df9bcb324112799db0ad3baca
                                  • Instruction Fuzzy Hash: 4201C47250D3D05FC7128B299D50862FFB8EE46220709C5DFE889CB653C229A808CB72
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b231eb62d505acc1d0cafd210ebd9f4b886cfe4e58dbd300474980b837eb8927
                                  • Instruction ID: b5dedc0f98600febce3c698a80394a786c0a0e582f8cf176e22f3b6fd0372e5d
                                  • Opcode Fuzzy Hash: b231eb62d505acc1d0cafd210ebd9f4b886cfe4e58dbd300474980b837eb8927
                                  • Instruction Fuzzy Hash: AA016D31606342DFCB11EF79D65899D77E1EF84209B14882DE286CB369EB788C458F42
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0e560e00c330f279f8409120b8646920e8e4cbfcbc271e71fc698ebc156fdc2
                                  • Instruction ID: 768e8560212da3dec124a7250848eba34c3e1b01ebe0f82c5765b7fdcc511c12
                                  • Opcode Fuzzy Hash: b0e560e00c330f279f8409120b8646920e8e4cbfcbc271e71fc698ebc156fdc2
                                  • Instruction Fuzzy Hash: 31F02832A04304AFEB14DFB1C852BAE7BA6EF42714F1085BEE100CB1D1DA369901C780
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089962954.0000000001AF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1af0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 74fa1766f4bd324a2b6087ba9bc2451b7d2244fe3b8c5814e755195d53ce0e13
                                  • Instruction ID: 3c7d0ca31a84cf1e517d47da2e0ef9e022a4ccfa5a635b8a773dc6798f4c3428
                                  • Opcode Fuzzy Hash: 74fa1766f4bd324a2b6087ba9bc2451b7d2244fe3b8c5814e755195d53ce0e13
                                  • Instruction Fuzzy Hash: E7F0E57250D3800FD31A8B19BC115D1BBA0EB82230B2885FFD989CF653E626A54987A6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089962954.0000000001AF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 01AF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_1af0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d02efbbf3c09fdaac154850a64d2997960fc685c13a95b0b56f8a773bbd65f68
                                  • Instruction ID: 5953726fa0f402f3c5b9ad2f9cc061699dec4c90122f05d4cdff36c9b0342712
                                  • Opcode Fuzzy Hash: d02efbbf3c09fdaac154850a64d2997960fc685c13a95b0b56f8a773bbd65f68
                                  • Instruction Fuzzy Hash: E7E092B66006008B9650DF0BFD41452F7E8EB84630718C47FDC0E8BB01D63AB509CEA5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 374f28c2ee185fd78f8c3600d7affb6e6952dec451a532364809239e44cd5401
                                  • Instruction ID: 16a7492fbe6a53e2f8912d9acae73d3bffd9bb39cdcd86abae951f48d5952c48
                                  • Opcode Fuzzy Hash: 374f28c2ee185fd78f8c3600d7affb6e6952dec451a532364809239e44cd5401
                                  • Instruction Fuzzy Hash: 9DE0B630246340CFCB1A9B7890549583BB5EF4A30936408EED446CB266DB7BA892CB10
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088930016.00000000013F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F2000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13f2000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 722c9f10c25ccb059fcc9223d5220a94ff191a790bbfb16ac4820544a554a259
                                  • Instruction ID: c4388783688cf422a4a96b3b1c5c54519781cf7b07e1259a91b46ca08039d6f0
                                  • Opcode Fuzzy Hash: 722c9f10c25ccb059fcc9223d5220a94ff191a790bbfb16ac4820544a554a259
                                  • Instruction Fuzzy Hash: 61D05E792056D18FE3279B1CC6A4B963BE4AB51718F4A44FEA900CB763C7A8D581D610
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088930016.00000000013F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F2000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13f2000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4b555d787a471667cd3703dd4794391c821bdbc21afb969a3aa7cb27c21954de
                                  • Instruction ID: 20d67510128d59dd66d25f1ef6de0c18f95c557f423a35fba92dfd10c9ed09f9
                                  • Opcode Fuzzy Hash: 4b555d787a471667cd3703dd4794391c821bdbc21afb969a3aa7cb27c21954de
                                  • Instruction Fuzzy Hash: 31D05E743006818BD729DB0CC2D4F5A3BD4AB40718F0644EDAD108BB62C7A8D8C4DA00
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: ffa380b4993faaa3575d0e43dc4fa41c99c8a2fe2f46ce336ac6ed422406d3d1
                                  • Instruction ID: 6b1d08f4c7b15f7447014f0370ebadf9631fdfd3ac6b17ae44f7a5102e2fdde0
                                  • Opcode Fuzzy Hash: ffa380b4993faaa3575d0e43dc4fa41c99c8a2fe2f46ce336ac6ed422406d3d1
                                  • Instruction Fuzzy Hash: 1E034E74A01228CFEB25DF74D954BA9B7B6FB49308F1041E9D509AB3A1DB399E81CF40
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 0076ab9c4e2a1cb335a2cc8500137f66b14c4f923c9c0c4a4fe0e8705b1aa53b
                                  • Instruction ID: 92940b4ad6b8a0c3e8c53870c019f7fca6cc7bd207cc3c5c763040ee0745a58e
                                  • Opcode Fuzzy Hash: 0076ab9c4e2a1cb335a2cc8500137f66b14c4f923c9c0c4a4fe0e8705b1aa53b
                                  • Instruction Fuzzy Hash: 1D034E74A01228CFEB25DF74D954BA9B7B6FB49308F1041E9D509AB3A1DB399E81CF40
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: f4bc70b586967d50cb0a3906570e03f825701c9bcf300051600e1c761473249f
                                  • Instruction ID: affa7cf01625812e0c852cfc69630103390978f39c01234adcf84642480f2ef9
                                  • Opcode Fuzzy Hash: f4bc70b586967d50cb0a3906570e03f825701c9bcf300051600e1c761473249f
                                  • Instruction Fuzzy Hash: 80034E74A01228CFEB25DF34D954BA9B7B6FB49308F1041E9D509AB3A1DB399E81CF40
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: f4c62e56633d163c72fa8643c22d82e64ba233d9f60ac36ab951aaa5c474ed37
                                  • Instruction ID: 0e416b62c40e7ccee1e2d34ab4651f4c0d690eb304e1b2843c9040d8167dfe92
                                  • Opcode Fuzzy Hash: f4c62e56633d163c72fa8643c22d82e64ba233d9f60ac36ab951aaa5c474ed37
                                  • Instruction Fuzzy Hash: 1AF24F74A01228CFEB25DF74D954BA9B7B6FB49308F1041E9D509AB3A1DB399E81CF40
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 8e9c1df5feaec32c8d8aada5caaa83c413f871b2dcda21acdea5fbf0106a3ceb
                                  • Instruction ID: 541eec1aec96f0408f5c11f9ce6797467454ea9b43714e3e1efc2bc83b6e0bcc
                                  • Opcode Fuzzy Hash: 8e9c1df5feaec32c8d8aada5caaa83c413f871b2dcda21acdea5fbf0106a3ceb
                                  • Instruction Fuzzy Hash: 2FF25F74A01228CFEB25DF34D954BA9BBB5FB49308F1041E9D509AB3A1DB399E81CF50
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 16889bf8d134bf6caf9922d168622db39718077880f472bdb5564bc676ebc4f7
                                  • Instruction ID: bc260869046c6da80fbe75b8d2aec6fcbb45f1047eab0d571988f3927dbc1737
                                  • Opcode Fuzzy Hash: 16889bf8d134bf6caf9922d168622db39718077880f472bdb5564bc676ebc4f7
                                  • Instruction Fuzzy Hash: 72F25F74A01228CFEB25DF34D954BA9BBB5FB49308F1041E9D509AB3A1DB399E81CF50
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 50f7278f20e8b6f813db19cb722922dc3ca7ccdb2a88db4396fdafe43c4695a6
                                  • Instruction ID: 6842727be2ce16573d40bc730197f27fedc3eaea849bd6d7c889dbf8ba4583a7
                                  • Opcode Fuzzy Hash: 50f7278f20e8b6f813db19cb722922dc3ca7ccdb2a88db4396fdafe43c4695a6
                                  • Instruction Fuzzy Hash: 49F24074A01228CFEB25DF34D954BA9B7B5FB49308F1041E9D509AB3A1DB399E81CF50
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: c9827d0b5f3c5fc1a2f421d8ed59f6c04f4971a90dea5b243856707309700d46
                                  • Instruction ID: e2f328b66f876eb603146cba73568fac09359331f5af0206dabb99364c89fe7f
                                  • Opcode Fuzzy Hash: c9827d0b5f3c5fc1a2f421d8ed59f6c04f4971a90dea5b243856707309700d46
                                  • Instruction Fuzzy Hash: 9EF24F74A01228CFEB25DF34D954BA9BBB5FB49308F1041E9D509AB3A1DB399E81CF50
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2089769212.00000000018E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 018E0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_18e0000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 3e7a79b9d7a6e8ad743776b2d984824078f2eb8055e355cf764688b98ed78f89
                                  • Instruction ID: bd68a6ea953b215e5b9d67d930ab5960fa1b80736062cb4ef4101bfc4764ea60
                                  • Opcode Fuzzy Hash: 3e7a79b9d7a6e8ad743776b2d984824078f2eb8055e355cf764688b98ed78f89
                                  • Instruction Fuzzy Hash: 93E24F74A01228CFEB25DF34D954BA9BBB5FB49308F1041E9D509AB3A1DB399E81CF50
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2088930016.00000000013F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 013F2000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_13f2000_a1K847qsM0.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e308b694105678b5d2552910734de94ac1bd3f3dc6aff4c6b47568cda719754e
                                  • Instruction ID: 44ad69f7a39317a35c7cc2ce5f055fab28ab6c2bbf208f341504d13b29e6a4e4
                                  • Opcode Fuzzy Hash: e308b694105678b5d2552910734de94ac1bd3f3dc6aff4c6b47568cda719754e
                                  • Instruction Fuzzy Hash: 77517A7544E7C69FD3078F208862445BFB4AE93204B0E88CFC884CF0A7C3649A59CB62

                                  Execution Graph

                                  Execution Coverage:39.3%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:6.7%
                                  Total number of Nodes:105
                                  Total number of Limit Nodes:6
                                  execution_graph 20267 8fb8ce 20269 8fb8f4 DeleteFileW 20267->20269 20270 8fb910 20269->20270 20271 8fbace 20273 8fbaf7 LookupPrivilegeValueW 20271->20273 20274 8fbb1e 20273->20274 20275 8fbc4e 20276 8fbc7d AdjustTokenPrivileges 20275->20276 20278 8fbc9f 20276->20278 20279 8fbdca 20280 8fbdff NtQuerySystemInformation 20279->20280 20281 8fbe2a 20279->20281 20282 8fbe14 20280->20282 20281->20280 20204 8fa186 20205 8fa1bb send 20204->20205 20206 8fa1f3 20204->20206 20207 8fa1c9 20205->20207 20206->20205 20283 4971cde 20286 4971d13 GetProcessTimes 20283->20286 20285 4971d45 20286->20285 20287 8fb746 20288 8fb76f CopyFileW 20287->20288 20290 8fb796 20288->20290 20208 8fb982 20209 8fb9ab SetFileAttributesW 20208->20209 20211 8fb9c7 20209->20211 20291 497215a 20292 4972195 LoadLibraryA 20291->20292 20294 49721d2 20292->20294 20212 8fb69e 20213 8fb6cd WaitForInputIdle 20212->20213 20214 8fb703 20212->20214 20215 8fb6db 20213->20215 20214->20213 20295 8fa65e 20296 8fa68a CloseHandle 20295->20296 20297 8fa6c0 20295->20297 20298 8fa698 20296->20298 20297->20296 20220 8fa59a 20221 8fa5d8 DuplicateHandle 20220->20221 20222 8fa610 20220->20222 20223 8fa5e6 20221->20223 20222->20221 20299 8fb45a 20302 8fb495 SendMessageTimeoutA 20299->20302 20301 8fb4dd 20302->20301 20224 497128e 20226 49712c6 WSASocketW 20224->20226 20227 4971302 20226->20227 20228 4971b0e 20231 4971b43 shutdown 20228->20231 20230 4971b6c 20231->20230 20307 4972c4e 20310 4972c83 ioctlsocket 20307->20310 20309 4972caf 20310->20309 20232 8faa12 20233 8faa3e SetErrorMode 20232->20233 20234 8faa67 20232->20234 20235 8faa53 20233->20235 20234->20233 20236 8fa72e 20237 8fa77e OleGetClipboard 20236->20237 20238 8fa78c 20237->20238 20311 8fadee 20313 8fae23 ReadFile 20311->20313 20314 8fae55 20313->20314 20239 8fafaa 20241 8fafe2 CreateMutexW 20239->20241 20242 8fb025 20241->20242 20318 8fac6a 20321 8fac9f GetFileType 20318->20321 20320 8faccc 20321->20320 20243 8faaa6 20244 8faade CreateFileW 20243->20244 20246 8fab2d 20244->20246 20322 4972dfe 20323 4972e33 GetProcessWorkingSetSize 20322->20323 20325 4972e5f 20323->20325 20326 4972a7e 20327 4972ab6 RegCreateKeyExW 20326->20327 20329 4972b28 20327->20329 20247 49716ba 20248 49716f2 ConvertStringSecurityDescriptorToSecurityDescriptorW 20247->20248 20250 4971733 20248->20250 20330 8fb27e 20332 8fb2b3 RegQueryValueExW 20330->20332 20333 8fb307 20332->20333 20255 4970aa2 20258 4970ad7 GetExitCodeProcess 20255->20258 20257 4970b00 20258->20257 20334 4972ee2 20335 4972f17 SetProcessWorkingSetSize 20334->20335 20337 4972f43 20335->20337 20259 4971eae 20261 4971ee3 WSAConnect 20259->20261 20262 4971f02 20261->20262 20338 8fb176 20339 8fb1ae RegOpenKeyExW 20338->20339 20341 8fb204 20339->20341 20263 4972d2a 20264 4972d53 select 20263->20264 20266 4972d88 20264->20266 20342 497186a 20343 49718a2 MapViewOfFile 20342->20343 20345 49718f1 20343->20345 20346 8fb372 20348 8fb3a7 RegSetValueExW 20346->20348 20349 8fb3f3 20348->20349
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: cd2f17abf2d191b6741c2b29ae83e11c26900777f0e2055024b25f4634baf62a
                                  • Instruction ID: 5a0a1982c18b59d58e016688c265773d350023f14b57f749da3935d26aefcb38
                                  • Opcode Fuzzy Hash: cd2f17abf2d191b6741c2b29ae83e11c26900777f0e2055024b25f4634baf62a
                                  • Instruction Fuzzy Hash: 1B233C74A01228CFDB25EF34D954BADB7B2BB49308F1041E9D509AB3A8DB359E85DF40

