Edit tour

Windows Analysis Report
xkzdRi6nGpg3.exe

Overview

General Information

Sample name:	xkzdRi6nGpg3.exe
Analysis ID:	1431189
MD5:	12d3e11ae0227e8182db020a1f875b67
SHA1:	ec4525cf7bd7b85e9fbd3101faf7dafaeb83424e
SHA256:	ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e
Tags:	exenjRat
Infos:

Detection

Njrat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Snort IDS alert for network traffic

Yara detected Njrat

.NET source code contains potential unpacker

.NET source code references suspicious native API functions

C2 URLs / IPs found in malware configuration

Contains functionality to log keystrokes (.Net Source)

Machine Learning detection for sample

Self deletion via cmd or bat file

Uses dynamic DNS services

Allocates memory with a write watch (potentially for evading sandboxes)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Process Tree

System is w10x64

xkzdRi6nGpg3.exe (PID: 5980 cmdline: "C:\Users\user\Desktop\xkzdRi6nGpg3.exe" MD5: 12D3E11AE0227E8182DB020A1F875B67)

cmd.exe (PID: 3248 cmdline: cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xkzdRi6nGpg3.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
NjRAT	RedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.	AQUATIC PANDA Earth Lusca Operation C-Major The Gorgon Group	http://blog.trendmicro.com/trendlabs-security-intelligence/new-rats-emerge-from-leaked-njw0rm-source-code/ http://blogs.360.cn/post/analysis-of-apt-c-37.html http://threatgeek.typepad.com/files/fta-1009---njrat-uncovered-1.pdf https://about.fb.com/news/2021/04/taking-action-against-hackers-in-palestine/ https://asec.ahnlab.com/1369	https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "rusia.duckdns.org", "Port": "1994", "Campaign ID": "NYAN CAT", "Network Seprator": "@!#&^%$", "Registry": "5e13091123"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
xkzdRi6nGpg3.exe	JoeSecurity_Njrat	Yara detected Njrat	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_Njrat	Yara detected Njrat	Joe Security
Process Memory Space: xkzdRi6nGpg3.exe PID: 5980	JoeSecurity_Njrat	Yara detected Njrat	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
1.0.xkzdRi6nGpg3.exe.ca0000.0.unpack	JoeSecurity_Njrat	Yara detected Njrat	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) - Source IP: 192.168.2.9 - Destination IP: 46.246.84.12

Timestamp:	04/24/24-17:06:01.844441
SID:	2825563
Source Port:	49706
Destination Port:	1994
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) - Source IP: 192.168.2.9 - Destination IP: 46.246.84.12

Timestamp:	04/24/24-17:08:27.238731
SID:	2825564
Source Port:	49706
Destination Port:	1994
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) - Source IP: 192.168.2.9 - Destination IP: 46.246.84.12

Timestamp:	04/24/24-17:06:01.270296
SID:	2033132
Source Port:	49706
Destination Port:	1994
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: xkzdRi6nGpg3.exe

Avira: detected

Antivirus detection for URL or domain

Source: rusia.duckdns.org

Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp

Malware Configuration Extractor: Njrat {"Host": "rusia.duckdns.org", "Port": "1994", "Campaign ID": "NYAN CAT", "Network Seprator": "@!#&^%$", "Registry": "5e13091123"}

Yara detected Njrat

Source: Yara match	File source: xkzdRi6nGpg3.exe, type: SAMPLE
Source: Yara match	File source: 1.0.xkzdRi6nGpg3.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xkzdRi6nGpg3.exe PID: 5980, type: MEMORYSTR

Machine Learning detection for sample

Source: xkzdRi6nGpg3.exe

Joe Sandbox ML: detected

Source: xkzdRi6nGpg3.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: xkzdRi6nGpg3.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2033132 ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll) 192.168.2.9:49706 -> 46.246.84.12:1994
Source: Traffic	Snort IDS: 2825563 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf) 192.168.2.9:49706 -> 46.246.84.12:1994
Source: Traffic	Snort IDS: 2825564 ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act) 192.168.2.9:49706 -> 46.246.84.12:1994

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: rusia.duckdns.org

Uses dynamic DNS services

Source: unknown

DNS query: name: rusia.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.9:49706 -> 46.246.84.12:1994

Source: Joe Sandbox View

IP Address: 46.246.84.12 46.246.84.12

Source: Joe Sandbox View

ASN Name: PORTLANEwwwportlanecomSE PORTLANEwwwportlanecomSE

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Code function: 1_2_0136A186 recv,

1_2_0136A186

Source: global traffic

DNS traffic detected: DNS query: rusia.duckdns.org

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: xkzdRi6nGpg3.exe, Keylogger.cs

.Net Code: VKCodeToUnicode

E-Banking Fraud

Yara detected Njrat

Source: Yara match	File source: xkzdRi6nGpg3.exe, type: SAMPLE
Source: Yara match	File source: 1.0.xkzdRi6nGpg3.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xkzdRi6nGpg3.exe PID: 5980, type: MEMORYSTR

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Code function: 1_2_018619F0

1_2_018619F0

Source: xkzdRi6nGpg3.exe, 00000001.00000000.1272570021.0000000000CA8000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameClient.exe4 vs xkzdRi6nGpg3.exe
Source: xkzdRi6nGpg3.exe	Binary or memory string: OriginalFilenameClient.exe4 vs xkzdRi6nGpg3.exe

Source: xkzdRi6nGpg3.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@4/1@2/1

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Code function: 1_2_055E22AA AdjustTokenPrivileges,		1_2_055E22AA
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Code function: 1_2_055E2273 AdjustTokenPrivileges,		1_2_055E2273

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\xkzdRi6nGpg3.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3476:120:WilError_03
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Mutant created: \Sessions\1\BaseNamedObjects\5e13091123

Source: xkzdRi6nGpg3.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: xkzdRi6nGpg3.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\xkzdRi6nGpg3.exe "C:\Users\user\Desktop\xkzdRi6nGpg3.exe"
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xkzdRi6nGpg3.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xkzdRi6nGpg3.exe"	Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: xkzdRi6nGpg3.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: xkzdRi6nGpg3.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: xkzdRi6nGpg3.exe, Program.cs

.Net Code: Plugin System.Reflection.Assembly.Load(byte[])

Hooking and other Techniques for Hiding and Protection

Self deletion via cmd or bat file

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process created: cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xkzdRi6nGpg3.exe"
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process created: cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xkzdRi6nGpg3.exe"			Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Memory allocated: 13F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Memory allocated: 3410000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Memory allocated: 1640000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Window / User API: threadDelayed 417	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Window / User API: threadDelayed 3654	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Window / User API: threadDelayed 5455	Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe	Window / User API: foregroundWindowGot 1765	Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe TID: 6696	Thread sleep time: -417000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe TID: 6696	Thread sleep time: -5455000s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: xkzdRi6nGpg3.exe, 00000001.00000002.2851240205.0000000001489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW/>
Source: xkzdRi6nGpg3.exe, 00000001.00000002.2851240205.0000000001489000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

.NET source code references suspicious native API functions

Source: xkzdRi6nGpg3.exe, Program.cs	Reference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, cbName, ref lpszVer, 100)
Source: xkzdRi6nGpg3.exe, Keylogger.cs	Reference to suspicious API methods: MapVirtualKey(a, 0u)
Source: xkzdRi6nGpg3.exe, Keylogger.cs	Reference to suspicious API methods: GetAsyncKeyState(num2)

Source: xkzdRi6nGpg3.exe, 00000001.00000002.2851642273.00000000034BA000.00000004.00000800.00020000.00000000.sdmp, xkzdRi6nGpg3.exe, 00000001.00000002.2851642273.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, xkzdRi6nGpg3.exe, 00000001.00000002.2851642273.00000000034D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: xkzdRi6nGpg3.exe, 00000001.00000002.2851642273.00000000034BA000.00000004.00000800.00020000.00000000.sdmp, xkzdRi6nGpg3.exe, 00000001.00000002.2851642273.00000000034CE000.00000004.00000800.00020000.00000000.sdmp, xkzdRi6nGpg3.exe, 00000001.00000002.2851642273.00000000034D1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager@9cl

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\xkzdRi6nGpg3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Njrat

Source: Yara match	File source: xkzdRi6nGpg3.exe, type: SAMPLE
Source: Yara match	File source: 1.0.xkzdRi6nGpg3.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xkzdRi6nGpg3.exe PID: 5980, type: MEMORYSTR

Remote Access Functionality

Yara detected Njrat

Source: Yara match	File source: xkzdRi6nGpg3.exe, type: SAMPLE
Source: Yara match	File source: 1.0.xkzdRi6nGpg3.exe.ca0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: xkzdRi6nGpg3.exe PID: 5980, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	1 Masquerading	1 Input Capture	1 Security Software Discovery	Remote Services	1 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	2 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Access Token Manipulation	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	1 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Process Injection	LSA Secrets	12 System Information Discovery	SSH	Keylogging	21 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
xkzdRi6nGpg3.exe	100%	Avira	TR/Dropper.Gen7
xkzdRi6nGpg3.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
rusia.duckdns.org	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
rusia.duckdns.org	46.246.84.12	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
rusia.duckdns.org	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
46.246.84.12	rusia.duckdns.org	Sweden		42708	PORTLANEwwwportlanecomSE	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431189
Start date and time:	2024-04-24 17:05:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	xkzdRi6nGpg3.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@4/1@2/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 92 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: xkzdRi6nGpg3.exe

Simulations

Behavior and APIs

Time	Type	Description
17:06:28	API Interceptor	607483x Sleep call for process: xkzdRi6nGpg3.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
46.246.84.12	1L79IBlk3o.exe	Get hash	malicious	XWorm	Browse
	xueSatPQMUFH.exe	Get hash	malicious	ArrowRAT	Browse
	x2xFapxhdTcU.exe	Get hash	malicious	ArrowRAT	Browse
	Claro Securty.apk	Get hash	malicious	Unknown	Browse
	Win defender.exe	Get hash	malicious	Njrat	Browse
	cgdifn.msi	Get hash	malicious	Unknown	Browse
	Corona App.apk	Get hash	malicious	Unknown	Browse
	cgdifn.msi	Get hash	malicious	Unknown	Browse
	CGDIFN.exe	Get hash	malicious	LodaRAT	Browse
	Winver.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
rusia.duckdns.org	xjXIE2ZFFSw4.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	46.246.14.10
	xjXIE2ZFFSw4.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	46.246.14.10
	xyyDAUDPeYEH.exe	Get hash	malicious	Njrat	Browse	46.246.6.20
	x7RZVIWaDKb5.exe	Get hash	malicious	Njrat	Browse	46.246.14.17
	x7RZVIWaDKb5.exe	Get hash	malicious	Njrat	Browse	46.246.14.17
	bUBL.exe	Get hash	malicious	Njrat	Browse	46.246.14.17
	x6Xw7vcuD9zM.exe	Get hash	malicious	Njrat	Browse	46.246.14.23
	bTAB.exe	Get hash	malicious	Njrat	Browse	46.246.80.3
	xbd0vU3xnyOS.exe	Get hash	malicious	Njrat	Browse	46.246.6.7
	x38kbgLd6bPu.exe	Get hash	malicious	Njrat	Browse	46.246.12.24

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PORTLANEwwwportlanecomSE	Price request N#U00b0DEM23000199.js	Get hash	malicious	AsyncRAT, PureLog Stealer, RedLine	Browse	178.73.192.3
	xjXIE2ZFFSw4.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	46.246.14.10
	xjXIE2ZFFSw4.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	46.246.14.10
	BitTorrent-7.6.exe	Get hash	malicious	Unknown	Browse	188.126.94.80
	xVcsGL5R1Nbh.exe	Get hash	malicious	Njrat	Browse	46.246.6.20
	xyyDAUDPeYEH.exe	Get hash	malicious	Njrat	Browse	46.246.6.20
	xzcQo6GenFVf.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	46.246.14.5
	tajma.x86-20240422-0535.elf	Get hash	malicious	Mirai, Okiru	Browse	188.126.69.245
	x7RZVIWaDKb5.exe	Get hash	malicious	Njrat	Browse	46.246.14.17
	x7RZVIWaDKb5.exe	Get hash	malicious	Njrat	Browse	46.246.14.17

Process:	C:\Users\user\Desktop\xkzdRi6nGpg3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	907
Entropy (8bit):	5.243019596074263
Encrypted:	false
SSDEEP:	24:MLF2CpI329Iz52VMzffup26KTnKoO2+b2hHAa/:MwQd9IzoaXuY6Ux+SF/
MD5:	48A0572426885EBDE53CA62C7F2E194E
SHA1:	035628CDF6276367F6C83E9F4AA2172933850AA8
SHA-256:	4C68E10691304CAC8DA65A05CF2580728EC0E294104F267840712AF1C46A6538
SHA-512:	DEFE728C2312918D94BD43C98908C08CCCA5EBFB77F873779DCA784F14C607B33A4E29AC5ECB798F2F741668B7692F72BCB60DEFD536EA86B296B64FA359C42D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\53992d421e2c7ecf6609c62b3510a6f0\System.Configuration.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74774597e319a738b792e6a6c06d3559\System.Xml.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1bd56c432cb9ff27e335d97f404caf8f\System.Management.ni.dll",0..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	3.799206784996852
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.79% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01%
File name:	xkzdRi6nGpg3.exe
File size:	32'768 bytes
MD5:	12d3e11ae0227e8182db020a1f875b67
SHA1:	ec4525cf7bd7b85e9fbd3101faf7dafaeb83424e
SHA256:	ba1c1884ec9bc5326e183aa6a6f31a7f0f3a78f0ae04a5d13aba1eba1ac3448e
SHA512:	6b4b5d773e43e0dc6668d361b16c2f414649320ee96e5ea22de132f17870fe002212f7a7324bd7ad8347917392319d934b164cae01941234818c90ef2399e379
SSDEEP:	384:70bUe5XB4e0XLO3fw0Q0mS03AWTxtTUFQqzFbObbJ:4T9Buyo55d5bJ
TLSH:	9CE218067BE94215C6BC5AFC8CB313214772E3838532EB6F5CDC88CA4B676D04655EE9
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'f.................P... ......^g... ........@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x40675e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6627EC9B [Tue Apr 23 17:15:07 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6710	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x8000	0x2a0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x4764	0x5000	c2ffa275f338b879319868cae547162f	False	0.474853515625	data	5.289358800701343	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x8000	0x2a0	0x1000	72e29550a9764ae2ca0bc9263e829114	False	0.07666015625	data	0.6655850551657312	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa000	0xc	0x1000	e8ad62578d6ea2b62af23f514f67d89b	False	0.008544921875	data	0.012638662471219527	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x8058	0x244	data			0.46379310344827585

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/24/24-17:06:01.844441	TCP	2825563	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (inf)	49706	1994	192.168.2.9	46.246.84.12
04/24/24-17:08:27.238731	TCP	2825564	ETPRO TROJAN Generic njRAT/Bladabindi CnC Activity (act)	49706	1994	192.168.2.9	46.246.84.12
04/24/24-17:06:01.270296	TCP	2033132	ET TROJAN Generic njRAT/Bladabindi CnC Activity (ll)	49706	1994	192.168.2.9	46.246.84.12