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1117 48c44f1-48c467d 1138 48c480d-48c4821 1117->1138 1139 48c4683-48c47d2 1117->1139 1140 48c496f-48c4983 1138->1140 1141 48c4827-48c492c 1138->1141 1139->1138 1143 48c4985-48c498b call 48c4210 1140->1143 1144 48c49d6-48c49ea 1140->1144 1333 48c4934 1141->1333 1152 48c4990-48c499b 1143->1152 1146 48c49ec-48c49f7 1144->1146 1147 48c4a32-48c4a46 1144->1147 1146->1147 1149 48c4a4c-48c4b51 1147->1149 1150 48c4b94-48c4ba8 1147->1150 1373 48c4b59 1149->1373 1154 48c4bae-48c4bc2 1150->1154 1155 48c4cd4-48c4ce8 1150->1155 1152->1144 1157 48c4bc4-48c4bcb 1154->1157 1158 48c4bd0-48c4be4 1154->1158 1161 48c4cee-48c4f22 1155->1161 1162 48c4f74-48c4f88 1155->1162 1165 48c4c48-48c4c5c 1157->1165 1168 48c4bef-48c4c03 1158->1168 1169 48c4be6-48c4bed 1158->1169 1633 48c4f2d 1161->1633 1166 48c4f8a-48c4f91 1162->1166 1167 48c4fe2-48c4ff6 1162->1167 1172 48c4c5e-48c4c74 1165->1172 1173 48c4c76-48c4c82 1165->1173 1194 48c4f9b 1166->1194 1170 48c4ff8-48c4ffe 1167->1170 1171 48c5045-48c5059 1167->1171 1177 48c4c0e-48c4c22 1168->1177 1178 48c4c05-48c4c0c 1168->1178 1169->1165 1170->1171 1182 48c505b 1171->1182 1183 48c50a2-48c50b6 1171->1183 1181 48c4c8d 1172->1181 1173->1181 1179 48c4c2d-48c4c41 1177->1179 1180 48c4c24-48c4c2b 1177->1180 1178->1165 1179->1165 1187 48c4c43-48c4c45 1179->1187 1180->1165 1181->1155 1182->1183 1190 48c512d-48c5141 1183->1190 1191 48c50b8-48c50e1 1183->1191 1187->1165 1195 48c53b4-48c53c8 1190->1195 1196 48c5147-48c5363 1190->1196 1191->1190 1194->1167 1198 48c549e-48c54b2 1195->1198 1199 48c53ce-48c5457 1195->1199 1572 48c5365 1196->1572 1573 48c5367 1196->1573 1206 48c566f-48c5683 1198->1206 1207 48c54b8-48c55e7 1198->1207 1199->1198 1209 48c5689-48c5794 1206->1209 1210 48c57e6-48c57fa 1206->1210 1551 48c55f2-48c5628 1207->1551 1497 48c579f 1209->1497 1219 48c595d-48c5971 1210->1219 1220 48c5800-48c590b 1210->1220 1225 48c5ad4-48c5ae8 1219->1225 1226 48c5977-48c5a82 1219->1226 1516 48c5916 1220->1516 1231 48c5aee-48c5bf9 1225->1231 1232 48c5c4b-48c5c5f 1225->1232 1522 48c5a8d 1226->1522 1539 48c5c04 1231->1539 1238 48c5c65-48c5d70 1232->1238 1239 48c5dc2-48c5dd6 1232->1239 1546 48c5d7b 1238->1546 1246 48c5ddc-48c5ee7 1239->1246 1247 48c5f39-48c5f4d 1239->1247 1559 48c5ef2 1246->1559 1252 48c60b0-48c60c4 1247->1252 1253 48c5f53-48c6069 1247->1253 1263 48c60ca-48c61d5 1252->1263 1264 48c6227-48c623b 1252->1264 1253->1252 1577 48c61e0 1263->1577 1270 48c639e-48c63b2 1264->1270 1271 48c6241-48c634c 1264->1271 1279 48c63b8-48c63fd call 48c4278 1270->1279 1280 48c6536-48c654a 1270->1280 1583 48c6357 1271->1583 1410 48c64bd-48c64df 1279->1410 1292 48c668d-48c66a1 1280->1292 1293 48c6550-48c656f 1280->1293 1306 48c67ee-48c6802 1292->1306 1307 48c66a7-48c67a7 1292->1307 1328 48c6614-48c6636 1293->1328 1313 48c694f-48c6963 1306->1313 1314 48c6808-48c6908 1306->1314 1307->1306 1322 48c6969-48c6a69 1313->1322 1323 48c6ab0-48c6ada 1313->1323 1314->1313 1322->1323 1354 48c6b9a-48c6bae 1323->1354 1355 48c6ae0-48c6b53 1323->1355 1339 48c663c 1328->1339 1340 48c6574-48c6583 1328->1340 1333->1140 1339->1292 1351 48c663e 1340->1351 1352 48c6589-48c658d 1340->1352 1370 48c6643-48c668b 1351->1370 1376 48c6598-48c65bc 1352->1376 1359 48c6c8b-48c6c9f 1354->1359 1360 48c6bb4-48c6c0b 1354->1360 1355->1354 1377 48c6de5-48c6df9 1359->1377 1378 48c6ca5-48c6d97 1359->1378 1489 48c6c12-48c6c44 1360->1489 1370->1292 1373->1150 1442 48c65be-48c65f8 1376->1442 1443 48c6603-48c660c 1376->1443 1387 48c705c-48c7070 1377->1387 1388 48c6dff-48c6e4f 1377->1388 1614 48c6d9e 1378->1614 1400 48c7158-48c715f 1387->1400 1401 48c7076-48c7111 call 48c4278 * 2 1387->1401 1498 48c6ebd-48c6ee8 1388->1498 1499 48c6e51-48c6e77 1388->1499 1401->1400 1425 48c64e5 1410->1425 1426 48c6402-48c6411 1410->1426 1425->1280 1438 48c64e7 1426->1438 1439 48c6417-48c64b5 1426->1439 1459 48c64ec-48c6534 1438->1459 1439->1459 1578 48c64b7 1439->1578 1442->1443 1443->1370 1450 48c660e 1443->1450 1450->1328 1459->1280 1489->1359 1497->1210 1580 48c6eee-48c6fc1 1498->1580 1581 48c6fc6-48c7057 1498->1581 1575 48c6eb8 1499->1575 1576 48c6e79-48c6e99 1499->1576 1516->1219 1522->1225 1539->1232 1546->1239 1551->1206 1559->1247 1584 48c536d 1572->1584 1573->1584 1641 48c5367 call 48c73fe 1573->1641 1642 48c5367 call 48c7350 1573->1642 1575->1387 1576->1575 1577->1264 1578->1410 1580->1387 1581->1387 1583->1270 1584->1195 1614->1377 1633->1162 1641->1584 1642->1584
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: e6d4972aacbc118b8e04ee31137535bcd44d3d11ffacec131ac92ccda6f29cfa
                                  • Instruction ID: 1fafb3c873a3b65ca8dc0cc16f4d3d19fd890217fcde38e3b36b6e8768d71696
                                  • Opcode Fuzzy Hash: e6d4972aacbc118b8e04ee31137535bcd44d3d11ffacec131ac92ccda6f29cfa
                                  • Instruction Fuzzy Hash: 92034E74A01228CFDB25EF34D954BA9B7B2FB49308F1041E9D509AB3A8DB359E85DF40

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1643 48c4544-48c467d 1661 48c480d-48c4821 1643->1661 1662 48c4683-48c47d2 1643->1662 1663 48c496f-48c4983 1661->1663 1664 48c4827-48c492c 1661->1664 1662->1661 1666 48c4985-48c498b call 48c4210 1663->1666 1667 48c49d6-48c49ea 1663->1667 1856 48c4934 1664->1856 1675 48c4990-48c499b 1666->1675 1669 48c49ec-48c49f7 1667->1669 1670 48c4a32-48c4a46 1667->1670 1669->1670 1672 48c4a4c-48c4b51 1670->1672 1673 48c4b94-48c4ba8 1670->1673 1896 48c4b59 1672->1896 1677 48c4bae-48c4bc2 1673->1677 1678 48c4cd4-48c4ce8 1673->1678 1675->1667 1680 48c4bc4-48c4bcb 1677->1680 1681 48c4bd0-48c4be4 1677->1681 1684 48c4cee-48c4f22 1678->1684 1685 48c4f74-48c4f88 1678->1685 1688 48c4c48-48c4c5c 1680->1688 1691 48c4bef-48c4c03 1681->1691 1692 48c4be6-48c4bed 1681->1692 2156 48c4f2d 1684->2156 1689 48c4f8a-48c4f91 1685->1689 1690 48c4fe2-48c4ff6 1685->1690 1695 48c4c5e-48c4c74 1688->1695 1696 48c4c76-48c4c82 1688->1696 1717 48c4f9b 1689->1717 1693 48c4ff8-48c4ffe 1690->1693 1694 48c5045-48c5059 1690->1694 1700 48c4c0e-48c4c22 1691->1700 1701 48c4c05-48c4c0c 1691->1701 1692->1688 1693->1694 1705 48c505b 1694->1705 1706 48c50a2-48c50b6 1694->1706 1704 48c4c8d 1695->1704 1696->1704 1702 48c4c2d-48c4c41 1700->1702 1703 48c4c24-48c4c2b 1700->1703 1701->1688 1702->1688 1710 48c4c43-48c4c45 1702->1710 1703->1688 1704->1678 1705->1706 1713 48c512d-48c5141 1706->1713 1714 48c50b8-48c50e1 1706->1714 1710->1688 1718 48c53b4-48c53c8 1713->1718 1719 48c5147-48c5363 1713->1719 1714->1713 1717->1690 1721 48c549e-48c54b2 1718->1721 1722 48c53ce-48c5457 1718->1722 2095 48c5365 1719->2095 2096 48c5367 1719->2096 1729 48c566f-48c5683 1721->1729 1730 48c54b8-48c55e7 1721->1730 1722->1721 1732 48c5689-48c5794 1729->1732 1733 48c57e6-48c57fa 1729->1733 2074 48c55f2-48c5628 1730->2074 2020 48c579f 1732->2020 1742 48c595d-48c5971 1733->1742 1743 48c5800-48c590b 1733->1743 1748 48c5ad4-48c5ae8 1742->1748 1749 48c5977-48c5a82 1742->1749 2039 48c5916 1743->2039 1754 48c5aee-48c5bf9 1748->1754 1755 48c5c4b-48c5c5f 1748->1755 2045 48c5a8d 1749->2045 2062 48c5c04 1754->2062 1761 48c5c65-48c5d70 1755->1761 1762 48c5dc2-48c5dd6 1755->1762 2069 48c5d7b 1761->2069 1769 48c5ddc-48c5ee7 1762->1769 1770 48c5f39-48c5f4d 1762->1770 2082 48c5ef2 1769->2082 1775 48c60b0-48c60c4 1770->1775 1776 48c5f53-48c6069 1770->1776 1786 48c60ca-48c61d5 1775->1786 1787 48c6227-48c623b 1775->1787 1776->1775 2100 48c61e0 1786->2100 1793 48c639e-48c63b2 1787->1793 1794 48c6241-48c634c 1787->1794 1802 48c63b8-48c63fd call 48c4278 1793->1802 1803 48c6536-48c654a 1793->1803 2106 48c6357 1794->2106 1933 48c64bd-48c64df 1802->1933 1815 48c668d-48c66a1 1803->1815 1816 48c6550-48c656f 1803->1816 1829 48c67ee-48c6802 1815->1829 1830 48c66a7-48c67a7 1815->1830 1851 48c6614-48c6636 1816->1851 1836 48c694f-48c6963 1829->1836 1837 48c6808-48c6908 1829->1837 1830->1829 1845 48c6969-48c6a69 1836->1845 1846 48c6ab0-48c6ada 1836->1846 1837->1836 1845->1846 1877 48c6b9a-48c6bae 1846->1877 1878 48c6ae0-48c6b53 1846->1878 1862 48c663c 1851->1862 1863 48c6574-48c6583 1851->1863 1856->1663 1862->1815 1874 48c663e 1863->1874 1875 48c6589-48c658d 1863->1875 1893 48c6643-48c668b 1874->1893 1899 48c6598-48c65bc 1875->1899 1882 48c6c8b-48c6c9f 1877->1882 1883 48c6bb4-48c6c0b 1877->1883 1878->1877 1900 48c6de5-48c6df9 1882->1900 1901 48c6ca5-48c6d97 1882->1901 2012 48c6c12-48c6c44 1883->2012 1893->1815 1896->1673 1965 48c65be-48c65f8 1899->1965 1966 48c6603-48c660c 1899->1966 1910 48c705c-48c7070 1900->1910 1911 48c6dff-48c6e4f 1900->1911 2137 48c6d9e 1901->2137 1923 48c7158-48c715f 1910->1923 1924 48c7076-48c7111 call 48c4278 * 2 1910->1924 2021 48c6ebd-48c6ee8 1911->2021 2022 48c6e51-48c6e77 1911->2022 1924->1923 1948 48c64e5 1933->1948 1949 48c6402-48c6411 1933->1949 1948->1803 1961 48c64e7 1949->1961 1962 48c6417-48c64b5 1949->1962 1982 48c64ec-48c6534 1961->1982 1962->1982 2101 48c64b7 1962->2101 1965->1966 1966->1893 1973 48c660e 1966->1973 1973->1851 1982->1803 2012->1882 2020->1733 2103 48c6eee-48c6fc1 2021->2103 2104 48c6fc6-48c7057 2021->2104 2098 48c6eb8 2022->2098 2099 48c6e79-48c6e99 2022->2099 2039->1742 2045->1748 2062->1755 2069->1762 2074->1729 2082->1770 2107 48c536d 2095->2107 2096->2107 2164 48c5367 call 48c73fe 2096->2164 2165 48c5367 call 48c7350 2096->2165 2098->1910 2099->2098 2100->1787 2101->1933 2103->1910 2104->1910 2106->1793 2107->1718 2137->1900 2156->1685 2164->2107 2165->2107
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: c53b1e9b7d847cb87077e50caf79025fa9a2224d5fa4d29f2ef3189d5d5cb5e3
                                  • Instruction ID: 52082fe70af28013636845105b33f1fc1db892448de4e7e8aafcf5a68ca3a820
                                  • Opcode Fuzzy Hash: c53b1e9b7d847cb87077e50caf79025fa9a2224d5fa4d29f2ef3189d5d5cb5e3
                                  • Instruction Fuzzy Hash: D1034E74A01228CFDB25EF34D954BA9B7B2FB49308F1041E9D509AB3A8DB359E85DF40

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2166 48c4630-48c467d 2173 48c480d-48c4821 2166->2173 2174 48c4683-48c47d2 2166->2174 2175 48c496f-48c4983 2173->2175 2176 48c4827-48c492c 2173->2176 2174->2173 2178 48c4985-48c498b call 48c4210 2175->2178 2179 48c49d6-48c49ea 2175->2179 2368 48c4934 2176->2368 2187 48c4990-48c499b 2178->2187 2181 48c49ec-48c49f7 2179->2181 2182 48c4a32-48c4a46 2179->2182 2181->2182 2184 48c4a4c-48c4b51 2182->2184 2185 48c4b94-48c4ba8 2182->2185 2408 48c4b59 2184->2408 2189 48c4bae-48c4bc2 2185->2189 2190 48c4cd4-48c4ce8 2185->2190 2187->2179 2192 48c4bc4-48c4bcb 2189->2192 2193 48c4bd0-48c4be4 2189->2193 2196 48c4cee-48c4f22 2190->2196 2197 48c4f74-48c4f88 2190->2197 2200 48c4c48-48c4c5c 2192->2200 2203 48c4bef-48c4c03 2193->2203 2204 48c4be6-48c4bed 2193->2204 2668 48c4f2d 2196->2668 2201 48c4f8a-48c4f91 2197->2201 2202 48c4fe2-48c4ff6 2197->2202 2207 48c4c5e-48c4c74 2200->2207 2208 48c4c76-48c4c82 2200->2208 2229 48c4f9b 2201->2229 2205 48c4ff8-48c4ffe 2202->2205 2206 48c5045-48c5059 2202->2206 2212 48c4c0e-48c4c22 2203->2212 2213 48c4c05-48c4c0c 2203->2213 2204->2200 2205->2206 2217 48c505b 2206->2217 2218 48c50a2-48c50b6 2206->2218 2216 48c4c8d 2207->2216 2208->2216 2214 48c4c2d-48c4c41 2212->2214 2215 48c4c24-48c4c2b 2212->2215 2213->2200 2214->2200 2222 48c4c43-48c4c45 2214->2222 2215->2200 2216->2190 2217->2218 2225 48c512d-48c5141 2218->2225 2226 48c50b8-48c50e1 2218->2226 2222->2200 2230 48c53b4-48c53c8 2225->2230 2231 48c5147-48c5363 2225->2231 2226->2225 2229->2202 2233 48c549e-48c54b2 2230->2233 2234 48c53ce-48c5457 2230->2234 2607 48c5365 2231->2607 2608 48c5367 2231->2608 2241 48c566f-48c5683 2233->2241 2242 48c54b8-48c55e7 2233->2242 2234->2233 2244 48c5689-48c5794 2241->2244 2245 48c57e6-48c57fa 2241->2245 2586 48c55f2-48c5628 2242->2586 2532 48c579f 2244->2532 2254 48c595d-48c5971 2245->2254 2255 48c5800-48c590b 2245->2255 2260 48c5ad4-48c5ae8 2254->2260 2261 48c5977-48c5a82 2254->2261 2551 48c5916 2255->2551 2266 48c5aee-48c5bf9 2260->2266 2267 48c5c4b-48c5c5f 2260->2267 2557 48c5a8d 2261->2557 2574 48c5c04 2266->2574 2273 48c5c65-48c5d70 2267->2273 2274 48c5dc2-48c5dd6 2267->2274 2581 48c5d7b 2273->2581 2281 48c5ddc-48c5ee7 2274->2281 2282 48c5f39-48c5f4d 2274->2282 2594 48c5ef2 2281->2594 2287 48c60b0-48c60c4 2282->2287 2288 48c5f53-48c6069 2282->2288 2298 48c60ca-48c61d5 2287->2298 2299 48c6227-48c623b 2287->2299 2288->2287 2612 48c61e0 2298->2612 2305 48c639e-48c63b2 2299->2305 2306 48c6241-48c634c 2299->2306 2314 48c63b8-48c63fd call 48c4278 2305->2314 2315 48c6536-48c654a 2305->2315 2618 48c6357 2306->2618 2445 48c64bd-48c64df 2314->2445 2327 48c668d-48c66a1 2315->2327 2328 48c6550-48c656f 2315->2328 2341 48c67ee-48c6802 2327->2341 2342 48c66a7-48c67a7 2327->2342 2363 48c6614-48c6636 2328->2363 2348 48c694f-48c6963 2341->2348 2349 48c6808-48c6908 2341->2349 2342->2341 2357 48c6969-48c6a69 2348->2357 2358 48c6ab0-48c6ada 2348->2358 2349->2348 2357->2358 2389 48c6b9a-48c6bae 2358->2389 2390 48c6ae0-48c6b53 2358->2390 2374 48c663c 2363->2374 2375 48c6574-48c6583 2363->2375 2368->2175 2374->2327 2386 48c663e 2375->2386 2387 48c6589-48c658d 2375->2387 2405 48c6643-48c668b 2386->2405 2411 48c6598-48c65bc 2387->2411 2394 48c6c8b-48c6c9f 2389->2394 2395 48c6bb4-48c6c0b 2389->2395 2390->2389 2412 48c6de5-48c6df9 2394->2412 2413 48c6ca5-48c6d97 2394->2413 2524 48c6c12-48c6c44 2395->2524 2405->2327 2408->2185 2477 48c65be-48c65f8 2411->2477 2478 48c6603-48c660c 2411->2478 2422 48c705c-48c7070 2412->2422 2423 48c6dff-48c6e4f 2412->2423 2649 48c6d9e 2413->2649 2435 48c7158-48c715f 2422->2435 2436 48c7076-48c7111 call 48c4278 * 2 2422->2436 2533 48c6ebd-48c6ee8 2423->2533 2534 48c6e51-48c6e77 2423->2534 2436->2435 2460 48c64e5 2445->2460 2461 48c6402-48c6411 2445->2461 2460->2315 2473 48c64e7 2461->2473 2474 48c6417-48c64b5 2461->2474 2494 48c64ec-48c6534 2473->2494 2474->2494 2613 48c64b7 2474->2613 2477->2478 2478->2405 2485 48c660e 2478->2485 2485->2363 2494->2315 2524->2394 2532->2245 2615 48c6eee-48c6fc1 2533->2615 2616 48c6fc6-48c7057 2533->2616 2610 48c6eb8 2534->2610 2611 48c6e79-48c6e99 2534->2611 2551->2254 2557->2260 2574->2267 2581->2274 2586->2241 2594->2282 2619 48c536d 2607->2619 2608->2619 2676 48c5367 call 48c73fe 2608->2676 2677 48c5367 call 48c7350 2608->2677 2610->2422 2611->2610 2612->2299 2613->2445 2615->2422 2616->2422 2618->2305 2619->2230 2649->2412 2668->2197 2676->2619 2677->2619