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 17:06:00.746093035 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:01.182585001 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:01.182677031 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:01.270296097 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:01.844364882 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:01.844440937 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:02.427820921 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:05.138428926 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:05.744266033 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:07.819595098 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:07.872313976 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:08.085750103 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:08.629610062 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:26.340260983 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:26.340668917 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:26.839423895 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:44.952464104 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:44.953372955 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:45.538222075 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:51.747775078 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:52.264784098 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:53.591557026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:54.139394045 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:58.904611111 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:06:59.536788940 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:06:59.536957026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:00.127911091 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:00.326009989 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:00.444757938 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:00.497189999 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:00.837302923 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:00.837497950 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:01.205102921 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:01.441679955 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:01.441819906 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:01.601663113 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:01.601861000 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:01.839376926 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:01.993784904 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:01.993969917 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.183692932 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.237637997 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:02.237867117 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.441766977 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.587404013 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:02.587816954 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.638187885 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:02.638397932 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.838143110 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:02.838265896 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:02.857207060 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:02.857403040 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:03.042215109 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:03.042336941 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:03.241549969 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:03.250114918 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:03.470350981 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:03.639056921 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:03.639183044 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:03.658076048 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:03.658216953 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:03.881113052 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:03.881423950 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:04.084922075 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:04.085113049 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:04.292733908 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:04.335120916 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:04.335311890 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:04.539048910 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:04.539227009 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:04.749056101 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:04.749218941 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:04.931279898 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:04.931447029 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:05.183856010 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:05.327444077 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:05.327629089 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:05.593053102 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:05.593262911 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:05.851212978 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:05.942291021 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:05.942374945 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:06.129530907 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:06.129960060 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:06.287316084 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:06.287570000 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:06.521930933 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:06.525398970 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:06.721234083 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:06.839282990 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:06.839505911 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:06.919415951 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:06.919586897 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:07.140302896 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:07.140398026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:07.325186968 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:07.325377941 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:07.542752981 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:07.641318083 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:07.641473055 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:07.842371941 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:07.842480898 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:07.943387985 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:07.943635941 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.179194927 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.242280006 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:08.242413044 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.375493050 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:08.375648022 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.588282108 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.592431068 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:08.592765093 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.767760038 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:08.767963886 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:08.998471975 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:08.998651981 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:09.176254988 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:09.176747084 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:09.414163113 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:09.582703114 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:09.582839966 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:09.812788010 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:09.816631079 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:09.817158937 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.023793936 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.130654097 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:10.130938053 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.234781981 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:10.234963894 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.425533056 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:10.425668955 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.564682961 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:10.564820051 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.779958963 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:10.828917980 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:10.829153061 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.040254116 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.142653942 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:11.142752886 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.191680908 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:11.191971064 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.339535952 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:11.339848042 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.479655027 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:11.480370998 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.613830090 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:11.613951921 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.840074062 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:11.916270971 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:11.916580915 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:12.145844936 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:12.145968914 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:12.255877018 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:12.256064892 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:12.438927889 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:12.439030886 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:12.635081053 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:12.640161037 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:12.642086983 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:12.842111111 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:12.842220068 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.040365934 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.040471077 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.054188013 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.054477930 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.138067961 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.142059088 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.342124939 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.346101046 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.451307058 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.452347994 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.743263960 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.743355989 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:13.942044973 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:13.942209959 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:14.346406937 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:14.568257093 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:14.743594885 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.087789059 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.243475914 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:15.243654966 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.455166101 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.496359110 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:15.496455908 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.701056957 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.737256050 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:15.737363100 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.879281044 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:15.879831076 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:15.941335917 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:15.941473007 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:16.098452091 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:16.098566055 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:16.275439978 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:16.275590897 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:16.438575983 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:16.438672066 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:16.640388966 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:16.640697002 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:16.840425968 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:16.840509892 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.030674934 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.041253090 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:17.041416883 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.233419895 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:17.233805895 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.425342083 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:17.425565958 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.542694092 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:17.542875051 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.744803905 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:17.744872093 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:17.933660984 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:17.933917999 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.156230927 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.240736961 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:18.240950108 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.442773104 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:18.443084955 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.575834036 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:18.576011896 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.778820992 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.829746008 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:18.829833031 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:18.939698935 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:18.939789057 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.145627022 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.145744085 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.179665089 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.179929018 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.332087994 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.332279921 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.400402069 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.400537968 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.588691950 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.588871956 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.612199068 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.612329006 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:19.810695887 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:19.811012030 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.030577898 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:20.030777931 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.240268946 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.337646008 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:20.337769985 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.552264929 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.634325027 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:20.634460926 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.663830042 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:20.663923979 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.869283915 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.942919016 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:20.943051100 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:20.948872089 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:20.948965073 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.097162008 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:21.097373962 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.269263029 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:21.272089005 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.354990005 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:21.355190992 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.597445011 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.665002108 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:21.665169001 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.860297918 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:21.944972992 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:21.945097923 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.001863956 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:22.001977921 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.164092064 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:22.164206982 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.292905092 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:22.292964935 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.413499117 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:22.413614035 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.592699051 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.710305929 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:22.710418940 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.889703989 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:22.929153919 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:22.929259062 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.019646883 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.019757032 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.189121008 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.297674894 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.297909021 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.358414888 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.358546972 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.540932894 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.540994883 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.591074944 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.591356993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.776160955 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.776401043 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:23.982369900 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:23.982485056 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.165519953 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:24.165652037 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.330501080 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:24.330594063 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.494266033 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.607580900 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:24.607745886 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.789463043 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.846411943 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:24.846611977 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:24.889482975 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:24.889662027 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.122853041 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.139425039 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.139529943 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.186408043 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.186600924 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.282321930 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.282454967 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.522960901 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.526601076 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.591372967 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.591497898 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.758337021 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.758449078 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.929317951 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.929496050 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:25.932334900 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:25.932423115 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:26.152756929 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:26.178505898 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:26.178728104 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:26.351613045 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:26.351742983 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:26.549407005 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:26.549581051 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:26.642426968 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:26.642549038 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:26.829363108 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:26.829600096 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:27.051706076 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:27.051903009 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:27.310062885 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:27.337528944 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:27.337660074 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:27.542834997 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:27.543023109 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:27.708947897 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:27.709137917 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:27.943891048 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:27.944128036 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.108542919 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:28.108638048 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.391408920 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.436666965 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:28.436763048 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.680108070 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.746710062 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:28.746834993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.809706926 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:28.809807062 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.812577963 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:28.812757015 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:28.941623926 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:28.941836119 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:29.075675011 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:29.075695992 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:29.075822115 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:29.204679012 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:29.204830885 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:29.477749109 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:29.477953911 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:29.740691900 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:29.740820885 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:29.941617012 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:29.941764116 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.147000074 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.236999989 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:30.237143993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.476972103 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.532140970 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:30.532361031 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.566898108 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:30.567028999 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.839819908 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:30.840217113 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.900167942 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:30.900435925 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:30.962984085 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:30.963073015 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:31.235234022 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:31.303770065 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:31.304001093 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:31.430797100 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:31.431088924 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:31.663938046 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:31.664119005 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:31.831950903 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:31.832118988 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:31.884260893 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:31.884459972 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:32.056018114 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:32.056221962 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:32.221987009 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:32.222225904 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:32.436317921 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:32.441973925 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:32.646178007 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:32.646387100 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:32.849145889 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:32.849276066 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:33.100805044 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:33.143477917 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:33.143706083 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:33.343365908 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:33.343486071 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:33.510370970 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:33.510653973 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:33.742459059 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:33.742618084 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:33.921504021 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:33.921701908 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:34.283464909 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:34.321250916 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:34.321540117 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:34.619374990 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:34.706440926 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:34.706661940 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:34.931579113 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:34.943242073 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:34.943420887 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.044341087 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:35.044434071 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.108321905 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:35.108587980 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.329456091 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.336452007 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:35.336498976 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:35.510410070 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:35.510612011 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.723524094 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.744505882 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:35.744659901 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:35.909832001 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.092704058 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.114347935 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:36.114473104 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.141609907 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:36.141685009 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.338548899 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:36.338773966 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.506004095 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:36.506320000 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.582602024 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:36.582750082 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.840544939 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:36.912589073 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:36.912882090 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:37.142627001 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:37.142751932 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:37.236557007 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:37.236646891 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:37.444864035 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:37.445208073 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:37.666687965 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:37.667062044 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:37.841723919 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:37.841901064 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.030811071 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.031023026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.133651018 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.133922100 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.245687962 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.245933056 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.457989931 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.536650896 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.536911011 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.643667936 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.643974066 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.829778910 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.830195904 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:38.890809059 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:38.891035080 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.045999050 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:39.046211958 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.280467987 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.305962086 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:39.306479931 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.538209915 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:39.538316965 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.670845985 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:39.671134949 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.867942095 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:39.931502104 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:39.931713104 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.042238951 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:40.042479992 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.241972923 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:40.242259979 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.330761909 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:40.331015110 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.438973904 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:40.439253092 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.640744925 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:40.640863895 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.734925032 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:40.735184908 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:40.987828970 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.042968988 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.043171883 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.141026020 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.141283989 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.387259960 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.392198086 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.392781019 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.392900944 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.547890902 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.548038006 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.725620031 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:41.809829950 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.809922934 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:41.810209990 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.021336079 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.037940025 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.038141966 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.147643089 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.147890091 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.378963947 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.431039095 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.431360960 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.465462923 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.465728045 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.731358051 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.731570005 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.801282883 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.801491022 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:42.866976023 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:42.867086887 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:43.124082088 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:43.191539049 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:43.192679882 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:43.344068050 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:43.344320059 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:43.545258999 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:43.545363903 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:43.746654034 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:43.746750116 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:43.986892939 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.041373968 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:44.041558027 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.245349884 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:44.245512009 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.399410009 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:44.399533033 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.631432056 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:44.631516933 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.636413097 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:44.684542894 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.836716890 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:44.936322927 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:44.936551094 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:45.022314072 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:45.022393942 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:45.259227037 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:45.259730101 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:45.426604033 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:45.427077055 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:45.736738920 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:45.737957954 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:46.033512115 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:46.033982992 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:46.328841925 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:46.330020905 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:46.640600920 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:46.640718937 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:46.841784954 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:46.841934919 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:47.263516903 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:47.263643026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:47.638874054 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:47.639017105 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:47.742643118 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:47.742974043 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:47.950339079 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:48.129754066 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:48.129888058 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:48.236656904 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:48.236731052 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:48.404856920 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:48.404990911 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:48.639887094 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:48.640270948 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:48.945193052 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:48.945408106 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:49.129978895 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:49.130060911 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:49.380732059 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:49.442821980 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:49.442996025 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:49.643526077 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:49.646085978 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:49.783006907 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:49.784085035 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:49.996947050 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.041054010 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.046070099 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.193974972 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.196017027 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.390197039 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.412811041 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.413036108 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.591905117 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.592047930 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.725925922 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.726047993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.788702011 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.788724899 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.788965940 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:50.939856052 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:50.939922094 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:51.126943111 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:51.127024889 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:51.329910040 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:51.330058098 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:51.511128902 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:51.641391039 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:51.641608000 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:51.845679045 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:51.845966101 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:51.937211990 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:51.937526941 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.133071899 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.140338898 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.140492916 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.342133045 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.342231035 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.530219078 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.530308962 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.555252075 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.555325985 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.638830900 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.638897896 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.842571020 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.842659950 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:52.950423956 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:52.950522900 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:53.136353016 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:53.140254021 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:53.336473942 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:53.336668015 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:53.444411039 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:53.444519043 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:53.630382061 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:53.633997917 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:53.779433966 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:53.782016993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:53.848332882 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:53.849992990 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:54.065974951 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:54.141293049 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:54.142043114 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:54.285278082 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:54.285372019 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:54.457297087 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:54.460448980 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:54.639389992 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:54.639467955 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:54.842031002 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:54.842242956 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:55.040467978 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:55.040673018 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:55.242615938 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:55.242693901 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:55.444091082 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:55.444363117 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:55.630546093 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:55.634062052 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:55.738643885 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:55.738719940 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:55.936422110 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:55.937980890 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:56.130683899 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:56.136018038 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:56.336823940 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:56.539657116 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:56.542000055 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:56.735387087 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:56.735471010 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:56.863493919 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:56.863688946 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.082771063 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.132575035 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:57.132828951 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.345047951 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:57.345282078 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.488487959 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:57.488620996 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.730715036 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.746854067 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:57.748357058 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:57.884850979 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:57.886117935 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.143033028 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:58.145951986 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.238893986 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:58.242175102 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.344945908 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:58.346163988 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.611629009 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.637834072 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:58.637923002 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.739658117 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:58.739778042 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:58.988003016 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.015814066 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:59.015949965 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.133255005 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:59.133466005 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.343707085 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.388010025 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:59.388202906 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.534915924 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:59.535079002 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.741588116 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.762959957 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:59.763721943 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:07:59.892203093 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:07:59.892607927 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.036849976 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.037359953 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.140706062 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.140723944 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.140930891 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.238799095 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.239109993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.437714100 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.437892914 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.540829897 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.541013002 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.766916990 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.840156078 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.840387106 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:00.937009096 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:00.937109947 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:01.149642944 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:01.204180002 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:01.204750061 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:01.346854925 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:01.347064972 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:01.547107935 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:01.547311068 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:01.662902117 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:01.663366079 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:01.841089010 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:01.841267109 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.042896032 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:02.043683052 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.239986897 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:02.240176916 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.439198017 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.630228996 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:02.630300999 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.767713070 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:02.767862082 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.831232071 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:02.831490040 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:02.998507023 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:02.998591900 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.144408941 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:03.144593954 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.265290022 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:03.265435934 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.432310104 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:03.432404041 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.688060999 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.694408894 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:03.694617987 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.902959108 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:03.942331076 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:03.945852995 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.087490082 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:04.088006020 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.145351887 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:04.146819115 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.327678919 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:04.327775002 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.443892956 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:04.444113016 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.577621937 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:04.577712059 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.795428038 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:04.843693018 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:04.844109058 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.065963030 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.139389992 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:05.139617920 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.217586994 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:05.217694044 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.341579914 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:05.341804028 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.489880085 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:05.489994049 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.620487928 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:05.620837927 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.853588104 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:05.886531115 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:05.886674881 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.088006020 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.126651049 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.126782894 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.256762028 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.257042885 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.271750927 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.271873951 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.443006039 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.443073988 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.500921965 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.500945091 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.501044035 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.629769087 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.629870892 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.704456091 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.704633951 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:06.902489901 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:06.902710915 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.131469011 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.141535997 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:07.141606092 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.298588037 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:07.298710108 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.498260975 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.533554077 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:07.533761978 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.639735937 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:07.639961958 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.841460943 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:07.841630936 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:07.916925907 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:07.917067051 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.040731907 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:08.041081905 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.240535975 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:08.240668058 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.308590889 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:08.308671951 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.530371904 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.638856888 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:08.638983011 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.733217001 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:08.733333111 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:08.954703093 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:08.954921007 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:09.139744997 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:09.139885902 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:09.279819012 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:09.279917955 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:09.429750919 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:09.430059910 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:09.570766926 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:09.571091890 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:09.822118998 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:09.828887939 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:09.829005957 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.043134928 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.045933962 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.241890907 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.241982937 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.438761950 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.450814009 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.450928926 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.640250921 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.640387058 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.836952925 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.837168932 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.846178055 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.846295118 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:10.941965103 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:10.942214012 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:11.143779039 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:11.143923998 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:11.242018938 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:11.242351055 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:11.442032099 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:11.543899059 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:11.544023991 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:11.641760111 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:11.642127991 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:11.834114075 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:11.835706949 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:12.050970078 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:12.051208973 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:12.281974077 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:12.282068968 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:12.507093906 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:12.544997931 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:12.545109987 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:12.740135908 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:12.742482901 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:12.912273884 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:12.912431002 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.111833096 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.131392956 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:13.133811951 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.244262934 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:13.244829893 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.435365915 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:13.435539007 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.540764093 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:13.544055939 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.649302959 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:13.650002956 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.907589912 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:13.942269087 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:13.942600965 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:14.067002058 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:14.067157030 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:14.313388109 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:14.313563108 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:14.469239950 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:14.469382048 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:14.694391966 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:14.879519939 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:14.879780054 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.083436966 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.083602905 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.317801952 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.439532995 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.439677954 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.513613939 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.513798952 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.518342972 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.518538952 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.718585968 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.725802898 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.733473063 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.737812996 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:15.955661058 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:15.955950975 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:16.043948889 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:16.044079065 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:16.165664911 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:16.165863037 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:16.404774904 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:16.433826923 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:16.433944941 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:16.643588066 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:16.643739939 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:16.804779053 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:16.804934978 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:17.042954922 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:17.043032885 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:17.214384079 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:17.214534044 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:17.418188095 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:17.546006918 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:17.546108961 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:17.750267982 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:17.750499010 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:17.863810062 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:17.864842892 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:18.141732931 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:18.141952991 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:18.268781900 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:18.268938065 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:18.620908022 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:18.621139050 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:18.744158030 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:18.744308949 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:19.145519018 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:19.145656109 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:19.346050024 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:19.717402935 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:19.730139017 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:19.730237007 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:19.901639938 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.106043100 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.115607023 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:20.115830898 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.269715071 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:20.269927979 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.295725107 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:20.297914028 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.498795033 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:20.498940945 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.630812883 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:20.630896091 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.706777096 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:20.706906080 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:20.888251066 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.019085884 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:21.019401073 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.280910015 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:21.281023026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.343102932 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:21.343271971 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.531069040 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:21.531470060 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.715625048 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.750972986 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:21.753609896 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:21.763000965 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:21.763134956 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.032998085 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.043078899 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.043493986 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.113188982 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.113202095 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.113377094 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.159755945 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.160113096 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.396318913 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.473913908 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.474016905 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.507700920 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.507767916 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.647665024 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.647955894 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.811115980 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.811388016 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:22.918951035 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:22.919032097 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.155666113 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.226808071 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:23.227060080 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.427117109 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.440493107 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:23.440603971 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.563358068 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:23.563492060 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.789136887 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.841783047 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:23.842303991 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.867824078 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:23.868936062 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:23.986927986 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:23.987091064 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.211683989 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.212466955 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.285893917 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.286061049 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.520855904 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.635312080 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.635576963 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.685475111 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.685564041 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.848639011 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.848901987 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.938939095 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.939131021 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:24.953304052 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:24.953478098 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:25.108920097 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:25.109265089 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:25.332613945 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:25.332731962 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:25.527422905 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:25.527735949 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:25.757193089 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:25.928494930 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:25.928714037 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.009572983 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.010018110 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.114696026 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.158993959 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.160924911 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.162303925 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.417442083 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.417538881 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.533337116 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.533457994 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.643392086 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.643528938 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.862508059 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:26.929337025 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:26.929528952 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.219918966 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.238554955 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.238730907 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.282877922 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.282970905 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.501292944 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.530699968 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.530864954 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.620192051 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.624037027 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.693002939 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.694680929 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.837708950 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.838083029 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:27.920588970 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.921478987 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:27.926126957 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.024669886 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.025998116 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.145760059 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.145867109 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.332878113 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.336123943 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.436820984 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.436892033 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.544714928 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.544827938 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.741092920 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.741216898 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:28.944227934 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:28.944508076 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.143075943 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:29.143182993 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.337744951 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:29.337856054 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.443451881 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:29.443784952 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.648789883 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:29.648976088 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.674206018 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.867700100 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:29.867805958 CEST	49706	1994	192.168.2.9	46.246.84.12
Apr 24, 2024 17:08:29.868205070 CEST	1994	49706	46.246.84.12	192.168.2.9
Apr 24, 2024 17:08:29.868294001 CEST	49706	1994	192.168.2.9	46.246.84.12

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 17:05:59.093383074 CEST	54963	53	192.168.2.9	1.1.1.1
Apr 24, 2024 17:06:00.106811047 CEST	54963	53	192.168.2.9	1.1.1.1
Apr 24, 2024 17:06:00.743782043 CEST	53	54963	1.1.1.1	192.168.2.9
Apr 24, 2024 17:06:00.743823051 CEST	53	54963	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 17:05:59.093383074 CEST	192.168.2.9	1.1.1.1	0x3d04	Standard query (0)	rusia.duckdns.org	A (IP address)	IN (0x0001)	false
Apr 24, 2024 17:06:00.106811047 CEST	192.168.2.9	1.1.1.1	0x3d04	Standard query (0)	rusia.duckdns.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 17:06:00.743782043 CEST	1.1.1.1	192.168.2.9	0x3d04	No error (0)	rusia.duckdns.org		46.246.84.12	A (IP address)	IN (0x0001)	false
Apr 24, 2024 17:06:00.743823051 CEST	1.1.1.1	192.168.2.9	0x3d04	No error (0)	rusia.duckdns.org		46.246.84.12	A (IP address)	IN (0x0001)	false

Target ID:	1
Start time:	17:05:50
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\xkzdRi6nGpg3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\xkzdRi6nGpg3.exe"
Imagebase:	0xca0000
File size:	32'768 bytes
MD5 hash:	12D3E11AE0227E8182DB020A1F875B67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000001.00000000.1272554302.0000000000CA2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	17:08:28
Start date:	24/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C Y /N /D Y /T 1 & Del "C:\Users\user\Desktop\xkzdRi6nGpg3.exe"
Imagebase:	0xc50000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	17:08:28
Start date:	24/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	15.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	2.1%
Total number of Nodes:	145
Total number of Limit Nodes:	8

Executed Functions

Function 018619F0 Relevance: 12.6, Strings: 9, Instructions: 1396
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

:@<l, xrefs: 018624B7
:@<l, xrefs: 01862311
, xrefs: 0186269C
:@<l, xrefs: 01862424
:@<l, xrefs: 01862FCB
, xrefs: 018626A6
:@<l, xrefs: 01861F90
:@<l, xrefs: 0186206E
:@<l, xrefs: 01861EEA

Memory Dump Source

Source File: 00000001.00000002.2851570318.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1860000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID: $ $:@<l$:@<l$:@<l$:@<l$:@<l$:@<l$:@<l
API String ID: 0-564494652
Opcode ID: e8a186cb6e8b93d06696836388f6fd1a0f8e326c9a1d9f9b7d2ea886b88e7a57
Instruction ID: e68e73eeb50429005723097380c8990375194dab43deda2d0ab71e945ada89cd
Opcode Fuzzy Hash: e8a186cb6e8b93d06696836388f6fd1a0f8e326c9a1d9f9b7d2ea886b88e7a57
Instruction Fuzzy Hash: 9AC27D34B002148FDB14DB69C954BAEB7A7BF88308F0180A9D50ADB7A1DF759E45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 055E2273 Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 055E22F3

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 58af15e8a535d8694f1cb787e13dda8b12e83b1147f84a03c40ddd91eaf81b33
Instruction ID: 5a90fb70add8951293a5c51459554e535678544341017239e15b27ea76ba5ad7
Opcode Fuzzy Hash: 58af15e8a535d8694f1cb787e13dda8b12e83b1147f84a03c40ddd91eaf81b33
Instruction Fuzzy Hash: BA21DE765093809FDB228F25DC40B52BFF8FF0A310F0985DAE9858B563D271A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E22AA Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 055E22F3

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: f39f861d93740bae1276c164a8c474fbed294b78e8b4ad980e74782fd1813d83
Instruction ID: ba94d0aa416a5f48248b85328f190633a147b2f18b3220a9ae7b2ac2a69d4f94
Opcode Fuzzy Hash: f39f861d93740bae1276c164a8c474fbed294b78e8b4ad980e74782fd1813d83
Instruction Fuzzy Hash: BC115E7A5002009FDB25CF56D844B66FBE8FF08220F08C9AAED458BA55D375E418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0136A186 Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 0136A1C1

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: e97cebd945257dc9e325944c0e62e752b1fa0236d085dcb73cb9d58466cbabf5
Instruction ID: 739151ae4476e24119916fd760360e0091b4aaee05e857a6352aac6c70e8f347
Opcode Fuzzy Hash: e97cebd945257dc9e325944c0e62e752b1fa0236d085dcb73cb9d58466cbabf5
Instruction Fuzzy Hash: 9D01B131804240DFDB20CF55D884B52FBE8FF04364F08C49ADD494BA56D375A408CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 018603F8 Relevance: 1.6, APIs: 1, Instructions: 104
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 0186041F

Memory Dump Source

Source File: 00000001.00000002.2851570318.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1860000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 9a020e253ed608ad31cdc35af75add357b0aa588c6ab206760499d407db332cd
Instruction ID: 4a9e5ec3a130277575a7fbc2544d942d685ee48fb6532989ae22af1967f8ec91
Opcode Fuzzy Hash: 9a020e253ed608ad31cdc35af75add357b0aa588c6ab206760499d407db332cd
Instruction Fuzzy Hash: 24316D31A002048FCB14DF79D88459DB7BAEF88308F148079E908EB759DB75DE85CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0136B5DE Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0136B69D

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 6e3760c1bac180ce1313d3c69dd0e4af1e5d5f2b42019c118e2ea0cb9a4fd41b
Instruction ID: 92b126ca8ba48ed2f01c00dce2146346fe2ff33cdae872c6343ce93a20892ff1
Opcode Fuzzy Hash: 6e3760c1bac180ce1313d3c69dd0e4af1e5d5f2b42019c118e2ea0cb9a4fd41b
Instruction Fuzzy Hash: 4631C5B1504380AFE712CF25DC44BA2BFE8EF06314F08849AE984CB653D335A809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 018603E8 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserExceptionDispatcher.NTDLL ref: 0186041F

Memory Dump Source

Source File: 00000001.00000002.2851570318.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1860000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: 21610bdf7d81d1f4e2ff217401b094479c24136b1c0748c8f0cf504a9eee56a5
Instruction ID: a183c07a1ba27f2d983a4243fdb498053c69d51e103168871e391def00b12450
Opcode Fuzzy Hash: 21610bdf7d81d1f4e2ff217401b094479c24136b1c0748c8f0cf504a9eee56a5
Instruction Fuzzy Hash: 1A415F71A002058FCB14DF78C89459DBBFAEF88304F548169E809DB35ADB75DE41CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 055E1D7E Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 055E1E45

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: cc924d03e392759355047e0f19db0cf6987ca65c760af75383f65719edd682fd
Instruction ID: 1c125db0827591fe596bd6428ffc2aa757e1b02c261ad331fdb5ef54c95a762d
Opcode Fuzzy Hash: cc924d03e392759355047e0f19db0cf6987ca65c760af75383f65719edd682fd
Instruction Fuzzy Hash: 39315072504744AFE7218B65CC44F67BFFCEF09214F08459AF9858B552D324E508CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0136BB4B Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 0136BC12

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: c4e245ed2f1e341b32ddb818e53077128400e6ff5d45d1378d74f33654d47911
Instruction ID: d003184f299080a8eb9a6e9db3b2fb7d311f33e592664f648e803bc045268115
Opcode Fuzzy Hash: c4e245ed2f1e341b32ddb818e53077128400e6ff5d45d1378d74f33654d47911
Instruction Fuzzy Hash: 10319E6510E3C0AFD3139B258C65A61BFB4EF47614B0E85CBE8C48F6A3D2196909D7B2

Uniqueness

Uniqueness Score: -1.00%

Function 0136A7C7 Relevance: 1.6, APIs: 1, Instructions: 95
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0136A879

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: ee7c9b51e5ef6724bc876afba9035489fbd653ebc1991c2e38c9359ca5227cd7
Instruction ID: d319a9230e135ab1baa4f2a0f05472a0a0bf06463a0550a3abbc8181a0555323
Opcode Fuzzy Hash: ee7c9b51e5ef6724bc876afba9035489fbd653ebc1991c2e38c9359ca5227cd7
Instruction Fuzzy Hash: D231A7B24083846FE7228B55DC44FA7BFFCEF06214F09859AE9849B653D264A909C771

Uniqueness

Uniqueness Score: -1.00%

Function 055E099C Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 055E0A63

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 95f257c32a577f744e745ff3bd23e225a3d50931a7550ff3cb3ca62f2bf4de4d
Instruction ID: daa7a1b5270ea06891c9d90788f019df3e6426330a062009b0dbd58f77487ff3
Opcode Fuzzy Hash: 95f257c32a577f744e745ff3bd23e225a3d50931a7550ff3cb3ca62f2bf4de4d
Instruction Fuzzy Hash: 5B31C2B2404344AFEB21CB51CC85FA6FBACEF44314F04499AFA489B192D3B5A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 055E0894 Relevance: 1.6, APIs: 1, Instructions: 89
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessTimes.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E0931

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 50c151f43bedf0a0aeff49ca15e63319de919657a5be57d6674a15b69668bde9
Instruction ID: a4381cb71507cfcecaa7a1173cc4074ad34239792cfa3be778a4fac9e5e1b4f4
Opcode Fuzzy Hash: 50c151f43bedf0a0aeff49ca15e63319de919657a5be57d6674a15b69668bde9
Instruction Fuzzy Hash: 1031DC724053806FDB128F61DC45FA6BFB8EF06314F0984DAE984CB5A3D3259909C771

Uniqueness

Uniqueness Score: -1.00%

Function 055E0190 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 055E0227

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: b04a8ee3da8011ad05c7a443ac36052ad15eb6f9d9e7f17d8d882dce3df9dd9f
Instruction ID: 2d65eacbe39d509c011621da7a8387005e0953562489d8f5df96448217526104
Opcode Fuzzy Hash: b04a8ee3da8011ad05c7a443ac36052ad15eb6f9d9e7f17d8d882dce3df9dd9f
Instruction Fuzzy Hash: 05319372504385AFEB21CB65DC45FA7BBF8FF05210F0984AAE944CB692D364A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0136A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0136A6B9