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 60f535137a7602d47e8b4dad9cfb07e5321aed87b61b6c8a3267d7e833423a36
                                  • Instruction ID: 6a817f2619594d5188acb7dee38bc9da3223539abdc1c94742f733a71e43ff30
                                  • Opcode Fuzzy Hash: 60f535137a7602d47e8b4dad9cfb07e5321aed87b61b6c8a3267d7e833423a36
                                  • Instruction Fuzzy Hash: 46035F74A01228CFDB25EF34D954BA9B7B2FB49308F1041E9D509AB3A8DB359E85DF40

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2678 48c470f-48c4821 2692 48c496f-48c4983 2678->2692 2693 48c4827-48c492c 2678->2693 2694 48c4985-48c498b call 48c4210 2692->2694 2695 48c49d6-48c49ea 2692->2695 2872 48c4934 2693->2872 2702 48c4990-48c499b 2694->2702 2697 48c49ec-48c49f7 2695->2697 2698 48c4a32-48c4a46 2695->2698 2697->2698 2700 48c4a4c-48c4b51 2698->2700 2701 48c4b94-48c4ba8 2698->2701 2912 48c4b59 2700->2912 2704 48c4bae-48c4bc2 2701->2704 2705 48c4cd4-48c4ce8 2701->2705 2702->2695 2707 48c4bc4-48c4bcb 2704->2707 2708 48c4bd0-48c4be4 2704->2708 2710 48c4cee-48c4f22 2705->2710 2711 48c4f74-48c4f88 2705->2711 2714 48c4c48-48c4c5c 2707->2714 2717 48c4bef-48c4c03 2708->2717 2718 48c4be6-48c4bed 2708->2718 3172 48c4f2d 2710->3172 2715 48c4f8a-48c4f91 2711->2715 2716 48c4fe2-48c4ff6 2711->2716 2721 48c4c5e-48c4c74 2714->2721 2722 48c4c76-48c4c82 2714->2722 2743 48c4f9b 2715->2743 2719 48c4ff8-48c4ffe 2716->2719 2720 48c5045-48c5059 2716->2720 2725 48c4c0e-48c4c22 2717->2725 2726 48c4c05-48c4c0c 2717->2726 2718->2714 2719->2720 2730 48c505b 2720->2730 2731 48c50a2-48c50b6 2720->2731 2729 48c4c8d 2721->2729 2722->2729 2727 48c4c2d-48c4c41 2725->2727 2728 48c4c24-48c4c2b 2725->2728 2726->2714 2727->2714 2734 48c4c43-48c4c45 2727->2734 2728->2714 2729->2705 2730->2731 2737 48c512d-48c5141 2731->2737 2738 48c50b8-48c50e1 2731->2738 2734->2714 2741 48c53b4-48c53c8 2737->2741 2742 48c5147-48c5363 2737->2742 2738->2737 2746 48c549e-48c54b2 2741->2746 2747 48c53ce-48c5457 2741->2747 3111 48c5365 2742->3111 3112 48c5367 2742->3112 2743->2716 2751 48c566f-48c5683 2746->2751 2752 48c54b8-48c55e7 2746->2752 2747->2746 2754 48c5689-48c5794 2751->2754 2755 48c57e6-48c57fa 2751->2755 3090 48c55f2-48c5628 2752->3090 3036 48c579f 2754->3036 2763 48c595d-48c5971 2755->2763 2764 48c5800-48c590b 2755->2764 2768 48c5ad4-48c5ae8 2763->2768 2769 48c5977-48c5a82 2763->2769 3055 48c5916 2764->3055 2774 48c5aee-48c5bf9 2768->2774 2775 48c5c4b-48c5c5f 2768->2775 3061 48c5a8d 2769->3061 3078 48c5c04 2774->3078 2780 48c5c65-48c5d70 2775->2780 2781 48c5dc2-48c5dd6 2775->2781 3085 48c5d7b 2780->3085 2787 48c5ddc-48c5ee7 2781->2787 2788 48c5f39-48c5f4d 2781->2788 3098 48c5ef2 2787->3098 2794 48c60b0-48c60c4 2788->2794 2795 48c5f53-48c6069 2788->2795 2804 48c60ca-48c61d5 2794->2804 2805 48c6227-48c623b 2794->2805 2795->2794 3116 48c61e0 2804->3116 2811 48c639e-48c63b2 2805->2811 2812 48c6241-48c634c 2805->2812 2820 48c63b8-48c63fd call 48c4278 2811->2820 2821 48c6536-48c654a 2811->2821 3122 48c6357 2812->3122 2949 48c64bd-48c64df 2820->2949 2832 48c668d-48c66a1 2821->2832 2833 48c6550-48c656f 2821->2833 2845 48c67ee-48c6802 2832->2845 2846 48c66a7-48c67a7 2832->2846 2867 48c6614-48c6636 2833->2867 2852 48c694f-48c6963 2845->2852 2853 48c6808-48c6908 2845->2853 2846->2845 2861 48c6969-48c6a69 2852->2861 2862 48c6ab0-48c6ada 2852->2862 2853->2852 2861->2862 2893 48c6b9a-48c6bae 2862->2893 2894 48c6ae0-48c6b53 2862->2894 2878 48c663c 2867->2878 2879 48c6574-48c6583 2867->2879 2872->2692 2878->2832 2890 48c663e 2879->2890 2891 48c6589-48c658d 2879->2891 2909 48c6643-48c668b 2890->2909 2915 48c6598-48c65bc 2891->2915 2898 48c6c8b-48c6c9f 2893->2898 2899 48c6bb4-48c6c0b 2893->2899 2894->2893 2916 48c6de5-48c6df9 2898->2916 2917 48c6ca5-48c6d97 2898->2917 3028 48c6c12-48c6c44 2899->3028 2909->2832 2912->2701 2981 48c65be-48c65f8 2915->2981 2982 48c6603-48c660c 2915->2982 2926 48c705c-48c7070 2916->2926 2927 48c6dff-48c6e4f 2916->2927 3153 48c6d9e 2917->3153 2939 48c7158-48c715f 2926->2939 2940 48c7076-48c7111 call 48c4278 * 2 2926->2940 3037 48c6ebd-48c6ee8 2927->3037 3038 48c6e51-48c6e77 2927->3038 2940->2939 2964 48c64e5 2949->2964 2965 48c6402-48c6411 2949->2965 2964->2821 2977 48c64e7 2965->2977 2978 48c6417-48c64b5 2965->2978 2998 48c64ec-48c6534 2977->2998 2978->2998 3117 48c64b7 2978->3117 2981->2982 2982->2909 2989 48c660e 2982->2989 2989->2867 2998->2821 3028->2898 3036->2755 3119 48c6eee-48c6fc1 3037->3119 3120 48c6fc6-48c7057 3037->3120 3114 48c6eb8 3038->3114 3115 48c6e79-48c6e99 3038->3115 3055->2763 3061->2768 3078->2775 3085->2781 3090->2751 3098->2788 3123 48c536d 3111->3123 3112->3123 3180 48c5367 call 48c73fe 3112->3180 3181 48c5367 call 48c7350 3112->3181 3114->2926 3115->3114 3116->2805 3117->2949 3119->2926 3120->2926 3122->2811 3123->2741 3153->2916 3172->2711 3180->3123 3181->3123
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 57d179da067e631dc7b0461d7cc83e5c924b7ee476fc647685019c738c6120f9
                                  • Instruction ID: 7b8a337cc9b344615e99173977875817cce664610af52cc5af0bfa3f9d7721be
                                  • Opcode Fuzzy Hash: 57d179da067e631dc7b0461d7cc83e5c924b7ee476fc647685019c738c6120f9
                                  • Instruction Fuzzy Hash: 5DF25E74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 3182 48c47d4-48c4821 3189 48c496f-48c4983 3182->3189 3190 48c4827-48c492c 3182->3190 3191 48c4985-48c498b call 48c4210 3189->3191 3192 48c49d6-48c49ea 3189->3192 3369 48c4934 3190->3369 3199 48c4990-48c499b 3191->3199 3194 48c49ec-48c49f7 3192->3194 3195 48c4a32-48c4a46 3192->3195 3194->3195 3197 48c4a4c-48c4b51 3195->3197 3198 48c4b94-48c4ba8 3195->3198 3409 48c4b59 3197->3409 3201 48c4bae-48c4bc2 3198->3201 3202 48c4cd4-48c4ce8 3198->3202 3199->3192 3204 48c4bc4-48c4bcb 3201->3204 3205 48c4bd0-48c4be4 3201->3205 3207 48c4cee-48c4f22 3202->3207 3208 48c4f74-48c4f88 3202->3208 3211 48c4c48-48c4c5c 3204->3211 3214 48c4bef-48c4c03 3205->3214 3215 48c4be6-48c4bed 3205->3215 3669 48c4f2d 3207->3669 3212 48c4f8a-48c4f91 3208->3212 3213 48c4fe2-48c4ff6 3208->3213 3218 48c4c5e-48c4c74 3211->3218 3219 48c4c76-48c4c82 3211->3219 3240 48c4f9b 3212->3240 3216 48c4ff8-48c4ffe 3213->3216 3217 48c5045-48c5059 3213->3217 3222 48c4c0e-48c4c22 3214->3222 3223 48c4c05-48c4c0c 3214->3223 3215->3211 3216->3217 3227 48c505b 3217->3227 3228 48c50a2-48c50b6 3217->3228 3226 48c4c8d 3218->3226 3219->3226 3224 48c4c2d-48c4c41 3222->3224 3225 48c4c24-48c4c2b 3222->3225 3223->3211 3224->3211 3231 48c4c43-48c4c45 3224->3231 3225->3211 3226->3202 3227->3228 3234 48c512d-48c5141 3228->3234 3235 48c50b8-48c50e1 3228->3235 3231->3211 3238 48c53b4-48c53c8 3234->3238 3239 48c5147-48c5363 3234->3239 3235->3234 3243 48c549e-48c54b2 3238->3243 3244 48c53ce-48c5457 3238->3244 3608 48c5365 3239->3608 3609 48c5367 3239->3609 3240->3213 3248 48c566f-48c5683 3243->3248 3249 48c54b8-48c55e7 3243->3249 3244->3243 3251 48c5689-48c5794 3248->3251 3252 48c57e6-48c57fa 3248->3252 3587 48c55f2-48c5628 3249->3587 3533 48c579f 3251->3533 3260 48c595d-48c5971 3252->3260 3261 48c5800-48c590b 3252->3261 3265 48c5ad4-48c5ae8 3260->3265 3266 48c5977-48c5a82 3260->3266 3552 48c5916 3261->3552 3271 48c5aee-48c5bf9 3265->3271 3272 48c5c4b-48c5c5f 3265->3272 3558 48c5a8d 3266->3558 3575 48c5c04 3271->3575 3277 48c5c65-48c5d70 3272->3277 3278 48c5dc2-48c5dd6 3272->3278 3582 48c5d7b 3277->3582 3284 48c5ddc-48c5ee7 3278->3284 3285 48c5f39-48c5f4d 3278->3285 3595 48c5ef2 3284->3595 3291 48c60b0-48c60c4 3285->3291 3292 48c5f53-48c6069 3285->3292 3301 48c60ca-48c61d5 3291->3301 3302 48c6227-48c623b 3291->3302 3292->3291 3613 48c61e0 3301->3613 3308 48c639e-48c63b2 3302->3308 3309 48c6241-48c634c 3302->3309 3317 48c63b8-48c63fd call 48c4278 3308->3317 3318 48c6536-48c654a 3308->3318 3619 48c6357 3309->3619 3446 48c64bd-48c64df 3317->3446 3329 48c668d-48c66a1 3318->3329 3330 48c6550-48c656f 3318->3330 3342 48c67ee-48c6802 3329->3342 3343 48c66a7-48c67a7 3329->3343 3364 48c6614-48c6636 3330->3364 3349 48c694f-48c6963 3342->3349 3350 48c6808-48c6908 3342->3350 3343->3342 3358 48c6969-48c6a69 3349->3358 3359 48c6ab0-48c6ada 3349->3359 3350->3349 3358->3359 3390 48c6b9a-48c6bae 3359->3390 3391 48c6ae0-48c6b53 3359->3391 3375 48c663c 3364->3375 3376 48c6574-48c6583 3364->3376 3369->3189 3375->3329 3387 48c663e 3376->3387 3388 48c6589-48c658d 3376->3388 3406 48c6643-48c668b 3387->3406 3412 48c6598-48c65bc 3388->3412 3395 48c6c8b-48c6c9f 3390->3395 3396 48c6bb4-48c6c0b 3390->3396 3391->3390 3413 48c6de5-48c6df9 3395->3413 3414 48c6ca5-48c6d97 3395->3414 3525 48c6c12-48c6c44 3396->3525 3406->3329 3409->3198 3478 48c65be-48c65f8 3412->3478 3479 48c6603-48c660c 3412->3479 3423 48c705c-48c7070 3413->3423 3424 48c6dff-48c6e4f 3413->3424 3650 48c6d9e 3414->3650 3436 48c7158-48c715f 3423->3436 3437 48c7076-48c7111 call 48c4278 * 2 3423->3437 3534 48c6ebd-48c6ee8 3424->3534 3535 48c6e51-48c6e77 3424->3535 3437->3436 3461 48c64e5 3446->3461 3462 48c6402-48c6411 3446->3462 3461->3318 3474 48c64e7 3462->3474 3475 48c6417-48c64b5 3462->3475 3495 48c64ec-48c6534 3474->3495 3475->3495 3614 48c64b7 3475->3614 3478->3479 3479->3406 3486 48c660e 3479->3486 3486->3364 3495->3318 3525->3395 3533->3252 3616 48c6eee-48c6fc1 3534->3616 3617 48c6fc6-48c7057 3534->3617 3611 48c6eb8 3535->3611 3612 48c6e79-48c6e99 3535->3612 3552->3260 3558->3265 3575->3272 3582->3278 3587->3248 3595->3285 3620 48c536d 3608->3620 3609->3620 3677 48c5367 call 48c73fe 3609->3677 3678 48c5367 call 48c7350 3609->3678 3611->3423 3612->3611 3613->3302 3614->3446 3616->3423 3617->3423 3619->3308 3620->3238 3650->3413 3669->3208 3677->3620 3678->3620
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: aa5fa3ea351ebeed6316a35876e0c6253990f354656ca30e868866e740248208
                                  • Instruction ID: 4e7bccec8e25d706288e4dd792e6598d4572cac74f13fbf7019ce420854229e5
                                  • Opcode Fuzzy Hash: aa5fa3ea351ebeed6316a35876e0c6253990f354656ca30e868866e740248208
                                  • Instruction Fuzzy Hash: 67F26E74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 3679 48c4936-48c4983 3686 48c4985-48c498b call 48c4210 3679->3686 3687 48c49d6-48c49ea 3679->3687 3693 48c4990-48c499b 3686->3693 3688 48c49ec-48c49f7 3687->3688 3689 48c4a32-48c4a46 3687->3689 3688->3689 3691 48c4a4c-48c4b51 3689->3691 3692 48c4b94-48c4ba8 3689->3692 3890 48c4b59 3691->3890 3694 48c4bae-48c4bc2 3692->3694 3695 48c4cd4-48c4ce8 3692->3695 3693->3687 3697 48c4bc4-48c4bcb 3694->3697 3698 48c4bd0-48c4be4 3694->3698 3700 48c4cee-48c4f22 3695->3700 3701 48c4f74-48c4f88 3695->3701 3703 48c4c48-48c4c5c 3697->3703 3706 48c4bef-48c4c03 3698->3706 3707 48c4be6-48c4bed 3698->3707 4150 48c4f2d 3700->4150 3704 48c4f8a-48c4f91 3701->3704 3705 48c4fe2-48c4ff6 3701->3705 3710 48c4c5e-48c4c74 3703->3710 3711 48c4c76-48c4c82 3703->3711 3731 48c4f9b 3704->3731 3708 48c4ff8-48c4ffe 3705->3708 3709 48c5045-48c5059 3705->3709 3714 48c4c0e-48c4c22 3706->3714 3715 48c4c05-48c4c0c 3706->3715 3707->3703 3708->3709 3719 48c505b 3709->3719 3720 48c50a2-48c50b6 3709->3720 3718 48c4c8d 3710->3718 3711->3718 3716 48c4c2d-48c4c41 3714->3716 3717 48c4c24-48c4c2b 3714->3717 3715->3703 3716->3703 3722 48c4c43-48c4c45 3716->3722 3717->3703 3718->3695 3719->3720 3725 48c512d-48c5141 3720->3725 3726 48c50b8-48c50e1 3720->3726 3722->3703 3729 48c53b4-48c53c8 3725->3729 3730 48c5147-48c5363 3725->3730 3726->3725 3733 48c549e-48c54b2 3729->3733 3734 48c53ce-48c5457 3729->3734 4089 48c5365 3730->4089 4090 48c5367 3730->4090 3731->3705 3738 48c566f-48c5683 3733->3738 3739 48c54b8-48c55e7 3733->3739 3734->3733 3740 48c5689-48c5794 3738->3740 3741 48c57e6-48c57fa 3738->3741 4068 48c55f2-48c5628 3739->4068 4014 48c579f 3740->4014 3748 48c595d-48c5971 3741->3748 3749 48c5800-48c590b 3741->3749 3753 48c5ad4-48c5ae8 3748->3753 3754 48c5977-48c5a82 3748->3754 4033 48c5916 3749->4033 3759 48c5aee-48c5bf9 3753->3759 3760 48c5c4b-48c5c5f 3753->3760 4039 48c5a8d 3754->4039 4056 48c5c04 3759->4056 3764 48c5c65-48c5d70 3760->3764 3765 48c5dc2-48c5dd6 3760->3765 4063 48c5d7b 3764->4063 3770 48c5ddc-48c5ee7 3765->3770 3771 48c5f39-48c5f4d 3765->3771 4076 48c5ef2 3770->4076 3780 48c60b0-48c60c4 3771->3780 3781 48c5f53-48c6069 3771->3781 3786 48c60ca-48c61d5 3780->3786 3787 48c6227-48c623b 3780->3787 3781->3780 4094 48c61e0 3786->4094 3793 48c639e-48c63b2 3787->3793 3794 48c6241-48c634c 3787->3794 3801 48c63b8-48c63fd call 48c4278 3793->3801 3802 48c6536-48c654a 3793->3802 4100 48c6357 3794->4100 3927 48c64bd-48c64df 3801->3927 3813 48c668d-48c66a1 3802->3813 3814 48c6550-48c656f 3802->3814 3825 48c67ee-48c6802 3813->3825 3826 48c66a7-48c67a7 3813->3826 3846 48c6614-48c6636 3814->3846 3831 48c694f-48c6963 3825->3831 3832 48c6808-48c6908 3825->3832 3826->3825 3840 48c6969-48c6a69 3831->3840 3841 48c6ab0-48c6ada 3831->3841 3832->3831 3840->3841 3871 48c6b9a-48c6bae 3841->3871 3872 48c6ae0-48c6b53 3841->3872 3856 48c663c 3846->3856 3857 48c6574-48c6583 3846->3857 3856->3813 3868 48c663e 3857->3868 3869 48c6589-48c658d 3857->3869 3887 48c6643-48c668b 3868->3887 3893 48c6598-48c65bc 3869->3893 3876 48c6c8b-48c6c9f 3871->3876 3877 48c6bb4-48c6c0b 3871->3877 3872->3871 3894 48c6de5-48c6df9 3876->3894 3895 48c6ca5-48c6d97 3876->3895 4006 48c6c12-48c6c44 3877->4006 3887->3813 3890->3692 3959 48c65be-48c65f8 3893->3959 3960 48c6603-48c660c 3893->3960 3904 48c705c-48c7070 3894->3904 3905 48c6dff-48c6e4f 3894->3905 4131 48c6d9e 3895->4131 3917 48c7158-48c715f 3904->3917 3918 48c7076-48c7111 call 48c4278 * 2 3904->3918 4015 48c6ebd-48c6ee8 3905->4015 4016 48c6e51-48c6e77 3905->4016 3918->3917 3942 48c64e5 3927->3942 3943 48c6402-48c6411 3927->3943 3942->3802 3955 48c64e7 3943->3955 3956 48c6417-48c64b5 3943->3956 3976 48c64ec-48c6534 3955->3976 3956->3976 4095 48c64b7 3956->4095 3959->3960 3960->3887 3967 48c660e 3960->3967 3967->3846 3976->3802 4006->3876 4014->3741 4097 48c6eee-48c6fc1 4015->4097 4098 48c6fc6-48c7057 4015->4098 4092 48c6eb8 4016->4092 4093 48c6e79-48c6e99 4016->4093 4033->3748 4039->3753 4056->3760 4063->3765 4068->3738 4076->3771 4101 48c536d 4089->4101 4090->4101 4158 48c5367 call 48c73fe 4090->4158 4159 48c5367 call 48c7350 4090->4159 4092->3904 4093->4092 4094->3787 4095->3927 4097->3904 4098->3904 4100->3793 4101->3729 4131->3894 4150->3701 4158->4101 4159->4101