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 3e3375b34f9f7073a6b47aa1d224be6f81912f7d4d4495e6bebdf5f9c8b2937c
Instruction ID: fba326595f8d1b3eebf0d68c41852beb9a9c6fff0702f71a16604f428ef317fd
Opcode Fuzzy Hash: 3e3375b34f9f7073a6b47aa1d224be6f81912f7d4d4495e6bebdf5f9c8b2937c
Instruction Fuzzy Hash: 1931B3B15093805FE712CB65CC45B96BFF8EF06214F09849AE984CB693D375E909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E1DAA Relevance: 1.6, APIs: 1, Instructions: 86
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExW.KERNELBASE(?,00000E24), ref: 055E1E45

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e757fbb5cab8deed9ba6e5151669e514ceed8239de7647c7464970fee74764da
Instruction ID: 9690b20e76706a490dcdd6e85b18bd82b2efe83b7ed210c6e9e295a990119f6f
Opcode Fuzzy Hash: e757fbb5cab8deed9ba6e5151669e514ceed8239de7647c7464970fee74764da
Instruction Fuzzy Hash: B4215AB2500704AFEB21DE25DC44FA7BBECFF08614F08895AF945DAA51E774E508CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 055E09BE Relevance: 1.6, APIs: 1, Instructions: 84COMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32(?,00000E24), ref: 055E0A63

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: getaddrinfo
String ID:
API String ID: 300660673-0
Opcode ID: 42c6f5847ebb7ea9473d7fc34b79b984954317044d11debeb2c811126315782f
Instruction ID: cb7f7b43cc5e17f57b33f74087b5c2d2b7008a8d90abb4214544573f33eea7d4
Opcode Fuzzy Hash: 42c6f5847ebb7ea9473d7fc34b79b984954317044d11debeb2c811126315782f
Instruction Fuzzy Hash: DD21A1B2500204AEFB21DB51CC85FA6F7ACEF04714F04899AFA499B691D7B5A5088BB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E0D10 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 055E0DB6

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 69e4f7a1eaff28db7c0a2e47b39e9fc7c3f7fa25496b9110d163d96f3d239d4e
Instruction ID: 53804670ce6c94dc1c69a0e867f586783c9876f249c568e7845ea5f21b2c3b20
Opcode Fuzzy Hash: 69e4f7a1eaff28db7c0a2e47b39e9fc7c3f7fa25496b9110d163d96f3d239d4e
Instruction Fuzzy Hash: C631917150D3C16FD3128B258C55B62BFB8EF47610F0A85DBE884CF693D225A948C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 055E201D Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 055E20AC

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: 93eec27c8bf8247611f9636cbb63685eb1628e9e4a2a4454b22b07d0a4a02110
Instruction ID: 9e07219d12f26e1107bde05bbc2415810b376df2fe3895213a927acbc93f9fcd
Opcode Fuzzy Hash: 93eec27c8bf8247611f9636cbb63685eb1628e9e4a2a4454b22b07d0a4a02110
Instruction Fuzzy Hash: 122191755093849FDB22CF25CC44B52BFF8FF06310F0984DAE885CB162D225E909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0136B6F4 Relevance: 1.6, APIs: 1, Instructions: 80COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136B789

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 7d9601b537d5ff396d37f6abe235e19a22dc1dddf477ebd158869bc089765a58
Instruction ID: 0ce623766bdac74b33a8a4add1cef0e16354348d60e4f651993ac21710d9ca6d
Opcode Fuzzy Hash: 7d9601b537d5ff396d37f6abe235e19a22dc1dddf477ebd158869bc089765a58
Instruction Fuzzy Hash: D121F8B54093806FD7138B259C85BA2BFBCEF47724F0981D6ED848B693D264A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0136A370 Relevance: 1.6, APIs: 1, Instructions: 80registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136A40C

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: cae159ce6e54d8bddb8bb239d334c54e894859fe82aa7fce88f9d1bd190a6f8e
Instruction ID: 07a6e0c3bcb908afe0b6a9e4e150b2a5a0a4c03d024e4741eb0f229711ef9984
Opcode Fuzzy Hash: cae159ce6e54d8bddb8bb239d334c54e894859fe82aa7fce88f9d1bd190a6f8e
Instruction Fuzzy Hash: 1D219FB6504740AFE722CF15CC84FA2BBFCEF45614F08849AE985DB692D364E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 055E23F5 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E247C

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 3176099b309af6742dec227aec50dee88fecd8a7f98e345f0e6b25c891f6cf8e
Instruction ID: d7ef68aa118bd4bd6394785e5ef6f59a04b8c6d8fbd356ec8e2bad5271f793f4
Opcode Fuzzy Hash: 3176099b309af6742dec227aec50dee88fecd8a7f98e345f0e6b25c891f6cf8e
Instruction Fuzzy Hash: EE21C4B25093806FE712CB25DC45F96BFB8EF42314F0984DAF944CF292D264A908C771

Uniqueness

Uniqueness Score: -1.00%

Function 055E0346 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 055E03DA

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 55e86896048fe86ab0324e2dfb4c5dd21f2fb1b27a995bb2211bc716de5e3517
Instruction ID: 92e2286460eecb34f250d6d163f0bed92f59db91104205b96b87394f819dabaf
Opcode Fuzzy Hash: 55e86896048fe86ab0324e2dfb4c5dd21f2fb1b27a995bb2211bc716de5e3517
Instruction Fuzzy Hash: 6D2191B1405384AFE722CB55DD44F96FFF8EF09224F08849EE9858B692D375A508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0136BC3E Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0136BCCA

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: e4baae91ba5e93626be2235c521eade957118eb88943e559cdbbce14de675ae9
Instruction ID: ac71946f1023f5aeecfbd9baec406b1d7885692756696c409e0ad8f2f07d52d9
Opcode Fuzzy Hash: e4baae91ba5e93626be2235c521eade957118eb88943e559cdbbce14de675ae9
Instruction Fuzzy Hash: 422160B1505380AFD722CF55DC45F96FFB8EF05224F08889EE9858B692D375A508CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0136A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136A4F8

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: bb48c1d7c4b58efca6df5c25e0de502bbd38f67597b9e9a4dbf0d17165de6fa8
Instruction ID: eaf4c68070f9b7b049a71311790f461ef06bbcd6fb90b9c0593e57a936f21dd7
Opcode Fuzzy Hash: bb48c1d7c4b58efca6df5c25e0de502bbd38f67597b9e9a4dbf0d17165de6fa8
Instruction Fuzzy Hash: F02181B65043806FD7228F15DC44FA7BFBCEF46214F08849AE9859B652D365E908C771

Uniqueness

Uniqueness Score: -1.00%

Function 055E20EC Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 055E2172

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: ba098c453bc3d143cb1c44ee37174208edf2b80b284edefa865d770bb090769e
Instruction ID: adc7f7519d34afb4db3f11ec5a6fd641b9663a508b5dc85ac8af1f3ae1ecba7c
Opcode Fuzzy Hash: ba098c453bc3d143cb1c44ee37174208edf2b80b284edefa865d770bb090769e
Instruction Fuzzy Hash: 0921A4B65093C09FD716CF25DC50B56BFA8BF46224F0D84DAE989CB253E225D908C771

Uniqueness

Uniqueness Score: -1.00%

Function 055E01B6 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 055E0227

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DescriptorSecurity$ConvertString
String ID:
API String ID: 3907675253-0
Opcode ID: 3fccb5919d88450ce4562912ccde545a2d535021dd498f6d80387ea6d6d60c9f
Instruction ID: 350f6fd17369a6770ff551d2c180362337c0364a990064a2b2b1c727d881210c
Opcode Fuzzy Hash: 3fccb5919d88450ce4562912ccde545a2d535021dd498f6d80387ea6d6d60c9f
Instruction Fuzzy Hash: 17216272500205AFEB20DF65DC45F6ABBE8FF04614F08886AE945DB691D774E5088AB1

Uniqueness

Uniqueness Score: -1.00%

Function 0136B61E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 0136B69D

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9d758872d64a97778cc348b10cb3f59d7c1de9f996aabd9c53eae6625e92af95
Instruction ID: d350658d3fe627eccc482fdabb81651369383c5e477ef97439658a68c23b1fcd
Opcode Fuzzy Hash: 9d758872d64a97778cc348b10cb3f59d7c1de9f996aabd9c53eae6625e92af95
Instruction Fuzzy Hash: FD21A171600204AFE721CF66CD45B66FBE8EF08224F088459E945CBA55D371E808CF71

Uniqueness

Uniqueness Score: -1.00%

Function 055E00AA Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E013C

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: cee8f9dc8b6b7398f8f368cb5d6e53955a62c9a3468e5cf64bce1ebd7fcaa2e7
Instruction ID: 9d6063af4aba84f0ddb4f23c046e2d1ade2fc082e47a94b933b80b12074cba12
Opcode Fuzzy Hash: cee8f9dc8b6b7398f8f368cb5d6e53955a62c9a3468e5cf64bce1ebd7fcaa2e7
Instruction Fuzzy Hash: D321AFB2504744AFD722CF11DC44FA7BBF8EF05610F08849AE9858B6A2D365E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0136A7FA Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E24), ref: 0136A879

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 6356c499f23ca97fec02a517cac93c4cd23c155fd6880c05b8d946b81078a121
Instruction ID: f7fcb0cb4a6cc765061eb01e85a419c2d0ca3f3d52a96982b630dcac22d68f16
Opcode Fuzzy Hash: 6356c499f23ca97fec02a517cac93c4cd23c155fd6880c05b8d946b81078a121
Instruction Fuzzy Hash: 7D21A1B2500204AEE7219F55DC44FABFFECEF08218F04855AFA459BA52D764E5098AB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E24DF Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E255B

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 9bc112d2527c69b4827c38d48be6715447532909e828430c3ff0b6c02ec090eb
Instruction ID: ecb3588bebfce6f33e9855ba872c30eb445932934a2067c7385766b2f6a535ec
Opcode Fuzzy Hash: 9bc112d2527c69b4827c38d48be6715447532909e828430c3ff0b6c02ec090eb
Instruction Fuzzy Hash: E02195B55053806FD721CB15DC45FA6BFB8EF45214F08849BF9448B692D365A508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 055E25C3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E263F

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 9bc112d2527c69b4827c38d48be6715447532909e828430c3ff0b6c02ec090eb
Instruction ID: 3c14fac0913858aec7547a02c7286ec2a2f02b5f8aba94a9fe0217e8b79dac13
Opcode Fuzzy Hash: 9bc112d2527c69b4827c38d48be6715447532909e828430c3ff0b6c02ec090eb
Instruction Fuzzy Hash: 2721D4B14043806FDB22CF21DC44FA6BFB8EF46224F08849AF944CB692D364A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0136A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0136A6B9

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 3075eb2d4bdbb713760207867336b2efe00ee4167765cdbf293f453319a0b244
Instruction ID: 6466b7b1e71f0c1caf5ea4b77efaaae190d7952f6be6d669c5e3b20113cbc992
Opcode Fuzzy Hash: 3075eb2d4bdbb713760207867336b2efe00ee4167765cdbf293f453319a0b244
Instruction Fuzzy Hash: 5821D4B15002409FE710CF69CD45BA6FBECEF04228F08C469ED459BB41D375E809CA71