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: bb35aabad439ea74e6cf8caa66d5fe686ffadbd1a59fd94fb1779baf4e473d5f
                                  • Instruction ID: d6855141f5ef3bf5fe0dfc3a96d7d77dc5c4f501dfa96768b9ac889676dc7dec
                                  • Opcode Fuzzy Hash: bb35aabad439ea74e6cf8caa66d5fe686ffadbd1a59fd94fb1779baf4e473d5f
                                  • Instruction Fuzzy Hash: 49F26E74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 4160 48c499d-48c49ea 4167 48c49ec-48c49f7 4160->4167 4168 48c4a32-48c4a46 4160->4168 4167->4168 4169 48c4a4c-48c4b51 4168->4169 4170 48c4b94-48c4ba8 4168->4170 4366 48c4b59 4169->4366 4171 48c4bae-48c4bc2 4170->4171 4172 48c4cd4-48c4ce8 4170->4172 4174 48c4bc4-48c4bcb 4171->4174 4175 48c4bd0-48c4be4 4171->4175 4177 48c4cee-48c4f22 4172->4177 4178 48c4f74-48c4f88 4172->4178 4179 48c4c48-48c4c5c 4174->4179 4182 48c4bef-48c4c03 4175->4182 4183 48c4be6-48c4bed 4175->4183 4626 48c4f2d 4177->4626 4180 48c4f8a-48c4f91 4178->4180 4181 48c4fe2-48c4ff6 4178->4181 4186 48c4c5e-48c4c74 4179->4186 4187 48c4c76-48c4c82 4179->4187 4207 48c4f9b 4180->4207 4184 48c4ff8-48c4ffe 4181->4184 4185 48c5045-48c5059 4181->4185 4190 48c4c0e-48c4c22 4182->4190 4191 48c4c05-48c4c0c 4182->4191 4183->4179 4184->4185 4195 48c505b 4185->4195 4196 48c50a2-48c50b6 4185->4196 4194 48c4c8d 4186->4194 4187->4194 4192 48c4c2d-48c4c41 4190->4192 4193 48c4c24-48c4c2b 4190->4193 4191->4179 4192->4179 4198 48c4c43-48c4c45 4192->4198 4193->4179 4194->4172 4195->4196 4201 48c512d-48c5141 4196->4201 4202 48c50b8-48c50e1 4196->4202 4198->4179 4205 48c53b4-48c53c8 4201->4205 4206 48c5147-48c5363 4201->4206 4202->4201 4209 48c549e-48c54b2 4205->4209 4210 48c53ce-48c5457 4205->4210 4565 48c5365 4206->4565 4566 48c5367 4206->4566 4207->4181 4214 48c566f-48c5683 4209->4214 4215 48c54b8-48c55e7 4209->4215 4210->4209 4216 48c5689-48c5794 4214->4216 4217 48c57e6-48c57fa 4214->4217 4544 48c55f2-48c5628 4215->4544 4490 48c579f 4216->4490 4224 48c595d-48c5971 4217->4224 4225 48c5800-48c590b 4217->4225 4229 48c5ad4-48c5ae8 4224->4229 4230 48c5977-48c5a82 4224->4230 4509 48c5916 4225->4509 4235 48c5aee-48c5bf9 4229->4235 4236 48c5c4b-48c5c5f 4229->4236 4515 48c5a8d 4230->4515 4532 48c5c04 4235->4532 4240 48c5c65-48c5d70 4236->4240 4241 48c5dc2-48c5dd6 4236->4241 4539 48c5d7b 4240->4539 4246 48c5ddc-48c5ee7 4241->4246 4247 48c5f39-48c5f4d 4241->4247 4552 48c5ef2 4246->4552 4256 48c60b0-48c60c4 4247->4256 4257 48c5f53-48c6069 4247->4257 4262 48c60ca-48c61d5 4256->4262 4263 48c6227-48c623b 4256->4263 4257->4256 4570 48c61e0 4262->4570 4269 48c639e-48c63b2 4263->4269 4270 48c6241-48c634c 4263->4270 4277 48c63b8-48c63fd call 48c4278 4269->4277 4278 48c6536-48c654a 4269->4278 4576 48c6357 4270->4576 4403 48c64bd-48c64df 4277->4403 4289 48c668d-48c66a1 4278->4289 4290 48c6550-48c656f 4278->4290 4301 48c67ee-48c6802 4289->4301 4302 48c66a7-48c67a7 4289->4302 4322 48c6614-48c6636 4290->4322 4307 48c694f-48c6963 4301->4307 4308 48c6808-48c6908 4301->4308 4302->4301 4316 48c6969-48c6a69 4307->4316 4317 48c6ab0-48c6ada 4307->4317 4308->4307 4316->4317 4347 48c6b9a-48c6bae 4317->4347 4348 48c6ae0-48c6b53 4317->4348 4332 48c663c 4322->4332 4333 48c6574-48c6583 4322->4333 4332->4289 4344 48c663e 4333->4344 4345 48c6589-48c658d 4333->4345 4363 48c6643-48c668b 4344->4363 4369 48c6598-48c65bc 4345->4369 4352 48c6c8b-48c6c9f 4347->4352 4353 48c6bb4-48c6c0b 4347->4353 4348->4347 4370 48c6de5-48c6df9 4352->4370 4371 48c6ca5-48c6d97 4352->4371 4482 48c6c12-48c6c44 4353->4482 4363->4289 4366->4170 4435 48c65be-48c65f8 4369->4435 4436 48c6603-48c660c 4369->4436 4380 48c705c-48c7070 4370->4380 4381 48c6dff-48c6e4f 4370->4381 4607 48c6d9e 4371->4607 4393 48c7158-48c715f 4380->4393 4394 48c7076-48c7111 call 48c4278 * 2 4380->4394 4491 48c6ebd-48c6ee8 4381->4491 4492 48c6e51-48c6e77 4381->4492 4394->4393 4418 48c64e5 4403->4418 4419 48c6402-48c6411 4403->4419 4418->4278 4431 48c64e7 4419->4431 4432 48c6417-48c64b5 4419->4432 4452 48c64ec-48c6534 4431->4452 4432->4452 4571 48c64b7 4432->4571 4435->4436 4436->4363 4443 48c660e 4436->4443 4443->4322 4452->4278 4482->4352 4490->4217 4573 48c6eee-48c6fc1 4491->4573 4574 48c6fc6-48c7057 4491->4574 4568 48c6eb8 4492->4568 4569 48c6e79-48c6e99 4492->4569 4509->4224 4515->4229 4532->4236 4539->4241 4544->4214 4552->4247 4577 48c536d 4565->4577 4566->4577 4634 48c5367 call 48c73fe 4566->4634 4635 48c5367 call 48c7350 4566->4635 4568->4380 4569->4568 4570->4263 4571->4403 4573->4380 4574->4380 4576->4269 4577->4205 4607->4370 4626->4178 4634->4577 4635->4577
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 9f1ffde494460ff6ca6f2465483ced7ac9025f47ed87d27f891dffd84a395630
                                  • Instruction ID: e7adcb7a260299f4fa944a8e0613808fd28d6da147f0554afefaceaaf496e48f
                                  • Opcode Fuzzy Hash: 9f1ffde494460ff6ca6f2465483ced7ac9025f47ed87d27f891dffd84a395630
                                  • Instruction Fuzzy Hash: F2F26E74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 4636 48c49f9-48c4a46 4643 48c4a4c-48c4b51 4636->4643 4644 48c4b94-48c4ba8 4636->4644 4839 48c4b59 4643->4839 4645 48c4bae-48c4bc2 4644->4645 4646 48c4cd4-48c4ce8 4644->4646 4647 48c4bc4-48c4bcb 4645->4647 4648 48c4bd0-48c4be4 4645->4648 4650 48c4cee-48c4f22 4646->4650 4651 48c4f74-48c4f88 4646->4651 4652 48c4c48-48c4c5c 4647->4652 4655 48c4bef-48c4c03 4648->4655 4656 48c4be6-48c4bed 4648->4656 5099 48c4f2d 4650->5099 4653 48c4f8a-48c4f91 4651->4653 4654 48c4fe2-48c4ff6 4651->4654 4659 48c4c5e-48c4c74 4652->4659 4660 48c4c76-48c4c82 4652->4660 4680 48c4f9b 4653->4680 4657 48c4ff8-48c4ffe 4654->4657 4658 48c5045-48c5059 4654->4658 4663 48c4c0e-48c4c22 4655->4663 4664 48c4c05-48c4c0c 4655->4664 4656->4652 4657->4658 4668 48c505b 4658->4668 4669 48c50a2-48c50b6 4658->4669 4667 48c4c8d 4659->4667 4660->4667 4665 48c4c2d-48c4c41 4663->4665 4666 48c4c24-48c4c2b 4663->4666 4664->4652 4665->4652 4671 48c4c43-48c4c45 4665->4671 4666->4652 4667->4646 4668->4669 4674 48c512d-48c5141 4669->4674 4675 48c50b8-48c50e1 4669->4675 4671->4652 4678 48c53b4-48c53c8 4674->4678 4679 48c5147-48c5363 4674->4679 4675->4674 4682 48c549e-48c54b2 4678->4682 4683 48c53ce-48c5457 4678->4683 5038 48c5365 4679->5038 5039 48c5367 4679->5039 4680->4654 4687 48c566f-48c5683 4682->4687 4688 48c54b8-48c55e7 4682->4688 4683->4682 4689 48c5689-48c5794 4687->4689 4690 48c57e6-48c57fa 4687->4690 5017 48c55f2-48c5628 4688->5017 4963 48c579f 4689->4963 4697 48c595d-48c5971 4690->4697 4698 48c5800-48c590b 4690->4698 4702 48c5ad4-48c5ae8 4697->4702 4703 48c5977-48c5a82 4697->4703 4982 48c5916 4698->4982 4708 48c5aee-48c5bf9 4702->4708 4709 48c5c4b-48c5c5f 4702->4709 4988 48c5a8d 4703->4988 5005 48c5c04 4708->5005 4713 48c5c65-48c5d70 4709->4713 4714 48c5dc2-48c5dd6 4709->4714 5012 48c5d7b 4713->5012 4719 48c5ddc-48c5ee7 4714->4719 4720 48c5f39-48c5f4d 4714->4720 5025 48c5ef2 4719->5025 4729 48c60b0-48c60c4 4720->4729 4730 48c5f53-48c6069 4720->4730 4735 48c60ca-48c61d5 4729->4735 4736 48c6227-48c623b 4729->4736 4730->4729 5043 48c61e0 4735->5043 4742 48c639e-48c63b2 4736->4742 4743 48c6241-48c634c 4736->4743 4750 48c63b8-48c63fd call 48c4278 4742->4750 4751 48c6536-48c654a 4742->4751 5049 48c6357 4743->5049 4876 48c64bd-48c64df 4750->4876 4762 48c668d-48c66a1 4751->4762 4763 48c6550-48c656f 4751->4763 4774 48c67ee-48c6802 4762->4774 4775 48c66a7-48c67a7 4762->4775 4795 48c6614-48c6636 4763->4795 4780 48c694f-48c6963 4774->4780 4781 48c6808-48c6908 4774->4781 4775->4774 4789 48c6969-48c6a69 4780->4789 4790 48c6ab0-48c6ada 4780->4790 4781->4780 4789->4790 4820 48c6b9a-48c6bae 4790->4820 4821 48c6ae0-48c6b53 4790->4821 4805 48c663c 4795->4805 4806 48c6574-48c6583 4795->4806 4805->4762 4817 48c663e 4806->4817 4818 48c6589-48c658d 4806->4818 4836 48c6643-48c668b 4817->4836 4842 48c6598-48c65bc 4818->4842 4825 48c6c8b-48c6c9f 4820->4825 4826 48c6bb4-48c6c0b 4820->4826 4821->4820 4843 48c6de5-48c6df9 4825->4843 4844 48c6ca5-48c6d97 4825->4844 4955 48c6c12-48c6c44 4826->4955 4836->4762 4839->4644 4908 48c65be-48c65f8 4842->4908 4909 48c6603-48c660c 4842->4909 4853 48c705c-48c7070 4843->4853 4854 48c6dff-48c6e4f 4843->4854 5080 48c6d9e 4844->5080 4866 48c7158-48c715f 4853->4866 4867 48c7076-48c7111 call 48c4278 * 2 4853->4867 4964 48c6ebd-48c6ee8 4854->4964 4965 48c6e51-48c6e77 4854->4965 4867->4866 4891 48c64e5 4876->4891 4892 48c6402-48c6411 4876->4892 4891->4751 4904 48c64e7 4892->4904 4905 48c6417-48c64b5 4892->4905 4925 48c64ec-48c6534 4904->4925 4905->4925 5044 48c64b7 4905->5044 4908->4909 4909->4836 4916 48c660e 4909->4916 4916->4795 4925->4751 4955->4825 4963->4690 5046 48c6eee-48c6fc1 4964->5046 5047 48c6fc6-48c7057 4964->5047 5041 48c6eb8 4965->5041 5042 48c6e79-48c6e99 4965->5042 4982->4697 4988->4702 5005->4709 5012->4714 5017->4687 5025->4720 5050 48c536d 5038->5050 5039->5050 5107 48c5367 call 48c73fe 5039->5107 5108 48c5367 call 48c7350 5039->5108 5041->4853 5042->5041 5043->4736 5044->4876 5046->4853 5047->4853 5049->4742 5050->4678 5080->4843 5099->4651 5107->5050 5108->5050
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 6b60a2d8e60870181b46b589c3601b99f756ada6f91e6b3c049ccdbc6accdbf0
                                  • Instruction ID: 047515718f0d4fbbdda5cf9aee63585b515e7c15cd8368f56bbe790b53abeb2e
                                  • Opcode Fuzzy Hash: 6b60a2d8e60870181b46b589c3601b99f756ada6f91e6b3c049ccdbc6accdbf0
                                  • Instruction Fuzzy Hash: 6AF26E74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 5109 48c4b5b-48c4ba8 5116 48c4bae-48c4bc2 5109->5116 5117 48c4cd4-48c4ce8 5109->5117 5118 48c4bc4-48c4bcb 5116->5118 5119 48c4bd0-48c4be4 5116->5119 5120 48c4cee-48c4f22 5117->5120 5121 48c4f74-48c4f88 5117->5121 5122 48c4c48-48c4c5c 5118->5122 5125 48c4bef-48c4c03 5119->5125 5126 48c4be6-48c4bed 5119->5126 5556 48c4f2d 5120->5556 5123 48c4f8a-48c4f91 5121->5123 5124 48c4fe2-48c4ff6 5121->5124 5129 48c4c5e-48c4c74 5122->5129 5130 48c4c76-48c4c82 5122->5130 5148 48c4f9b 5123->5148 5127 48c4ff8-48c4ffe 5124->5127 5128 48c5045-48c5059 5124->5128 5132 48c4c0e-48c4c22 5125->5132 5133 48c4c05-48c4c0c 5125->5133 5126->5122 5127->5128 5137 48c505b 5128->5137 5138 48c50a2-48c50b6 5128->5138 5136 48c4c8d 5129->5136 5130->5136 5134 48c4c2d-48c4c41 5132->5134 5135 48c4c24-48c4c2b 5132->5135 5133->5122 5134->5122 5140 48c4c43-48c4c45 5134->5140 5135->5122 5136->5117 5137->5138 5143 48c512d-48c5141 5138->5143 5144 48c50b8-48c50e1 5138->5144 5140->5122 5146 48c53b4-48c53c8 5143->5146 5147 48c5147-48c5363 5143->5147 5144->5143 5150 48c549e-48c54b2 5146->5150 5151 48c53ce-48c5457 5146->5151 5495 48c5365 5147->5495 5496 48c5367 5147->5496 5148->5124 5154 48c566f-48c5683 5150->5154 5155 48c54b8-48c55e7 5150->5155 5151->5150 5156 48c5689-48c5794 5154->5156 5157 48c57e6-48c57fa 5154->5157 5474 48c55f2-48c5628 5155->5474 5420 48c579f 5156->5420 5163 48c595d-48c5971 5157->5163 5164 48c5800-48c590b 5157->5164 5167 48c5ad4-48c5ae8 5163->5167 5168 48c5977-48c5a82 5163->5168 5439 48c5916 5164->5439 5173 48c5aee-48c5bf9 5167->5173 5174 48c5c4b-48c5c5f 5167->5174 5445 48c5a8d 5168->5445 5462 48c5c04 5173->5462 5177 48c5c65-48c5d70 5174->5177 5178 48c5dc2-48c5dd6 5174->5178 5469 48c5d7b 5177->5469 5183 48c5ddc-48c5ee7 5178->5183 5184 48c5f39-48c5f4d 5178->5184 5482 48c5ef2 5183->5482 5192 48c60b0-48c60c4 5184->5192 5193 48c5f53-48c6069 5184->5193 5200 48c60ca-48c61d5 5192->5200 5201 48c6227-48c623b 5192->5201 5193->5192 5500 48c61e0 5200->5500 5204 48c639e-48c63b2 5201->5204 5205 48c6241-48c634c 5201->5205 5212 48c63b8-48c63fd call 48c4278 5204->5212 5213 48c6536-48c654a 5204->5213 5506 48c6357 5205->5506 5333 48c64bd-48c64df 5212->5333 5223 48c668d-48c66a1 5213->5223 5224 48c6550-48c656f 5213->5224 5235 48c67ee-48c6802 5223->5235 5236 48c66a7-48c67a7 5223->5236 5255 48c6614-48c6636 5224->5255 5240 48c694f-48c6963 5235->5240 5241 48c6808-48c6908 5235->5241 5236->5235 5249 48c6969-48c6a69 5240->5249 5250 48c6ab0-48c6ada 5240->5250 5241->5240 5249->5250 5278 48c6b9a-48c6bae 5250->5278 5279 48c6ae0-48c6b53 5250->5279 5264 48c663c 5255->5264 5265 48c6574-48c6583 5255->5265 5264->5223 5275 48c663e 5265->5275 5276 48c6589-48c658d 5265->5276 5294 48c6643-48c668b 5275->5294 5299 48c6598-48c65bc 5276->5299 5283 48c6c8b-48c6c9f 5278->5283 5284 48c6bb4-48c6c0b 5278->5284 5279->5278 5300 48c6de5-48c6df9 5283->5300 5301 48c6ca5-48c6d97 5283->5301 5412 48c6c12-48c6c44 5284->5412 5294->5223 5365 48c65be-48c65f8 5299->5365 5366 48c6603-48c660c 5299->5366 5310 48c705c-48c7070 5300->5310 5311 48c6dff-48c6e4f 5300->5311 5537 48c6d9e 5301->5537 5323 48c7158-48c715f 5310->5323 5324 48c7076-48c7111 call 48c4278 * 2 5310->5324 5421 48c6ebd-48c6ee8 5311->5421 5422 48c6e51-48c6e77 5311->5422 5324->5323 5348 48c64e5 5333->5348 5349 48c6402-48c6411 5333->5349 5348->5213 5361 48c64e7 5349->5361 5362 48c6417-48c64b5 5349->5362 5382 48c64ec-48c6534 5361->5382 5362->5382 5501 48c64b7 5362->5501 5365->5366 5366->5294 5373 48c660e 5366->5373 5373->5255 5382->5213 5412->5283 5420->5157 5503 48c6eee-48c6fc1 5421->5503 5504 48c6fc6-48c7057 5421->5504 5498 48c6eb8 5422->5498 5499 48c6e79-48c6e99 5422->5499 5439->5163 5445->5167 5462->5174 5469->5178 5474->5154 5482->5184 5507 48c536d 5495->5507 5496->5507 5564 48c5367 call 48c73fe 5496->5564 5565 48c5367 call 48c7350 5496->5565 5498->5310 5499->5498 5500->5201 5501->5333 5503->5310 5504->5310 5506->5204 5507->5146 5537->5300 5556->5121 5564->5507 5565->5507