Uniqueness

Uniqueness Score: -1.00%

Function 055E3796 Relevance: 1.6, APIs: 1, Instructions: 71registryCOMMON

Download Yara Rule

APIs

RegDeleteKeyW.ADVAPI32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E381C

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Delete
String ID:
API String ID: 1035893169-0
Opcode ID: cf00f1f2023436be821edf4035be74b6e0d32d815594cb55a434af6e882e9beb
Instruction ID: 1dad4f580615c5565c802f5b8934d095fa89816170ebd1ec85b77147f270732b
Opcode Fuzzy Hash: cf00f1f2023436be821edf4035be74b6e0d32d815594cb55a434af6e882e9beb
Instruction Fuzzy Hash: 9721C3B15093806FD722CB51DC45FA6FFB8EF46220F0984DBE9848B692D264B908C772

Uniqueness

Uniqueness Score: -1.00%

Function 0136B9D6 Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136BA55

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 02aaf862566d050ea0a26c46af4eb147f4226206b080ab9bc465ae1c69ff96b0
Instruction ID: 15e68e8c5d0abc3511b76a113c4cd7a6cda492e763bfd1b91a0ecf262c00710a
Opcode Fuzzy Hash: 02aaf862566d050ea0a26c46af4eb147f4226206b080ab9bc465ae1c69ff96b0
Instruction Fuzzy Hash: 40219272405380AFDB22CF55DC44F96FFB8EF45314F08849AE9448B652D225A508CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0136A140 Relevance: 1.6, APIs: 1, Instructions: 70networkCOMMON

Download Yara Rule

APIs

recv.WS2_32(?,?,?,?), ref: 0136A1C1

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: recv
String ID:
API String ID: 1507349165-0
Opcode ID: 06447bd2ab78465e00b75c40936da542aa5ae1cd5ee062b3b0c5edf4b2017714
Instruction ID: f7f1595bc866d508ff593015a3854b06c6f6071e9249bc9222a6ba3609d95859
Opcode Fuzzy Hash: 06447bd2ab78465e00b75c40936da542aa5ae1cd5ee062b3b0c5edf4b2017714
Instruction Fuzzy Hash: B9219A7140D3C09FD7238B619C54A52BFB4EF47220F0A85DBD9848B5A3D269A819CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E1F57 Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E1FD3

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: ab42972ab28ee6c8802acf17958045296332fe7d2247e1c75a811cdbe23515f6
Instruction ID: b29a90bcecaf9d9f8388f33c793bb78e65ffd47a061ad7a94c6e96e853216506
Opcode Fuzzy Hash: ab42972ab28ee6c8802acf17958045296332fe7d2247e1c75a811cdbe23515f6
Instruction Fuzzy Hash: 6A21C3B14093806FDB22CF11DC44FA6BFB8EF46214F08849AF9449B692D375A508C772

Uniqueness

Uniqueness Score: -1.00%

Function 0136A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136A40C

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 8328002bb12292ef411be6ba4e17d6a2079ffe012c58c122b37593558b02735a
Instruction ID: d3bc97d59d5a9c3014d9ea78fe960ff036ab5067f76c5f6175e3c955f540c356
Opcode Fuzzy Hash: 8328002bb12292ef411be6ba4e17d6a2079ffe012c58c122b37593558b02735a
Instruction Fuzzy Hash: 5921C0B55002049FEB21CF16CC84FA6FBECEF04614F08C45AE945EBB52D360E909CA71

Uniqueness

Uniqueness Score: -1.00%

Function 0136BD23 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 0136BDA0

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: a03e04ac53ab1a0ca6a5920930f0205aae2fdf6c99f08d7efab58179201cc1ea
Instruction ID: 9436f64801aaa70915e383b92078753bed53e42fa656bebc30afd4e8a8defd3e
Opcode Fuzzy Hash: a03e04ac53ab1a0ca6a5920930f0205aae2fdf6c99f08d7efab58179201cc1ea
Instruction Fuzzy Hash: FC219A314093C09FDB228F65DC55A92BFB4EF07324F0985DAE9C48F563C2259859CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0136A710 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0136A780

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 46bdd5aa3c2d36150869bf415878e53f7a5c8e5b39a8b4960cfa9feb5194f0d2
Instruction ID: cae59f75a220bb5d6b6b001f9ab858870d323b380bf0deeb053769e945d9b476
Opcode Fuzzy Hash: 46bdd5aa3c2d36150869bf415878e53f7a5c8e5b39a8b4960cfa9feb5194f0d2
Instruction Fuzzy Hash: FC21D2B54083809FDB128F65DD85752BFB8EF02324F0984EAEC858B653D2359909DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 055E0B6E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 055E0BEA

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: 63c8988cd7a2559bd81f780a1b8151a3d18b1ed71de9eb2d6c50790be318a8de
Instruction ID: 82c149a3b68664a1b7348e0c1b29f0aa27b5400c4a09add82a9a0c11daed6737
Opcode Fuzzy Hash: 63c8988cd7a2559bd81f780a1b8151a3d18b1ed71de9eb2d6c50790be318a8de
Instruction Fuzzy Hash: 6F219271408780AFDB228F51DC44B62FFF8FF06310F0885DAE9858B562D375A819DB61

Uniqueness

Uniqueness Score: -1.00%

Function 055E0366 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 055E03DA

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: c951da1b2acfc11db5e147fd5d082479a88474c1445dc5a0821ad6205edb649c
Instruction ID: 0a4bd2ff524066a8c88afc0d3587e1d88de66377eb648f76d4ea7f44357ff407
Opcode Fuzzy Hash: c951da1b2acfc11db5e147fd5d082479a88474c1445dc5a0821ad6205edb649c
Instruction Fuzzy Hash: 052181B1500204AFE721CF55DD49FA6FBE8EF08324F048559E9858B691D3B5F509CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0136BC5E Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 0136BCCA

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: a3f3ab1faff5a88192ef0803de68fbd5558bb475b9c5ff4c17f755fefc7414c5
Instruction ID: c1986c9418d95f6664c8cecfffa181c77bd31945a020912fff76e542ba6c3e88
Opcode Fuzzy Hash: a3f3ab1faff5a88192ef0803de68fbd5558bb475b9c5ff4c17f755fefc7414c5
Instruction Fuzzy Hash: DA21A171500204AFEB21CF55DD45B96FBE8EF08324F08885EE9458BA56D375A509CB72

Uniqueness

Uniqueness Score: -1.00%

Function 055E0FD2 Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 055E105B

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: bc451c8cdfadd3fb4d544476a25836806eead01e1895eb11ce03ffcedc3af0e4
Instruction ID: 36afe1baff676f070c6096b8e640b3d29feda4fdbedaf94b634c22446877eabf
Opcode Fuzzy Hash: bc451c8cdfadd3fb4d544476a25836806eead01e1895eb11ce03ffcedc3af0e4
Instruction Fuzzy Hash: 8111B4714083806FE721CB11DC85FA6FBB8EF45724F0880DAF9445B692D265B948CB71

Uniqueness

Uniqueness Score: -1.00%

Function 055E2E09 Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 055E2E85

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 0a65f550afd674563da6a852f5a7410a6a01dfd2f9c623c62b8fe9e84944d476
Instruction ID: 6b6e44d9302c275a904610d170c5d8efd7b3fb4522d8a95adb13e576e3f2b71f
Opcode Fuzzy Hash: 0a65f550afd674563da6a852f5a7410a6a01dfd2f9c623c62b8fe9e84944d476
Instruction Fuzzy Hash: 892190B55083809FDB228F15DC44B62BFF8FF46214F09808AED85CB653D265A908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 055E00CA Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E013C

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 766a68553655eb357d1769fabc029e838e7cd8f1aa196b3a7cb77cd9d5c94db7
Instruction ID: 17cca61e6e42d287a78f49de520d957858dff9ccbf14af4e655b6a6fe4217565
Opcode Fuzzy Hash: 766a68553655eb357d1769fabc029e838e7cd8f1aa196b3a7cb77cd9d5c94db7
Instruction Fuzzy Hash: 02118176500704AFEB25CF15DC85FA7F7E8FF04724F08855AE9458B6A1D3A4E508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0136A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136A4F8

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: f67c03e196d1199066dd49890b363e6f3927057a60200c1fdd6c29f6f075849f
Instruction ID: 84edbc5c154647a22b6b036434ad30e19493b5364056fdb69b59fac25961118e
Opcode Fuzzy Hash: f67c03e196d1199066dd49890b363e6f3927057a60200c1fdd6c29f6f075849f
Instruction Fuzzy Hash: 7911D3B6500204AFEB21CE15DC44FA7FBECEF04614F08C55AEE45ABB41D360E508CA71

Uniqueness

Uniqueness Score: -1.00%

Function 055E08D2 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E0931

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 58e55127e535c8d0b4f95e8312c54dac3307f44c9f8c37cceb144ca903b29970
Instruction ID: a31d800fbcebcb4484767cb95e88eea04e85602cf2a0d65f2b4c270da7a6d198
Opcode Fuzzy Hash: 58e55127e535c8d0b4f95e8312c54dac3307f44c9f8c37cceb144ca903b29970
Instruction Fuzzy Hash: DF11B672500204AFEB21CF55DC45FA6FBE8EF04324F08C45AE945CB691D775A508CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E0006 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 055E0082

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: ee7366b760e32923c9dca720153a8f1cfbd7a657fee5e1e128bb14c0d423ceab
Instruction ID: af643473e78c45ed33ee04ac64230b3741b5975eee84f44e46a7c55d109b0443
Opcode Fuzzy Hash: ee7366b760e32923c9dca720153a8f1cfbd7a657fee5e1e128bb14c0d423ceab
Instruction Fuzzy Hash: 0611E7715043406FD311DB16DC41F72BFF8EF8AA20F09819AFC4897A42D265B919CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 055E2502 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

GetProcessWorkingSetSize.KERNEL32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E255B

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 08209f5e9ce9b54c5f5137b1bc41502e74373fa253aea391fe094f8ce43600ea
Instruction ID: f6797f9f006dad627b92cd842e12de17a0eec4683b2faf629d52a8a2b8780a8c
Opcode Fuzzy Hash: 08209f5e9ce9b54c5f5137b1bc41502e74373fa253aea391fe094f8ce43600ea
Instruction Fuzzy Hash: F711C1B6900200AFEB21CF15DD85FAABBECEF44324F08846AED458F641D774A509CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E3ADD Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 055E3B51

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 0283948e548cedfe02b3a3c4caa98666fa94acb15c8888c33e37878e2b9ed357
Instruction ID: 9d91132254124795a4c4f3c7e7d1b54a5f7eeb2dee7ed020c746a67996042fb9
Opcode Fuzzy Hash: 0283948e548cedfe02b3a3c4caa98666fa94acb15c8888c33e37878e2b9ed357
Instruction Fuzzy Hash: C0216D724093C09FDB238F25DC44A52BFB4EF17220F0985DBE9858F563D265A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E25E6 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

SetProcessWorkingSetSize.KERNEL32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E263F

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ProcessSizeWorking
String ID:
API String ID: 3584180929-0
Opcode ID: 08209f5e9ce9b54c5f5137b1bc41502e74373fa253aea391fe094f8ce43600ea
Instruction ID: 950240b8e9edfde93f5cd8905070f0e4e15bdfb5c9a0981c17ea15495f76b654
Opcode Fuzzy Hash: 08209f5e9ce9b54c5f5137b1bc41502e74373fa253aea391fe094f8ce43600ea
Instruction Fuzzy Hash: 3D11C4B55002009FEB25CF15DC45FA6B7ACEF45324F0889AAED45CBA45D774A508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E2426 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E247C

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: CodeExitProcess
String ID:
API String ID: 3861947596-0
Opcode ID: 99993366377b4fcb9ca717c9dce9df6135e7283c9488fa9025b7b7924f1edd33
Instruction ID: 40dcff66b3c41aca7b56a71955a87ad117b57397208d70c1072f980fb6401095
Opcode Fuzzy Hash: 99993366377b4fcb9ca717c9dce9df6135e7283c9488fa9025b7b7924f1edd33
Instruction Fuzzy Hash: 3711A3B6500204AFEB21CF15DC45BAAB7ACEF44324F08C4AAED49CB685D775A508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0136AC03 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0136AC6E

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 59863b584fc7ab68a2cfa5de34570f193afc6abce112f60b3705b2ae3642e338
Instruction ID: dfa76b579a9e2fd447e21d3de4c9dbdaade3c8ac19e0b4227649aec9932200b5
Opcode Fuzzy Hash: 59863b584fc7ab68a2cfa5de34570f193afc6abce112f60b3705b2ae3642e338
Instruction Fuzzy Hash: 8611B471408380AFDB228F55DC44B62FFF8EF4A320F0888DAED858B563C275A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0136B9F6 Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136BA55

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1161af2e772e07cf7cfce93f52fcad159c2164f1339504f4f45011c18376f606
Instruction ID: 89d4e33f800835b97a4c7beff6a56cf71a4a7aac8204cbf72e844b617edf43e7
Opcode Fuzzy Hash: 1161af2e772e07cf7cfce93f52fcad159c2164f1339504f4f45011c18376f606
Instruction Fuzzy Hash: 0411BF72500204AFEB21CF55DC44FAAFBECEF04324F08C85AE9498AA55D375A508CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E1F7A Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E1FD3

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ioctlsocket
String ID:
API String ID: 3577187118-0
Opcode ID: 70e39d64b4529982d313487bb1c6e0ffaa2e890c9cc4d5160c7bbb45d31557c2
Instruction ID: 3fe714dea9135549dd0f79ddf1ac0e428581e5769f081689e10256a1b297e72a
Opcode Fuzzy Hash: 70e39d64b4529982d313487bb1c6e0ffaa2e890c9cc4d5160c7bbb45d31557c2
Instruction Fuzzy Hash: 4A11A3B5400200AFEB21DF51DC44FA6FBE8FF44324F08885AED459B681D775A508CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 055E37BE Relevance: 1.6, APIs: 1, Instructions: 57registryCOMMON

Download Yara Rule

APIs

RegDeleteKeyW.ADVAPI32(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 055E381C

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Delete
String ID:
API String ID: 1035893169-0
Opcode ID: a7f9dcc5b7b1c408852f724671fcafab1c211ff2343cb397dc5ce9a15a7a929b
Instruction ID: ed57256f1942c36d9ebf6e868b03b8fc303f58a0e6fd2c77387eb1aa5fd2e4dc
Opcode Fuzzy Hash: a7f9dcc5b7b1c408852f724671fcafab1c211ff2343cb397dc5ce9a15a7a929b
Instruction Fuzzy Hash: D611E5B2504200AEEB21CB02DC45FA6FBECFF04624F09C49AED459BB41D364F508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 055E3EDD Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 055E3F3D

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 112da231fda63800c3a6e161365e9ad5387fb142815f043f41636e01019400b9
Instruction ID: 26b38e439d75be59356f8d0110e0a53fbb1f9590a965f1e53fedea064f15ba34
Opcode Fuzzy Hash: 112da231fda63800c3a6e161365e9ad5387fb142815f043f41636e01019400b9
Instruction Fuzzy Hash: 3C11C475509780AFDB228F15DC44A52FFB4FF06320F08849EED858B663D365A918DB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E0FF2 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(?,00000E24), ref: 055E105B

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d8185906f4da8558bbace7f9896e06764065158dc72e528fe7bd6e270c7472a9
Instruction ID: 8479dfd07dd3c468576dbe6bbf2c7f3a3de132b8d9a0747856e9905469068da7
Opcode Fuzzy Hash: d8185906f4da8558bbace7f9896e06764065158dc72e528fe7bd6e270c7472a9
Instruction Fuzzy Hash: 9811E571504640AFEB21DB12DC45FB6F7A8EF44724F08819AFE445A681D3B5B548CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0136A2AE Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0136A30C

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 988f5a33ddbcc909b90b689da92052431043ae4dbaa0dc47b9af6c2348765f41
Instruction ID: 9b34655bbba88f1ebf73918bcc80e6b6841ab0e79af8cf181cb996b0147b241b
Opcode Fuzzy Hash: 988f5a33ddbcc909b90b689da92052431043ae4dbaa0dc47b9af6c2348765f41
Instruction Fuzzy Hash: AC1191714093C06FDB238B15DC54A62BFB8DF47224F0981CBED848F663D2656918C772

Uniqueness

Uniqueness Score: -1.00%

Function 055E2056 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

select.WS2_32(?,?,?,?,?), ref: 055E20AC

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: select
String ID:
API String ID: 1274211008-0
Opcode ID: b7f4f9b34cd9caef42854988342e50db889e06e46f6bf156e772fdda28e030f7
Instruction ID: 394588de03c12eb40d30f6b8af161c582e4d74f0b35e8465d32afe10b9892d8a
Opcode Fuzzy Hash: b7f4f9b34cd9caef42854988342e50db889e06e46f6bf156e772fdda28e030f7
Instruction Fuzzy Hash: A3116D795002048FDB25CF15D884F62FBE8FF04220F08C8AADD4ACB695D335E548CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0136AD9F Relevance: 1.6, APIs: 1, Instructions: 54comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0136AE00

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 64cfc973b57e58ef464a3fea8f006c3887f585a8811c92cb41e17a977048efad
Instruction ID: c0601c12fcd32fb16999f3e2c23578b18e0cc27a64fd4fe5a3fbedc7c3585838
Opcode Fuzzy Hash: 64cfc973b57e58ef464a3fea8f006c3887f585a8811c92cb41e17a977048efad
Instruction Fuzzy Hash: 29116D714493C09FDB128B15DC45B52BFB4EF46224F0884DAED898B693D279A918CB62

Uniqueness

Uniqueness Score: -1.00%

Function 055E212A Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 055E2172

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: a6bae53c7b1cc96b03c3612b61edc89b88f31b5a9d2d2775e142c818c9dc61b7
Instruction ID: 72d5a11a807f9cd75cfcda812b0d09de25540a815e4196a808e8600677662f78
Opcode Fuzzy Hash: a6bae53c7b1cc96b03c3612b61edc89b88f31b5a9d2d2775e142c818c9dc61b7
Instruction Fuzzy Hash: 82116575A042409FDB28CF16DC85B5AFBE8FF44220F08C4AADD49CB745D775D504CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0136B736 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E24,4ED910D6,00000000,00000000,00000000,00000000), ref: 0136B789

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: c3bbed87fd59b6eb94e55b37460d8ab8023af3804a57ed29a88f04f528ded3f4
Instruction ID: 5c638ac821ab8469e4412317b695f04ff46f09da123a0ff41420381d73c07acb
Opcode Fuzzy Hash: c3bbed87fd59b6eb94e55b37460d8ab8023af3804a57ed29a88f04f528ded3f4
Instruction Fuzzy Hash: 9501C0B5500204AEE721CF16DC84BA6FBACDF44628F08C096EE048BB45D368A5088EB6

Uniqueness

Uniqueness Score: -1.00%

Function 055E0B9E Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON

Download Yara Rule

APIs

WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 055E0BEA

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Connect
String ID:
API String ID: 3144859779-0
Opcode ID: f4135282e188ec654ed995fa5de7efc6832c07280d13fb4f5ec4d596eb63c459
Instruction ID: 186a9b9bae6c8e1c0d8f83badd525b59a8556b2cac21b471b6ba1beafb86f9ba
Opcode Fuzzy Hash: f4135282e188ec654ed995fa5de7efc6832c07280d13fb4f5ec4d596eb63c459
Instruction Fuzzy Hash: 471170714006449FDB20CF55D844B66FBE5FF08310F08C99AED498BA61D375E418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 055E3D90 Relevance: 1.5, APIs: 1, Instructions: 49windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 055E3DE4

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: ad304c171290089fc87e4d2b1739143e7acb4bbbb7302cf00e4440b5d436a433
Instruction ID: 100f94dd8ad22bc01a85e78652fc8a6d6a98988a6d1ee9e2ecc9ce909925fc88
Opcode Fuzzy Hash: ad304c171290089fc87e4d2b1739143e7acb4bbbb7302cf00e4440b5d436a433
Instruction Fuzzy Hash: 2E11C4714093C0AFDB228F15DC44B62FFB4EF46224F0980DAED848B653D275A908CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 055E0D66 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetVolumeInformationA.KERNELBASE(?,00000E24,?,?), ref: 055E0DB6

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: b0b7371f228321892d10cf21d6e380d2a16b891c42fb903591f60d6c33c04012
Instruction ID: c0b101783644540ac1e93a0a2693698102ca1c42c67c927c9d78bead77e2944d
Opcode Fuzzy Hash: b0b7371f228321892d10cf21d6e380d2a16b891c42fb903591f60d6c33c04012
Instruction Fuzzy Hash: B701B171900200ABD310DF16CC46B66FBE8FB88B20F14855AEC089BB41D735B915CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 055E2E3A Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 055E2E85

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 2644abe0bb0c84ab0dc109d943e598b9684d1a4977e3172235cc24615cc4fbae
Instruction ID: 6ed0651ca4aac6a9f22909f96b97cd4957c381fe1f1f134e96af1e88e7ab226e
Opcode Fuzzy Hash: 2644abe0bb0c84ab0dc109d943e598b9684d1a4977e3172235cc24615cc4fbae
Instruction Fuzzy Hash: 3F014C7A9043409FDB24CF16D885B62FBE8FF54620F08C59ADD498BB56D375E408CA62

Uniqueness

Uniqueness Score: -1.00%

Function 0136AC2A Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0136AC6E

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: b7c92a9dfcb4e6d96e90cd348ae68aa1770cbbaf8c9880f48d8bf3f29f22f701
Instruction ID: 7797430877ce1e0e8ea0264cd00a926d843368fe82474379523b02d83c958a00
Opcode Fuzzy Hash: b7c92a9dfcb4e6d96e90cd348ae68aa1770cbbaf8c9880f48d8bf3f29f22f701
Instruction Fuzzy Hash: 77015E318006409FDB218F55D944B52FBE4EF48324F08C99ADE498BA56D375A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 055E0032 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetComputerNameW.KERNEL32(?,00000E24,?,?), ref: 055E0082

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 98528c17c20cb06edf5f0d28b5e214ab3c2a03e3587dc59c47657160c8892cf1
Instruction ID: 90907b9e21b96fa00bcd424235048e938ea08d7eed212a669c27915f1fc5461a
Opcode Fuzzy Hash: 98528c17c20cb06edf5f0d28b5e214ab3c2a03e3587dc59c47657160c8892cf1
Instruction Fuzzy Hash: CC01D671900200ABD310DF16CC46B66FBE8FB88B20F148159EC089BB41D735F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0136BD62 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,?,?,?,?), ref: 0136BDA0

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 75379bde698f0b0caac8dbee8457e3af9e8d43454885b7b21db243097bfc9ec9
Instruction ID: f474f025f7ee5ed3e0fc4c69557606cf0d6254185937d1f7867da5294dd63516
Opcode Fuzzy Hash: 75379bde698f0b0caac8dbee8457e3af9e8d43454885b7b21db243097bfc9ec9
Instruction Fuzzy Hash: ED01C031900200DFDB208F45D844B55FBE4EF14324F08C49ADD898EA16C335A018CF62