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 5d4cd7e715dc402522cbee30e6ba29d8b5f7bd32abe02bc71de4d58ce3559af5
                                  • Instruction ID: 1705c71544d04c1df339b412a5c4f2d9850aac84846352bf1ac10654badfc15a
                                  • Opcode Fuzzy Hash: 5d4cd7e715dc402522cbee30e6ba29d8b5f7bd32abe02bc71de4d58ce3559af5
                                  • Instruction Fuzzy Hash: 61E26E74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f33b8ea82452e3566eb6b91b4b91a4b60d4a3f1a44729feea02cbcf2af2b416d
                                  • Instruction ID: 24cae2e20959358945adebbc83421fa1e744da1fa0e0cf0dd9dbdfc59b4de3d6
                                  • Opcode Fuzzy Hash: f33b8ea82452e3566eb6b91b4b91a4b60d4a3f1a44729feea02cbcf2af2b416d
                                  • Instruction Fuzzy Hash: 69E25D74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 318c82ab92a37e90fea21a357ec218bf55236bc7b3dc5bbf423d21d806a6766f
                                  • Instruction ID: 30116499a527d28c5dcc739b62489c3e22a118a2ce6873bc100057f6329ec0ac
                                  • Opcode Fuzzy Hash: 318c82ab92a37e90fea21a357ec218bf55236bc7b3dc5bbf423d21d806a6766f
                                  • Instruction Fuzzy Hash: A8D25B74A05228CFDB25EF34D854BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b7e289b7c2b418302e16438b94677bebf42680806ad0e2d79feb589fe808cb0a
                                  • Instruction ID: 4b3c1400a1c0e4c888f00de14a47f0222036c325eb61e221c46bf5bef4535bd5
                                  • Opcode Fuzzy Hash: b7e289b7c2b418302e16438b94677bebf42680806ad0e2d79feb589fe808cb0a
                                  • Instruction Fuzzy Hash: AAD25B74A05228CFDB25EF34D854BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 05c7a453b514a23ee9016395c0edc3a72ef563875aa08b98654940eaabe3929e
                                  • Instruction ID: 195bb70953b2cd6118ad9430814275399150811443b1a7af71e33c39b3d1a9d3
                                  • Opcode Fuzzy Hash: 05c7a453b514a23ee9016395c0edc3a72ef563875aa08b98654940eaabe3929e
                                  • Instruction Fuzzy Hash: A6D25B74A01228CFDB25EF34D854BA9B7B2FB49304F5041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ed86fe46998000ec16d088870530a2a8c07b0b69dc15293dade815d6aa9a159
                                  • Instruction ID: 143e94ea3468486a7d9de9e0f69eba551b444eb05a8f2a60d2f3a975a0481b01
                                  • Opcode Fuzzy Hash: 3ed86fe46998000ec16d088870530a2a8c07b0b69dc15293dade815d6aa9a159
                                  • Instruction Fuzzy Hash: 75D25B74A01228CFDB25EF34D854BA9B7B2FB49304F5041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7c8ebd811cfb7dd8b7a5bc791dbeb0f0c8471493280bae17ab0ac594018fa1d5
                                  • Instruction ID: d2747d8930e93ae579e3d3a5b52f7f4e99e4075dbec7595b0c57b5e32d59da74
                                  • Opcode Fuzzy Hash: 7c8ebd811cfb7dd8b7a5bc791dbeb0f0c8471493280bae17ab0ac594018fa1d5
                                  • Instruction Fuzzy Hash: 9FD25B74A01228CFDB25EF34D854BA9B7B2FB49304F5041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 859ae39be3205f3902c5a4f0855bd1501c497f6ebb8cbe8255e5de8d78d63d7d
                                  • Instruction ID: d14a419ef715b2f3cd861c471af444cb1588b62087b8b9df96f57b053277aaf0
                                  • Opcode Fuzzy Hash: 859ae39be3205f3902c5a4f0855bd1501c497f6ebb8cbe8255e5de8d78d63d7d
                                  • Instruction Fuzzy Hash: F3C23B74A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 84638ec9ca7682f6e134e685e7e69c68731ed1ba34df1c5f82d4ae1ecaafa725
                                  • Instruction ID: 7938d0318b0fa8072b5ae78e3a66301ab1d6cb76cb8b71803695f7abf3f22c4c
                                  • Opcode Fuzzy Hash: 84638ec9ca7682f6e134e685e7e69c68731ed1ba34df1c5f82d4ae1ecaafa725
                                  • Instruction Fuzzy Hash: EDC23B74A01228CFDB25EF34D854BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 61d9892688d6cae0055eb414d4b6e9b65bdb97d556237b9fdf636dc090c7b67e
                                  • Instruction ID: b06559569a865d4e205824e1a247ef3b2c3b3f1d7b70027f55b5af4ab077e383
                                  • Opcode Fuzzy Hash: 61d9892688d6cae0055eb414d4b6e9b65bdb97d556237b9fdf636dc090c7b67e
                                  • Instruction Fuzzy Hash: 890225766002639BCB29AF319450538B3A7BF443553458A3EE4A5DB294EF3AF981DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a48174f2a20baa1ec49dd3aad290271016a8e11ec6c91e6435cd339acca87bb
                                  • Instruction ID: 66beba67af3128abf5a98626d1cfc70f270650ed820b3c51a2cd5f5de423e595
                                  • Opcode Fuzzy Hash: 6a48174f2a20baa1ec49dd3aad290271016a8e11ec6c91e6435cd339acca87bb
                                  • Instruction Fuzzy Hash: 11C159312052634BC736AB33A85053977E7BB44256345867BE4A0CF2D4EF3CE985EB90

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 5566 4972a1e-4972ad6 5570 4972adb-4972ae7 5566->5570 5571 4972ad8 5566->5571 5572 4972aec-4972af5 5570->5572 5573 4972ae9 5570->5573 5571->5570 5574 4972af7 5572->5574 5575 4972afa-4972b11 5572->5575 5573->5572 5574->5575 5577 4972b53-4972b58 5575->5577 5578 4972b13-4972b26 RegCreateKeyExW 5575->5578 5577->5578 5579 4972b5a-4972b5f 5578->5579 5580 4972b28-4972b50 5578->5580 5579->5580
                                  APIs
                                  • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 04972B19
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: d0d9412205046d27113138a92500e5c58a090302f069645f53d736e23ff6adbe
                                  • Instruction ID: 608eddee9659f608a845805a46a8b7b0845bc4e0c9054af9956b87c33170906d
                                  • Opcode Fuzzy Hash: d0d9412205046d27113138a92500e5c58a090302f069645f53d736e23ff6adbe
                                  • Instruction Fuzzy Hash: 18417F715093846FE7238B218C40FA6BFBCEF17614F0985DAE985CB5A3D264E909CB71

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 5603 497117b-497119b 5604 49711bd-49711ef 5603->5604 5605 497119d-49711bc 5603->5605 5609 49711f2-497124a RegQueryValueExW 5604->5609 5605->5604 5611 4971250-4971266 5609->5611
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 04971242
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: QueryValue
                                  • String ID:
                                  • API String ID: 3660427363-0
                                  • Opcode ID: 484fcf45855faeface6448a459fb8388a7f7ebdd97c96eef73006ea81fa3eb3a
                                  • Instruction ID: ba250000999dd34ce112f6d3004d559b6be985ab375ccff8c07520129fe11d63
                                  • Opcode Fuzzy Hash: 484fcf45855faeface6448a459fb8388a7f7ebdd97c96eef73006ea81fa3eb3a
                                  • Instruction Fuzzy Hash: 7A317C6550E3C06FD3138B258C61A61BFB4EF47614F0E45CBE8C48F6A3D229A919D7B2

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 5628 4971ca0-4971d35 5633 4971d37-4971d3f GetProcessTimes 5628->5633 5634 4971d82-4971d87 5628->5634 5635 4971d45-4971d57 5633->5635 5634->5633 5637 4971d89-4971d8e 5635->5637 5638 4971d59-4971d7f 5635->5638 5637->5638
                                  APIs
                                  • GetProcessTimes.KERNELBASE(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04971D3D
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ProcessTimes
                                  • String ID:
                                  • API String ID: 1995159646-0
                                  • Opcode ID: b2bcb51479aa9f8918d8df435dc75844fe9de600205a6a59bb54348ff8dcf606
                                  • Instruction ID: 08264f5daf18e72d13985516e77b7df2d5bb0eafb3437cccc309364e34a0ebb8
                                  • Opcode Fuzzy Hash: b2bcb51479aa9f8918d8df435dc75844fe9de600205a6a59bb54348ff8dcf606
                                  • Instruction Fuzzy Hash: 9131D7725057806FE712CF60DC45B96BFB8EF16314F08849BE985CB193D325A909CB75
                                  APIs
                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 0497172B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: DescriptorSecurity$ConvertString
                                  • String ID:
                                  • API String ID: 3907675253-0
                                  • Opcode ID: e5c6413eae7f79b0565cd26749d9ae848a5de36e7c7b661b135e65872885ad77
                                  • Instruction ID: 7f8027c312896554ae6d7631ef461ad2939f7caf7742ebb349f36ec80c95d1e4
                                  • Opcode Fuzzy Hash: e5c6413eae7f79b0565cd26749d9ae848a5de36e7c7b661b135e65872885ad77
                                  • Instruction Fuzzy Hash: 97318F71505384AFEB22CF64DC45FA6BBFCEF45210F0884AAE984DB652D324E909CB71
                                  APIs
                                  • RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 04972B19
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: d561711ec2a0382f80fb06a1966def1a29f4e37913ab756fdc6618807e854408
                                  • Instruction ID: 6392cbadb6ffccabf6dfc456472c81a4968dcc1b0b83167ea525e2743ca8254f
                                  • Opcode Fuzzy Hash: d561711ec2a0382f80fb06a1966def1a29f4e37913ab756fdc6618807e854408
                                  • Instruction Fuzzy Hash: 8C217C72600204AFEB318F15CC44FA7BBECEF18614F04896AE945CB651E724F5098B71
                                  APIs
                                  • GetExitCodeProcess.KERNELBASE(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04970AF8
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: CodeExitProcess
                                  • String ID:
                                  • API String ID: 3861947596-0
                                  • Opcode ID: 87f44b9f5616491a23bfa7517996c2f73d148fbef9488e3b2b2db1d0cf129b7d
                                  • Instruction ID: 667eea3db2b02186f4721546623bc7361a401e3066d68cc198294233ba283de9
                                  • Opcode Fuzzy Hash: 87f44b9f5616491a23bfa7517996c2f73d148fbef9488e3b2b2db1d0cf129b7d
                                  • Instruction Fuzzy Hash: 3C21B4B15093805FE7128F20DC85B96BFB8EF06324F0884DAE984CF193D364A909C765
                                  APIs
                                  • GetProcessWorkingSetSize.KERNEL32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04972E57
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ProcessSizeWorking
                                  • String ID:
                                  • API String ID: 3584180929-0
                                  • Opcode ID: 289f33b166d171cefb167b4d716bb28d7fb850591837ab3eafcdc2086126b802
                                  • Instruction ID: ad5c93fcc865564b35a379242328d474fb4839b1e5156b6f754c2b32dd1eeab1
                                  • Opcode Fuzzy Hash: 289f33b166d171cefb167b4d716bb28d7fb850591837ab3eafcdc2086126b802
                                  • Instruction Fuzzy Hash: 5F21D5715093845FE713CB20DC55B96BFB8AF46214F08C4DBE9888F193D225A909CB66
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: select
                                  • String ID:
                                  • API String ID: 1274211008-0
                                  • Opcode ID: b1d985077407dd3549c1d37ba613bc6a68f4222e9234bfbf1590ac1f6bd4b6ed
                                  • Instruction ID: 8c6350d12e9e7dbe7019cd155a2010974faa6b2a38d82745b55b0b1c142a0e66
                                  • Opcode Fuzzy Hash: b1d985077407dd3549c1d37ba613bc6a68f4222e9234bfbf1590ac1f6bd4b6ed
                                  • Instruction Fuzzy Hash: 90215C755093849FDB22CF25D844B92BFF8EF06214B0884EAE984CB262D265A909DB61
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: FileView
                                  • String ID:
                                  • API String ID: 3314676101-0
                                  • Opcode ID: e7cd4e5ea0ac0d6e3f1aa29b3d475de00163d7788eee980f61259743b632a3c1
                                  • Instruction ID: c845d90c186784e5f218f034c0889d2dfd289b5e5caa4822602ff40058979b94
                                  • Opcode Fuzzy Hash: e7cd4e5ea0ac0d6e3f1aa29b3d475de00163d7788eee980f61259743b632a3c1
                                  • Instruction Fuzzy Hash: C421EF71509380AFE722CF15CC44F96FFF8EF09220F04889EE9888B252C365E909CB61
                                  APIs
                                  • WSASocketW.WS2_32(?,?,?,?,?), ref: 049712FA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: Socket
                                  • String ID:
                                  • API String ID: 38366605-0
                                  • Opcode ID: 1e1e0c670319e82f0d14adb509072d1c2ab94be73aada1b12dcc6b1f65095796
                                  • Instruction ID: 2d7e39b34c692da1c4d663db6c242ba4cb0b1c6fa2f208d8d2c61e7f53d8caa8
                                  • Opcode Fuzzy Hash: 1e1e0c670319e82f0d14adb509072d1c2ab94be73aada1b12dcc6b1f65095796
                                  • Instruction Fuzzy Hash: FD21A071509380AFE722CF51CC45F96FFB8EF05210F08889EE9858B652C375E408CB65
                                  APIs
                                  • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 0497172B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: DescriptorSecurity$ConvertString
                                  • String ID:
                                  • API String ID: 3907675253-0
                                  • Opcode ID: c68e729753b6d4343220f991313d6e6121da10e8d834805bb028983e43f0e04e
                                  • Instruction ID: 2776658132ffe264dea47f4b716ea071bf061ca282f13f7834ecd90c96faaa57
                                  • Opcode Fuzzy Hash: c68e729753b6d4343220f991313d6e6121da10e8d834805bb028983e43f0e04e
                                  • Instruction Fuzzy Hash: 6721B071600204AFEB209F24DC45BAABBECEF44214F04886AE945CB751D324E9088B75
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04971640
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: QueryValue
                                  • String ID:
                                  • API String ID: 3660427363-0
                                  • Opcode ID: f2c50382ae22a85a9273570d94a7683cc264fa7e1df9795a7d79cd77c65f4fbe
                                  • Instruction ID: 55c4af56c8d5b18d519c11afdc0e7b7e025507ab37fbe8466c0e4d8618eadf34
                                  • Opcode Fuzzy Hash: f2c50382ae22a85a9273570d94a7683cc264fa7e1df9795a7d79cd77c65f4fbe
                                  • Instruction Fuzzy Hash: E321AE72504380AFE722CF11CC85F67BFFCAF45310F08859AE9859B292D325E908CB65
                                  APIs
                                  • SetProcessWorkingSetSize.KERNEL32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04972F3B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ProcessSizeWorking
                                  • String ID:
                                  • API String ID: 3584180929-0
                                  • Opcode ID: d596c649397be7d47dbedc42122581247acda091014dbcf28a0f18be2ccd8816
                                  • Instruction ID: c6f99f2ba41afa217bfabd3d682009f3f90f957974000bfa6f28cec5baaedcb8
                                  • Opcode Fuzzy Hash: d596c649397be7d47dbedc42122581247acda091014dbcf28a0f18be2ccd8816
                                  • Instruction Fuzzy Hash: 532192715093846FD722CF25DC44FA6FFB8EF45214F0884AEE945DB252D364E908CBA5
                                  APIs
                                  • shutdown.WS2_32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04971B64
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: shutdown
                                  • String ID:
                                  • API String ID: 2510479042-0
                                  • Opcode ID: e9fd569053cf156a21d866ab5aa51427dbab8053715d5020ad6ba5ac66f66bd8
                                  • Instruction ID: 41621cea163e74ed7fdaeffff65e545135c1a2a3c6bf62ddb87b138c710b9121
                                  • Opcode Fuzzy Hash: e9fd569053cf156a21d866ab5aa51427dbab8053715d5020ad6ba5ac66f66bd8
                                  • Instruction Fuzzy Hash: 8821A771509384AFD712CF50DC45F56FFB8EF46214F0884DBE9849F252D368A548C765
                                  APIs
                                  • ioctlsocket.WS2_32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04972CA7
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ioctlsocket
                                  • String ID:
                                  • API String ID: 3577187118-0
                                  • Opcode ID: 3cfb67495dbfbf05e89f203c3b5bdcde5bd4a18bf73074d23c7f2fb2ae8d8356
                                  • Instruction ID: f2a7fae31bf0116c2c28e9ff0deed47c207995bf14fa4bfec81002afb0031569
                                  • Opcode Fuzzy Hash: 3cfb67495dbfbf05e89f203c3b5bdcde5bd4a18bf73074d23c7f2fb2ae8d8356
                                  • Instruction Fuzzy Hash: 3621C3715093846FD722CF10DC44FA6FFB8EF55614F08849AE9459F252C374A508C7A5
                                  APIs
                                  • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04971EFA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: Connect
                                  • String ID:
                                  • API String ID: 3144859779-0
                                  • Opcode ID: 406c777382a469871722fec3603066c964da2f2088bfd5e8cfc30a21a477b1eb
                                  • Instruction ID: d4cea8a25dc7c8852ac5e65627897c03320b62f27257f56f5e1eed8149c3745d
                                  • Opcode Fuzzy Hash: 406c777382a469871722fec3603066c964da2f2088bfd5e8cfc30a21a477b1eb
                                  • Instruction Fuzzy Hash: 652195755097809FDB22CF65DC44A52FFF4EF06310F0984EAE9858F262D375A809DB61
                                  APIs
                                  • WSASocketW.WS2_32(?,?,?,?,?), ref: 049712FA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: Socket
                                  • String ID:
                                  • API String ID: 38366605-0
                                  • Opcode ID: 06b414fbb0de24c15faf1e7e7bfd93a0cc39b3d3051bdbbef582110c6b8fbb1f
                                  • Instruction ID: 827f6b2171e49723042832144d4348273718a28153dcda0fc9ed082e03ba2097
                                  • Opcode Fuzzy Hash: 06b414fbb0de24c15faf1e7e7bfd93a0cc39b3d3051bdbbef582110c6b8fbb1f
                                  • Instruction Fuzzy Hash: 4821CD71604200AFEB21CF55CD45BA6FBE8EF08324F04886EED858A751D375F408CBA6
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: FileView
                                  • String ID:
                                  • API String ID: 3314676101-0
                                  • Opcode ID: 99b1192a3cf6fedd1407724cda367bf51a7954d3be51b5d0a465953a0fa58396
                                  • Instruction ID: ff1fbbe991bac3af4aa5e73a257db0ad260ecbdda81763b29fa94fffe928e6f3
                                  • Opcode Fuzzy Hash: 99b1192a3cf6fedd1407724cda367bf51a7954d3be51b5d0a465953a0fa58396
                                  • Instruction Fuzzy Hash: 7521DE71604200AFEB21CF15DC85FA6FBE8EF18224F04886DE9898B751D375F909CBA5
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,00000E24), ref: 049721C3
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: c839fccdf301abb31efe04fffb7c3f90c4d824dc5326394b91e8f18a1048106d
                                  • Instruction ID: 4aca9681ea98f7af7d5cfc625565e848d53130d64fc97cb3845f3eb5176f8396
                                  • Opcode Fuzzy Hash: c839fccdf301abb31efe04fffb7c3f90c4d824dc5326394b91e8f18a1048106d
                                  • Instruction Fuzzy Hash: 8411D6715053406FE721CB15DC85FA6FFB8EF45720F08809AFD849B292D264F948CB65
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04971640
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: QueryValue
                                  • String ID:
                                  • API String ID: 3660427363-0
                                  • Opcode ID: 379696827b4b75798c333e3e89c2b8a8727373a7f2982d3310dff3bb4018a435
                                  • Instruction ID: 603413e77612a0f1d5d271a37ec5d9c248f8cc4305e99b7a9d756dc556c14c40
                                  • Opcode Fuzzy Hash: 379696827b4b75798c333e3e89c2b8a8727373a7f2982d3310dff3bb4018a435
                                  • Instruction Fuzzy Hash: 7511A972600200AFEB21CE15CC85FA6FBECEF04620F08856AE9458A751D364F908CBB5
                                  APIs
                                  • GetProcessTimes.KERNELBASE(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04971D3D
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ProcessTimes
                                  • String ID:
                                  • API String ID: 1995159646-0
                                  • Opcode ID: 37a51c3e69b5f1373f1a059d33519d613d24c61c37d4d91a198fe4e619aac8d8
                                  • Instruction ID: c9241ea67d3f16f1f611ebf448d2098379141319703f28a21edb5e50a673974b
                                  • Opcode Fuzzy Hash: 37a51c3e69b5f1373f1a059d33519d613d24c61c37d4d91a198fe4e619aac8d8
                                  • Instruction Fuzzy Hash: 06119072600200AFEB21CF55DC45BAAFBECEF14324F04C86AE9458A651D775E908CBA5
                                  APIs
                                  • GetProcessWorkingSetSize.KERNEL32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04972E57
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ProcessSizeWorking
                                  • String ID:
                                  • API String ID: 3584180929-0
                                  • Opcode ID: c1c7d531e4069ea106ff06ca97a862c78e8d6112a07861b1951aa763209081dc
                                  • Instruction ID: 1b5ede4d7e09dc7c527f09311632a4a989ea0fc1f4872ae0fc9f32e440086f78
                                  • Opcode Fuzzy Hash: c1c7d531e4069ea106ff06ca97a862c78e8d6112a07861b1951aa763209081dc
                                  • Instruction Fuzzy Hash: BC11B2716042009FEB21CF15DC45BAAFBECDF44224F0488AAED458B641D774E9088BA5
                                  APIs
                                  • SetProcessWorkingSetSize.KERNEL32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04972F3B
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ProcessSizeWorking
                                  • String ID:
                                  • API String ID: 3584180929-0
                                  • Opcode ID: c1c7d531e4069ea106ff06ca97a862c78e8d6112a07861b1951aa763209081dc
                                  • Instruction ID: f726bc9ac5e3196b4e900ee90fb945f8626db4166ad660839936bbcdb0ce0e00
                                  • Opcode Fuzzy Hash: c1c7d531e4069ea106ff06ca97a862c78e8d6112a07861b1951aa763209081dc
                                  • Instruction Fuzzy Hash: 9911B2716002009FE721CF15DC44BAAFBECEF04224F0488AAED45CB641D774E9088BA5
                                  APIs
                                  • GetExitCodeProcess.KERNELBASE(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04970AF8
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: CodeExitProcess
                                  • String ID:
                                  • API String ID: 3861947596-0
                                  • Opcode ID: 65a1337eb58834adf405ed9f5af54306bc15d608f1b79cf703eb9d1358d37846
                                  • Instruction ID: 66a76374ccb4a223553363e26174e92df80024f766f12b2adf8f224cfb64492c
                                  • Opcode Fuzzy Hash: 65a1337eb58834adf405ed9f5af54306bc15d608f1b79cf703eb9d1358d37846
                                  • Instruction Fuzzy Hash: D711A371604204AFEB21CF15DC85BAAFBECDF04224F04887AED45CB641E774E9088BB5
                                  APIs
                                  • ioctlsocket.WS2_32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04972CA7
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: ioctlsocket
                                  • String ID:
                                  • API String ID: 3577187118-0
                                  • Opcode ID: d406c97bce6982809bc534a02bcb8c55a9b037326ba8d6f38f4afc8f116bea38
                                  • Instruction ID: 776bf46bc45b7e0adf2f42bf185bdf1c3be4dad244ed3ef619cebd8c077640a5
                                  • Opcode Fuzzy Hash: d406c97bce6982809bc534a02bcb8c55a9b037326ba8d6f38f4afc8f116bea38
                                  • Instruction Fuzzy Hash: F7119175604204AFE721CF55DC44FA6FBECEF14724F0888AAED458B641D375E5088BB5
                                  APIs
                                  • shutdown.WS2_32(?,00000E24,70451A63,00000000,00000000,00000000,00000000), ref: 04971B64
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: shutdown
                                  • String ID:
                                  • API String ID: 2510479042-0
                                  • Opcode ID: f69b9292b2790620fd05aeb182c4b59259c2e72e481909ee64a41b8ecb463c83
                                  • Instruction ID: 1e96d7633252ece254fca3c0686c563c251710395a01005dd4d9e94deacb07a1
                                  • Opcode Fuzzy Hash: f69b9292b2790620fd05aeb182c4b59259c2e72e481909ee64a41b8ecb463c83
                                  • Instruction Fuzzy Hash: C7110271604200AFEB21CF14DC85BAAFBECDF04324F08886AED049B345E378E5088BB5
                                  APIs
                                  • LoadLibraryA.KERNELBASE(?,00000E24), ref: 049721C3
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: LibraryLoad
                                  • String ID:
                                  • API String ID: 1029625771-0
                                  • Opcode ID: 9fe887d6c27dd6d25f9e3468d822cfac85c3b6c8c89028b7bc72e58f73f289b6
                                  • Instruction ID: 22b43fcd7931fa722a908699aa510db12176a858f7fd297b6cf94aafe12346ba
                                  • Opcode Fuzzy Hash: 9fe887d6c27dd6d25f9e3468d822cfac85c3b6c8c89028b7bc72e58f73f289b6
                                  • Instruction Fuzzy Hash: 5411E571600200AFE7208B15DD85FA6F7ACEF14724F0484A9FE444A781D3B8F948CBA5
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: select
                                  • String ID:
                                  • API String ID: 1274211008-0
                                  • Opcode ID: 657e63ec49fd0ee2b9d7c27b45993f9856859da811ea45d1ccdcb2063c34b1d5
                                  • Instruction ID: bb73dc3af2625eb974354b0a40593895ccc7a3813f21cfe0c3eeba0247ee5dc0
                                  • Opcode Fuzzy Hash: 657e63ec49fd0ee2b9d7c27b45993f9856859da811ea45d1ccdcb2063c34b1d5
                                  • Instruction Fuzzy Hash: A4112B756042449FDB20CF59D884B96FBE8EF04710F08C4BAED498B691E375E948CB61
                                  APIs
                                  • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 04971EFA
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: Connect
                                  • String ID:
                                  • API String ID: 3144859779-0
                                  • Opcode ID: dbab1e2d47c862c0534cb8ac14bd39858acc6b81ad4e3ca2ef09231196bfa0e4
                                  • Instruction ID: 3e8a3c7edbbbc687c98e4b3d4fa962750a79840f2163f8a7fd0f24ba8d94c4e7
                                  • Opcode Fuzzy Hash: dbab1e2d47c862c0534cb8ac14bd39858acc6b81ad4e3ca2ef09231196bfa0e4
                                  • Instruction Fuzzy Hash: C0117C316042049FDB20CF55D885B56FBE8EF08320F0889AAED898B762D375E818DB61
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 04971242
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539445780.0000000004970000.00000040.00000800.00020000.00000000.sdmp, Offset: 04970000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4970000_server.jbxd
                                  Similarity
                                  • API ID: QueryValue
                                  • String ID:
                                  • API String ID: 3660427363-0
                                  • Opcode ID: 0ce08f2953d85334865954b3a88939900fafdfd8441f71560eda9227021e8efc
                                  • Instruction ID: 27888aaa3dd21082b314717d9463097be618db491402b4ef2a1f4ceab0930258
                                  • Opcode Fuzzy Hash: 0ce08f2953d85334865954b3a88939900fafdfd8441f71560eda9227021e8efc
                                  • Instruction Fuzzy Hash: 5701A271A00200ABD310DF16CC86B66FBE8FB88A20F14811AEC489BB41D771F956CBE5
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 463fc7ac38c287023d97e08a3e48309eb42e89ef06256f45b59e11de02c6da74
                                  • Instruction ID: a54726c2fc35a3007402b92de916f7ff8dcdb1eaeb698d87d6fc8207f498f61b
                                  • Opcode Fuzzy Hash: 463fc7ac38c287023d97e08a3e48309eb42e89ef06256f45b59e11de02c6da74
                                  • Instruction Fuzzy Hash: CFC29D74B04164CFDF21AB7EE9007A977B6AB4D305F0085AB9809DB788DB349D58EF60
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd6cb2b6d0f7eadc3d6c89c27d4245e029f2b0b0f8aa439a15c377f83e2255d9
                                  • Instruction ID: 651784a1dc726132c910341c946b1c5758a8c84dca8690ea1026a8528627f7b4
                                  • Opcode Fuzzy Hash: cd6cb2b6d0f7eadc3d6c89c27d4245e029f2b0b0f8aa439a15c377f83e2255d9
                                  • Instruction Fuzzy Hash: 5092AC347041649FDF21AB7ED9107A937A6AB8C309F00886B944DDB798DF34ED58EB60
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ac10ee6a706e296b6355793a76d52331092cc81eb97d2ec0c6f0ef74f782b840
                                  • Instruction ID: e89eafc88b2be32cfbc6c5d1ba0d4c5924d2dcab47d824f2b05d690df594248b
                                  • Opcode Fuzzy Hash: ac10ee6a706e296b6355793a76d52331092cc81eb97d2ec0c6f0ef74f782b840
                                  • Instruction Fuzzy Hash: 7892AC347041649FDF21AB7ED9107A937A6AB8C309F00886B944DDB798DF34ED58EB60
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03ecfb8206216bb82024352c2d194032c8e05bf4eb18b70a20889f8d88ff5403
                                  • Instruction ID: 556c62d5978998911aa4336ee5ed0123d3f63f9b01ce7b48ab09e9572d2858b3
                                  • Opcode Fuzzy Hash: 03ecfb8206216bb82024352c2d194032c8e05bf4eb18b70a20889f8d88ff5403
                                  • Instruction Fuzzy Hash: F192AC347041649FDF21AB7ED9107A937A6AB8C309F00886B944DDB798DF34ED58EB60
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6391655af6c7a24ea56cff8724a90ed870a188e29e5964ee9e1eed2aa122c3fe
                                  • Instruction ID: 6ef31f14a80a9a0bb8d5784d8543f805a02b735e56231c9f3b85f8a0082aa946
                                  • Opcode Fuzzy Hash: 6391655af6c7a24ea56cff8724a90ed870a188e29e5964ee9e1eed2aa122c3fe
                                  • Instruction Fuzzy Hash: CBB24974A01228CFDB25EF34D854BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68a0e1f601cf92c8710b4e673da22912b0f1e1f8ee98e52b454be8ed018e7ebc
                                  • Instruction ID: feb6475db0b980b9dafa9ce19730818ea5ac04c14875bdd1e9655ea31cc4f7aa
                                  • Opcode Fuzzy Hash: 68a0e1f601cf92c8710b4e673da22912b0f1e1f8ee98e52b454be8ed018e7ebc
                                  • Instruction Fuzzy Hash: 92A24974A01228CFDB25EF34D954BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 57865f26d98e269dee67efb5858a2b5a04c3405bc2096f5f4367a6c2051c6ead
                                  • Instruction ID: 75734db95e424db6ba6844e0d18cc4d91d1e408b056efffcf7482b75abf111c9
                                  • Opcode Fuzzy Hash: 57865f26d98e269dee67efb5858a2b5a04c3405bc2096f5f4367a6c2051c6ead
                                  • Instruction Fuzzy Hash: C5924A74A01228CFDB25EF34D854BA9B7B2FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d253e05b3f852e961d931bd88691f0828d19ea1ab34d1226ce6c8fbcecba78c
                                  • Instruction ID: c15bfd7bea7a3b8ca72dfbeb1e85fb1a2412d1471bffff3b2461778e0accc485
                                  • Opcode Fuzzy Hash: 8d253e05b3f852e961d931bd88691f0828d19ea1ab34d1226ce6c8fbcecba78c
                                  • Instruction Fuzzy Hash: 4A924A74A01228CFDB25EF34D954BA8B7B6FB49304F1041E9D509AB3A8DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad52d463bc1c90cff2dce4c7bbf5a0627662aa7dd7c64ffa40d4679f55cc8497
                                  • Instruction ID: dc71bc6c250dd232f1a3b19dfa19cdad2661a9086d7832a050659ede3e2f48ec
                                  • Opcode Fuzzy Hash: ad52d463bc1c90cff2dce4c7bbf5a0627662aa7dd7c64ffa40d4679f55cc8497
                                  • Instruction Fuzzy Hash: 01824A74A01228CFDB25EF34D954BA8B7B6FB49304F1041E9D909AB398DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 43d6f556e00faa56631d7b6fcca96f05f7ae3f10855f5fb51d84c7ab91cfb86a
                                  • Instruction ID: e4cccb5b5169bdcf346d648716d4c6294edafe3aa779c2d039ef70a547ba9e3b
                                  • Opcode Fuzzy Hash: 43d6f556e00faa56631d7b6fcca96f05f7ae3f10855f5fb51d84c7ab91cfb86a
                                  • Instruction Fuzzy Hash: 3B623A74A00228CFDB25EF34D854BA8B7B6FB49304F5041E9D909AB398DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 010415143ac249f948216d09a805c3d19e82abcec11156eba495b76738fec8b2
                                  • Instruction ID: 68171652926f8639d1e94f0bc88db128025a569c15a4a067593e288ce013c831
                                  • Opcode Fuzzy Hash: 010415143ac249f948216d09a805c3d19e82abcec11156eba495b76738fec8b2
                                  • Instruction Fuzzy Hash: 76424C74A00228CFDB25EF34D954BA8B7B6FB49304F1041EAD909AB398DB359E85DF40
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9a1205721015c26838f5604ca7ee446d548f5cd067f2b2aacc68a80f0c977fc8
                                  • Instruction ID: b629a3ab190911dd79e512b8b4df024728c22c04e4186833052723846c99c976
                                  • Opcode Fuzzy Hash: 9a1205721015c26838f5604ca7ee446d548f5cd067f2b2aacc68a80f0c977fc8
                                  • Instruction Fuzzy Hash: C0322970A00218CFDB25EF74C955BEDB7B2AB49308F1045A9D509AB3A8DB359E85CF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0882290229b8733c1c2cab331c41ac3a0b8376ebb445723572461d72a34bca42
                                  • Instruction ID: f1c285b4a81ff1bd1f757861564f22a65ac516cce0de5ac39f0e6d65c3da490d
                                  • Opcode Fuzzy Hash: 0882290229b8733c1c2cab331c41ac3a0b8376ebb445723572461d72a34bca42
                                  • Instruction Fuzzy Hash: 67323C74A00228CFDB25EF34D954BA8B7B5FB49304F1085EAD909AB398DB359E85DF40
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ac5d583b8ebdd9d1b726fd93411f6f583aab5f8b40dbb88ae336c7d03387793
                                  • Instruction ID: c59ac82c448583c5d35d7ace167a423b76cd504087fce8707f41e671fc37d135
                                  • Opcode Fuzzy Hash: 3ac5d583b8ebdd9d1b726fd93411f6f583aab5f8b40dbb88ae336c7d03387793
                                  • Instruction Fuzzy Hash: CD224D74A00228CFDB25EF34D954BA8B7B5FB49304F1081EAD909AB398DB359E85DF40
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0da52812b6306b4d320f1d8d37bbb9ca049090e26b57b425de304d7f3dae3535
                                  • Instruction ID: 9180d4a88fe3061cc2d6ecb38a1cee49078172b704354246ed8c1ae171246b12
                                  • Opcode Fuzzy Hash: 0da52812b6306b4d320f1d8d37bbb9ca049090e26b57b425de304d7f3dae3535
                                  • Instruction Fuzzy Hash: A4023974A00228CFDB25EF34D854BA9B7B6FB49304F5041EAD909AB398DB359E85CF40
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eaf803a7552ea7e475b7dd5b5dc2055d0f910846c0867630b2f467ffa2384696
                                  • Instruction ID: 9e1905127052b4f362f9b84d644bf5682e020828c952bbdac83c3046e471100f
                                  • Opcode Fuzzy Hash: eaf803a7552ea7e475b7dd5b5dc2055d0f910846c0867630b2f467ffa2384696
                                  • Instruction Fuzzy Hash: 58D14F70E00208DFCB09EFB5E45166D77B6AF48348B60952DD4169B7A8DF39AC05DF90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97f5fb2fa6e82861ef8144015dd82fa898788e02af6dd7aac7e2bbaf8d18ad82
                                  • Instruction ID: df272d620011f4b02cab12771b3b8787074f136a32b42e1a13c8b1e62cbdaaa7
                                  • Opcode Fuzzy Hash: 97f5fb2fa6e82861ef8144015dd82fa898788e02af6dd7aac7e2bbaf8d18ad82
                                  • Instruction Fuzzy Hash: 0FA1F132B00202CBC714EB39C944BAD72E2AB85354F544A7CD512DB3D9EB39EC49DB91
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 18be16873c692ee00866caa84a8b884336eb114e18ecfae85ff15745254ba9aa
                                  • Instruction ID: 02af324114e93975dff8b75d31fa49cd80442c039e07d969c06cf8f506bdf462
                                  • Opcode Fuzzy Hash: 18be16873c692ee00866caa84a8b884336eb114e18ecfae85ff15745254ba9aa
                                  • Instruction Fuzzy Hash: 58D13874A00228CFDB25EF35C894BADB7B6BB49304F5045EAD509AB398DB359E85CF40
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 753497b40d5f42d6a7c4c2b9858f0b749d3515070b6905b8760685b5cfc88e8b
                                  • Instruction ID: a8e99230191ffe615385fd894f51c5c1ac9e4c8715029edea02305151605dcad
                                  • Opcode Fuzzy Hash: 753497b40d5f42d6a7c4c2b9858f0b749d3515070b6905b8760685b5cfc88e8b
                                  • Instruction Fuzzy Hash: B2B14E70A00204EFCB19EF75E451A6E77B6AF88348B60952DE4159B3ACDF39AC05DF90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f07afd95efbea947cf589b73b2b40539af871697b04b09f2600648c78bfdee46
                                  • Instruction ID: 029bc49b0d282a6a0bb5def14cb8832633e41edc0b4be8df0c2c14f5b88e11df
                                  • Opcode Fuzzy Hash: f07afd95efbea947cf589b73b2b40539af871697b04b09f2600648c78bfdee46
                                  • Instruction Fuzzy Hash: D0915D34A00204EFCB19AFB9E45166D73B6AF88348B60952DE4159B3ACDF39AC05DF90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb227ad9618c1bf7f118923834a240b8048afa7d880284e9498cd9c37f993d78
                                  • Instruction ID: c8cada445107cd31bbd69fcdb351eed70b6b42018acb52cfb269607b26d858e3
                                  • Opcode Fuzzy Hash: fb227ad9618c1bf7f118923834a240b8048afa7d880284e9498cd9c37f993d78
                                  • Instruction Fuzzy Hash: 05914E34B00204EFCB19AFB9E45166D73B6AF88308B60956DE4159B3ACDF39AC05DF90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5aafdd460be0f595a814bc6e0faeb8fddcc6cbb649a89c2a086716cb70297f02
                                  • Instruction ID: 0976d8f70be9aa5155d02a26f0411dec263ad860803a2a4217640ec6ff840d9c
                                  • Opcode Fuzzy Hash: 5aafdd460be0f595a814bc6e0faeb8fddcc6cbb649a89c2a086716cb70297f02
                                  • Instruction Fuzzy Hash: 8F813D34B00204EFCB1AAF79E45166D73B6AF88308B60956DE4159B7ACDF39AC05DF90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 793a5a2a6d4019d787981811227421fb2e020d9085e1bd63ac2385f5094cf488
                                  • Instruction ID: c78b63ca1280d6cb3e29b500a2b42a09a52f50e64aa1dc9d97a720766e7cce25
                                  • Opcode Fuzzy Hash: 793a5a2a6d4019d787981811227421fb2e020d9085e1bd63ac2385f5094cf488
                                  • Instruction Fuzzy Hash: 9D915F74A001288FDB65EB35C851BAD73B6AF88308F5046EE9509AB394DF399E85CF44
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e263c94b7871f593867b6f5b3ca87982fea04214dd960f9c219fbb9dfd55ea4f
                                  • Instruction ID: 6c71803b2151d479805425523dd318527b32481aec869765254ec1d0bf3398f5
                                  • Opcode Fuzzy Hash: e263c94b7871f593867b6f5b3ca87982fea04214dd960f9c219fbb9dfd55ea4f
                                  • Instruction Fuzzy Hash: 38A1F274A00218CFCB25EF74D991BACB7B2FB49308F1045A9D909AB359DB359E85DF80
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a8b8b36d9256e36e98494e9ede19ee92b1e9588b1820f301791196c44f4104b0
                                  • Instruction ID: 66e655e2ada3fb761e76fda57d66f49c79b6061f112c90d3998d0e92ada037a8
                                  • Opcode Fuzzy Hash: a8b8b36d9256e36e98494e9ede19ee92b1e9588b1820f301791196c44f4104b0
                                  • Instruction Fuzzy Hash: 0D715E34B00204DFCB1AAFB9E45166D73A6AF88308B60956DD4159B7ACDF39EC05DF90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 94af5d1824d156184c81c31ffed61b66659e29900ebee410a7fc5c068214042d
                                  • Instruction ID: acc32dfaa39e3c0b312ffb9c2ac23607e9d217ddb1872de38a59af12f5f58b13
                                  • Opcode Fuzzy Hash: 94af5d1824d156184c81c31ffed61b66659e29900ebee410a7fc5c068214042d
                                  • Instruction Fuzzy Hash: 4D817D30A01218CFDB24EFB4C855BEDB7B2BF45308F1045A9D50AAB2A8DB799D85CF51
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 106498dbdda2c848af712d34516e7c3ac5412e89ba815063d66c32182a4552bf
                                  • Instruction ID: 5dd6c91047fc44355a54604ca1cfb0eb335a585d97cbc69eba926a308eb5c0fe
                                  • Opcode Fuzzy Hash: 106498dbdda2c848af712d34516e7c3ac5412e89ba815063d66c32182a4552bf
                                  • Instruction Fuzzy Hash: D0615070A00128CFDB25EB35C995BAD73B5AF48308F5046EE9509AB394DF399E85CF40
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ae2d2c2fcf779593ddd9a4f8469b31a081222fa7218b998da248791c867a18ea
                                  • Instruction ID: 59806609b72caf37cd8794bc669dbaef3b49d51c6375fff895c60344e206e0af
                                  • Opcode Fuzzy Hash: ae2d2c2fcf779593ddd9a4f8469b31a081222fa7218b998da248791c867a18ea
                                  • Instruction Fuzzy Hash: A5511F71A04206CFDB24EF36D8047A977E2AB41314F588A78E401DB2E5EB34E94ADF60
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 463a25f083c2e74863c9527a2ff0eedac82491c99f53af5940e97fc28feeacf0
                                  • Instruction ID: 9e0261b1c6d665179ba62637b9ac1ca4b6269a46d119eef39480f5239d20adff
                                  • Opcode Fuzzy Hash: 463a25f083c2e74863c9527a2ff0eedac82491c99f53af5940e97fc28feeacf0
                                  • Instruction Fuzzy Hash: 44518034B002149FCB19AFB9E45176D73A6EF88348F20856DD8159B3A8DF39AC05DB90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5c466bb0d7b6bc58ddecc58a796c76d5191148768329f34f7e0ff8913e7e706d
                                  • Instruction ID: 6a5ea64d2c9869461456e0641da7fa1f7f2276d2fd56af2405472f45e939b5e0
                                  • Opcode Fuzzy Hash: 5c466bb0d7b6bc58ddecc58a796c76d5191148768329f34f7e0ff8913e7e706d
                                  • Instruction Fuzzy Hash: 0241EE31B04216CFDB25EF36D8057A872E2AF41318F588A69D411DB2D5EF38E94ADF60
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8b7cdb642c2618dfb407b336b997d80574e415eca917c5dced2462dc0c21a3b5
                                  • Instruction ID: e332b50d634e4a6ca6231c94b7d03a58f822ec3aad593b42227939324733673e
                                  • Opcode Fuzzy Hash: 8b7cdb642c2618dfb407b336b997d80574e415eca917c5dced2462dc0c21a3b5
                                  • Instruction Fuzzy Hash: 26415E30A002188FDB24EBB8C954BECB7F2BF45308F4045AAD409AB2A9DB755E48CF51
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 786ae4c81c009d1662beaa7356e86f1a66cef13260eba3662b4446ff91c276bf
                                  • Instruction ID: c484b9854870df6f7744b0da27d1c686b8627cdf5501bbbb6e0d2046c5673974
                                  • Opcode Fuzzy Hash: 786ae4c81c009d1662beaa7356e86f1a66cef13260eba3662b4446ff91c276bf
                                  • Instruction Fuzzy Hash: 6D31B531B002018FDB14BBBCD811BBE32ABAB89208F104839D509DB7A9DF799D59D7D1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1872c5d44370d5ae68a08bca20a6f7d70e94eae03128189f1e624e90341e4384
                                  • Instruction ID: 99fac322b97a19abd04044b22a2a635cabaec9de879e7c2e2be4ab771ff60230
                                  • Opcode Fuzzy Hash: 1872c5d44370d5ae68a08bca20a6f7d70e94eae03128189f1e624e90341e4384
                                  • Instruction Fuzzy Hash: 9A31B3B0B102059FDB14DB39C854BAEBAF6AF88304F14457DD405EB7A1DBB4E804CB90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e6fc42b812f60922248f18191cff43cf05630df2bab25e9747c1f5fa822c649d
                                  • Instruction ID: 6e71fb0de654b1079de552d0180c1bbac1b4440eb9e73921aa321a7947e74fae
                                  • Opcode Fuzzy Hash: e6fc42b812f60922248f18191cff43cf05630df2bab25e9747c1f5fa822c649d
                                  • Instruction Fuzzy Hash: BF31E3326043449FC725AB789821BAE3BA7ABC2348B0485BDD105CF2E6CF795C09C791
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35693c58e9a9beb59f907cdca3f47e5943458c7b82de0eb1e10f1ebdd5c1cb5c
                                  • Instruction ID: c352cd1af377d12372834a344e089c6e558922d9ecb5a68dbd96a4d58fc7499d
                                  • Opcode Fuzzy Hash: 35693c58e9a9beb59f907cdca3f47e5943458c7b82de0eb1e10f1ebdd5c1cb5c
                                  • Instruction Fuzzy Hash: 112126756083458FC7216B78A8144AD7BF1EF832067454AFED481CF396EB38580A8B92
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539219155.0000000004740000.00000040.00000800.00020000.00000000.sdmp, Offset: 04740000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4740000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8d50150d21a8c2cde0a8d2607ca23a794635d5b386597ad47a337429be870c9d
                                  • Instruction ID: 44880fdf31d6a8d29e1ce544e292877da28347d9b63054bef2f22994dee29df5
                                  • Opcode Fuzzy Hash: 8d50150d21a8c2cde0a8d2607ca23a794635d5b386597ad47a337429be870c9d
                                  • Instruction Fuzzy Hash: 4A11BDB5908341AFD350CF19D841A5BFBE4FB88664F04896EF998D7311D235E9048FA2
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 966f1c66c6d8f44fb3a68d2c4cc91e1b4677d44c552149310222a9cb04ed350f
                                  • Instruction ID: 338bd4f96057c6e052a3e343716a6fc1a9607a90adc4808c4cfec74033bade5b
                                  • Opcode Fuzzy Hash: 966f1c66c6d8f44fb3a68d2c4cc91e1b4677d44c552149310222a9cb04ed350f
                                  • Instruction Fuzzy Hash: E311C271E002098FCB18EF78D8015AEB7FAEF9A254B21017DC405EB744EB349E45CB90
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 42f187ec99ace962227fbcef1a9e9f2ad4e1fd0783dba023560aafa4ea8d5cd3
                                  • Instruction ID: 704f07c9dfeae5140cb75a88c889e0f932b919cb08b827f22beef0dccd37d57e
                                  • Opcode Fuzzy Hash: 42f187ec99ace962227fbcef1a9e9f2ad4e1fd0783dba023560aafa4ea8d5cd3
                                  • Instruction Fuzzy Hash: 371170326142448FC325BB7C9421A6E3BD7ABC634834594BDD0058F3BACF794C09D792
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4533951594.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_90a000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5fde0539cacab40fdec4ae1fb01001c1a0043f16662d7196964ff69619b9e712
                                  • Instruction ID: df745273052a717f94dd305afd68867793d24f11b865ffc81735d428dadf3929
                                  • Opcode Fuzzy Hash: 5fde0539cacab40fdec4ae1fb01001c1a0043f16662d7196964ff69619b9e712
                                  • Instruction Fuzzy Hash: EA11BEB5908301AFD350CF09DC41E5BFBE8EB88660F04892EF95997311D275E908CFA2
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12a9f6c6043a0f84def8076ded4643f271baf3c9e20f60d6380bcf77ec5572ab
                                  • Instruction ID: c5c3bc12a6ecb1f38c8316e3e8dfc399f45f5b46a77f92763eb017091f937dc7
                                  • Opcode Fuzzy Hash: 12a9f6c6043a0f84def8076ded4643f271baf3c9e20f60d6380bcf77ec5572ab
                                  • Instruction Fuzzy Hash: 21119D6245E3C19FC3135734A8296917FB46E43219B0E89DBD080CF2A7D26C4A0AD7A2
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a98157f2a25fb4350178a0db5ac2606da5f828d95613b74efbbdc2c178df6fd0
                                  • Instruction ID: ac508294d984421342902214d94f9be68d8be88f39dcea252022ed7541bb096e
                                  • Opcode Fuzzy Hash: a98157f2a25fb4350178a0db5ac2606da5f828d95613b74efbbdc2c178df6fd0
                                  • Instruction Fuzzy Hash: F801807110A242DFCB10EB3CD55985D7BE1EFC5309B14882CE646CB359DB359848EF42
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 632aef7fc50e7e86b2dc7605a5ecf33107f45f36d49b383aad291244c96cce9c
                                  • Instruction ID: 6c1ec23fed20f9002855d180fc5fe7a468e40561efc35f60b953590a9f791760
                                  • Opcode Fuzzy Hash: 632aef7fc50e7e86b2dc7605a5ecf33107f45f36d49b383aad291244c96cce9c
                                  • Instruction Fuzzy Hash: A4F06272A05304AFEB14EF708812BAE7BB3EF81714F1486BEA141DB1D1DA355941C780
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539219155.0000000004740000.00000040.00000800.00020000.00000000.sdmp, Offset: 04740000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4740000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 46c89509297a1775f7d6f0f2114a34879a96fa520ef57260750c3cca6cd21ece
                                  • Instruction ID: f8106cebbbc2b8c9b1306485e87b69b78a2c28d2c3849b3d97079587781107e5
                                  • Opcode Fuzzy Hash: 46c89509297a1775f7d6f0f2114a34879a96fa520ef57260750c3cca6cd21ece
                                  • Instruction Fuzzy Hash: 1BE0D8B294120067D2108F0AAC46F52FB9CDB44931F04C567ED091B741D175B5188AE1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539219155.0000000004740000.00000040.00000800.00020000.00000000.sdmp, Offset: 04740000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_4740000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 15480f3a9fa9f05daaea25165c90922eaa9f8cd8c8e19b346238f58a554a9780
                                  • Instruction ID: 9baf1c124db38ead87474ecc7090fe42e2909522149aca494fd1997970784ce7
                                  • Opcode Fuzzy Hash: 15480f3a9fa9f05daaea25165c90922eaa9f8cd8c8e19b346238f58a554a9780
                                  • Instruction Fuzzy Hash: 9AE0D8B290020067D210DF0AAC45F53FB9CDB40930F04C567ED091B701D176B614CAE1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4533951594.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_90a000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c280d9fde823f8dfe3acbbf2ea29458635a69cdbe4031b4ce5ea79d72c27f3a0
                                  • Instruction ID: 17478be4320ede5a9e303bc2866a8d90c1a727670617cfc49a4ecc26fe1e46ad
                                  • Opcode Fuzzy Hash: c280d9fde823f8dfe3acbbf2ea29458635a69cdbe4031b4ce5ea79d72c27f3a0
                                  • Instruction Fuzzy Hash: 41E0D8B294020467D2108F0AAC45F52F79CDB40931F04C56BED0D5B711D175B504CEF1
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7fd43f0756304ae406e1a8a36150298e11dc2c8e35b866f0cee57d50830fc40
                                  • Instruction ID: 06ce0bc063869f4e6fda2eea1de08f877e4cbb2eb4cd0dc2ddb4083c73c51d18
                                  • Opcode Fuzzy Hash: a7fd43f0756304ae406e1a8a36150298e11dc2c8e35b866f0cee57d50830fc40
                                  • Instruction Fuzzy Hash: DDE0867094E2889FCB01CF7498514DC7FF1EB0620172141FED849C7662DA750D05DB02
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b3ffde114797301f49dc35d2cae61f5f0bb340923ebea4ad8552ce4a19ccab01
                                  • Instruction ID: b2165cc41a73177afe9751a2341a4977948a0c4c1b0795d699cde1e8a443c823
                                  • Opcode Fuzzy Hash: b3ffde114797301f49dc35d2cae61f5f0bb340923ebea4ad8552ce4a19ccab01
                                  • Instruction Fuzzy Hash: 05E012B1549244DFCB15DBB4A9154FC7BB0DA5620171141EEC846D7262EE75094ACB41
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 18585a702a91d0566da84d212c4d4dcde96863272cc93734723ddab9b4476586
                                  • Instruction ID: 142612419e487ea11c5e788cb74e7e2e12ba288b17198450d87364fc576a14af
                                  • Opcode Fuzzy Hash: 18585a702a91d0566da84d212c4d4dcde96863272cc93734723ddab9b4476586
                                  • Instruction Fuzzy Hash: 02E0C23014B340CFC71A2B70A42581C3FB1AF4720535408FEC1068B366DB7A8886CF10
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4533846098.00000000008F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F2000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_8f2000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9e723b9032fff584232f912b8ca0fbe251079569d8dfcbb8deedd927db0f6dbc
                                  • Instruction ID: 04126cf8b8e857d5cc0269baa1636c7ef866ad1fb11cdcf9f4a679a2c8643cf0
                                  • Opcode Fuzzy Hash: 9e723b9032fff584232f912b8ca0fbe251079569d8dfcbb8deedd927db0f6dbc
                                  • Instruction Fuzzy Hash: 34D05E792056D54FD327DB2CC6A4BA537D4FB61714F4A44FAA800CB763C7A8D981D610
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4533846098.00000000008F2000.00000040.00000800.00020000.00000000.sdmp, Offset: 008F2000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_8f2000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ccb9904ff338044e5e5c1ada810abb91bcb40ba1d4965cadb99270b3ccab29bf
                                  • Instruction ID: 423112e7ef169523e7aea76ccd8279a02cc8424a5b196393fb739784ef1b3575
                                  • Opcode Fuzzy Hash: ccb9904ff338044e5e5c1ada810abb91bcb40ba1d4965cadb99270b3ccab29bf
                                  • Instruction Fuzzy Hash: CFD05E743006854BC729DB1CC2D4F6937D4BB40714F0645E8AC10CBB72C7A8D8C4DA00
                                  Memory Dump Source
                                  • Source File: 00000002.00000002.4539376509.00000000048C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048C0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_2_2_48c0000_server.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a57438f0d85325c298b05f25d5eca84743f4336872b87db1d53ba748585eec39
                                  • Instruction ID: 85d1b47404ad22d1529adf0f2ecbdaf3b98b7dff3ab34edafd5fe6e1249a7956
                                  • Opcode Fuzzy Hash: a57438f0d85325c298b05f25d5eca84743f4336872b87db1d53ba748585eec39
                                  • Instruction Fuzzy Hash: AAD0C971A15208EF8B44EFA8DD0189DB7F9EB46215B1041AAA80DD3750EE325E04EB81