Uniqueness

Uniqueness Score: -1.00%

Function 0136BBC2 Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E24,?,?), ref: 0136BC12

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 78073f8bd3797361775ad54c52105c13b1975c5b6c241f1ffcc8d3fc74c6a675
Instruction ID: 12137c7e950a4302d9a7b7a874cbf0c558d3a69a242aa6db99c0795a5882fa0b
Opcode Fuzzy Hash: 78073f8bd3797361775ad54c52105c13b1975c5b6c241f1ffcc8d3fc74c6a675
Instruction Fuzzy Hash: D401D671900200ABD310DF16CC46B66FBE8FB88B20F14815AEC089BB41D771F915CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0136A74E Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0136A780

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: d06ac989f7b175280a3db6e6a828207ffff1b4f20ddff5b5abf1a29e8d2a74d4
Instruction ID: af7aef25bb235a062b439c96255bd2d94b5521bcc3cf74607596ea24b18d1a41
Opcode Fuzzy Hash: d06ac989f7b175280a3db6e6a828207ffff1b4f20ddff5b5abf1a29e8d2a74d4
Instruction Fuzzy Hash: 5701F2759002408FDB10CF5AD985766FBE8EF04224F08C4ABDC4A8FB46D379E408CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 055E3F02 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 055E3F3D

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 3ab06408eecb0e7baf8049a94c8407e65090287c29c371c9d43f40136af7b79c
Instruction ID: 8b4746051cf311b7d9ce8d8068633dbe9fab724c8a23410b1945e7606f1fb4ac
Opcode Fuzzy Hash: 3ab06408eecb0e7baf8049a94c8407e65090287c29c371c9d43f40136af7b79c
Instruction Fuzzy Hash: 920171369006409FDB248F16D884B65FBF4FF04720F08C59EED554BA62D375E458DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0136ADCE Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0136AE00

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 04b69e3288ddab933090cad3b656f213e869f21daceb7f1490f9be149771b186
Instruction ID: 26c5f9e87a5457efeb53fb4cd7d82ac024618f1b45bdbb0a7e69a509362f8cd9
Opcode Fuzzy Hash: 04b69e3288ddab933090cad3b656f213e869f21daceb7f1490f9be149771b186
Instruction Fuzzy Hash: 4301DC71800244CFDB20CF1ADC84762FBE8EF44324F08C4AADD499FB56D379A448CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 055E3B16 Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 055E3B51

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 3744af391f02b95245ba680b6a211568e59e4df088fc1a2b5b5f0029b45d754c
Instruction ID: c08ba35a1a5f7b875b820b69361ce2f509cb5aa369a76c0798e0bae58e9bc287
Opcode Fuzzy Hash: 3744af391f02b95245ba680b6a211568e59e4df088fc1a2b5b5f0029b45d754c
Instruction Fuzzy Hash: C4018F36804244DFDB20CF06D884B61FBE4FF08320F09C99ADD4A4BA62D375A418CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 055E3DB2 Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 055E3DE4

Memory Dump Source

Source File: 00000001.00000002.2852961360.00000000055E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_55e0000_xkzdRi6nGpg3.jbxd

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 3a7f45e6284e86529a38d76664a56b170390048ffd8b827f624bc742a900f810
Instruction ID: c4abea701c28180212921823243ff26cafa17047139efde60e3c9d17e796b3e2
Opcode Fuzzy Hash: 3a7f45e6284e86529a38d76664a56b170390048ffd8b827f624bc742a900f810
Instruction Fuzzy Hash: BFF087759002409FDB24CF06D985B61FBA4FF44224F09C9EADD494BB52D379A508CEA2

Uniqueness

Uniqueness Score: -1.00%

Function 0136A2DA Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0136A30C

Memory Dump Source

Source File: 00000001.00000002.2851009910.000000000136A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_136a000_xkzdRi6nGpg3.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: b629689f2bc900944c6a6b9f63aa92881f6ea0a07d07afa7bc4bdeb68aa9a97c
Instruction ID: 40290f06e8cd28c641214749d74a29258926d4d7e12d1f790d80c2fdb6cdfd26
Opcode Fuzzy Hash: b629689f2bc900944c6a6b9f63aa92881f6ea0a07d07afa7bc4bdeb68aa9a97c
Instruction Fuzzy Hash: 3FF0AF358042448FDB208F06D884761FBE8EF04624F18C19ADD495FB56D3B9A548CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 05621C60 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2852984743.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5620000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a047b054e5582b5bbaa129ebd1cb9a863a03669c62b5b2f3e81075d6fa0a99ab
Instruction ID: bd317fe7321ff611519d3fd79ffb9cbea474daf1d1f8cfc96f65e55e8ac7050d
Opcode Fuzzy Hash: a047b054e5582b5bbaa129ebd1cb9a863a03669c62b5b2f3e81075d6fa0a99ab
Instruction Fuzzy Hash: EE11BAB5908341AFD350CF19D840A5BFBE4FB88664F04895EF998D7711D335EA088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 018007C4 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851511713.0000000001800000.00000040.00000020.00020000.00000000.sdmp, Offset: 01800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1800000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4fb0a89c896cbba27319e9f3ef3fb624d30ec602d79204b53dd08debc5fe937
Instruction ID: 31490f0d24845d7a3fdba6dc44bab3e83a20268fa94eb4cb9a06b91d90dd19b2
Opcode Fuzzy Hash: a4fb0a89c896cbba27319e9f3ef3fb624d30ec602d79204b53dd08debc5fe937
Instruction Fuzzy Hash: 0A11D231208248DFD716CB14DD40B25BBA5AB88718F24C5ADF9499BB93C77BDA03CA91

Uniqueness

Uniqueness Score: -1.00%

Function 0180079C Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851511713.0000000001800000.00000040.00000020.00020000.00000000.sdmp, Offset: 01800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1800000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8344cccb5fa1215ca2523c054a26114bbf0578d603c78f46eb087e722d390bf
Instruction ID: 1fc9a3e204881b8dc39e9f4b9f4d1baffcd5b371d903ba5dd6f93ed90cb83611
Opcode Fuzzy Hash: b8344cccb5fa1215ca2523c054a26114bbf0578d603c78f46eb087e722d390bf
Instruction Fuzzy Hash: E721383110D7C48FC7138B24DD94B10BFB1AB46308F1986EEE4898A6A3C33A8906CB52

Uniqueness

Uniqueness Score: -1.00%

Function 05621B04 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2852984743.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5620000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4558c23ed3a0ac6973515561c1442a865dfd5e4eeedcbd96200672e40a43f026
Instruction ID: a2c21cc8b1d6cfbb4710cf78a0f0df73d58d909d42939dda28eaa6c81e568040
Opcode Fuzzy Hash: 4558c23ed3a0ac6973515561c1442a865dfd5e4eeedcbd96200672e40a43f026
Instruction Fuzzy Hash: 2B11BEB5908301AFD750CF09DC41E57FBE8EB88660F04891EF95997711D275E9088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0137ADEC Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851058184.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_137a000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec7dac4e54e6069620c488214696295be5b2a684945a445007114d73b17268f
Instruction ID: cfd040dbff875f5207b5f318bc4355fe2818c5273d8c8a2ce6354ab8117fd3b0
Opcode Fuzzy Hash: aec7dac4e54e6069620c488214696295be5b2a684945a445007114d73b17268f
Instruction Fuzzy Hash: 9E11BEB5908301AFD350CF09DC41E57FBE8EB88660F04891EF95997711D275E9088FA2

Uniqueness

Uniqueness Score: -1.00%

Function 018005E0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851511713.0000000001800000.00000040.00000020.00020000.00000000.sdmp, Offset: 01800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1800000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08bbd260416b07ebc498b9dc657058e410367781e45036bc2377f4bf3e700329
Instruction ID: 31d3923b81a202f600520ad382ab3aca365f58f47f51516911f0018ae5ba0541
Opcode Fuzzy Hash: 08bbd260416b07ebc498b9dc657058e410367781e45036bc2377f4bf3e700329
Instruction Fuzzy Hash: 3D018BB55097805FD7118F16AC40862FFF8DE86620749849FF88987612D265A908C772

Uniqueness

Uniqueness Score: -1.00%

Function 01800880 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851511713.0000000001800000.00000040.00000020.00020000.00000000.sdmp, Offset: 01800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1800000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1211cc8331e0b50b07ffe12ea701b48e6298c326ccc82b5efa8e48cefb80fa31
Instruction ID: 530156b938d1bbb51ab7e7ae0eb58152422b1dfba3de09af6483cdb226459ef2
Opcode Fuzzy Hash: 1211cc8331e0b50b07ffe12ea701b48e6298c326ccc82b5efa8e48cefb80fa31
Instruction Fuzzy Hash: CDF03135108644DFC316CF04D940B15FBA2FB89718F24C6ADE94917B62C737D913DA81

Uniqueness

Uniqueness Score: -1.00%

Function 01800774 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851511713.0000000001800000.00000040.00000020.00020000.00000000.sdmp, Offset: 01800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1800000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdd77bfe8561b83ef7e50c76358b8569c3b176aa67975e72b22786af185a331
Instruction ID: 6a4d96ce899cb2384a0157fcc19d13bcbabea8c608e2c22c84aab0bed1f3bc12
Opcode Fuzzy Hash: 5cdd77bfe8561b83ef7e50c76358b8569c3b176aa67975e72b22786af185a331
Instruction Fuzzy Hash: BDF03C35108684DFC316CF10D980B25FBA2FB89718F24C6ADE94957BA2C337D912DA81

Uniqueness

Uniqueness Score: -1.00%

Function 01800606 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851511713.0000000001800000.00000040.00000020.00020000.00000000.sdmp, Offset: 01800000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1800000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c25bfcb9d893b47408381747e166967b91e6ba260984a7994383b6e7af3c08f
Instruction ID: 582ce607677485843946a411be48e5e5a2595cdc3b5135da2788e63fc14196b8
Opcode Fuzzy Hash: 0c25bfcb9d893b47408381747e166967b91e6ba260984a7994383b6e7af3c08f
Instruction Fuzzy Hash: BCE092B6A006404B9760CF0BFC41452F7D8EB88630B08C17FEC0D8BB01E27AB508CAA6

Uniqueness

Uniqueness Score: -1.00%

Function 05621577 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2852984743.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5620000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1da2cfc445b244f1c15052f40c0d915d17d47cb39f24a812e8f08c03b00f8342
Instruction ID: ac8685bc2df2ac3cf42ee0a2557d0052c552e844319c56c1454e264fdda9d2c7
Opcode Fuzzy Hash: 1da2cfc445b244f1c15052f40c0d915d17d47cb39f24a812e8f08c03b00f8342
Instruction Fuzzy Hash: 61E0D8B690030067D220DE079C45F53FB98DB84A30F08C557EE081BB01E176B514C9E1

Uniqueness

Uniqueness Score: -1.00%

Function 05621B53 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2852984743.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5620000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f38f1f95a8ca598413906a86cf8b35771d8466bd0315300d7497382cd8b37475
Instruction ID: 78cf1289abe94511dcc5f81166a92ad079cdacb4d533d99bb3b13d765f5e545a
Opcode Fuzzy Hash: f38f1f95a8ca598413906a86cf8b35771d8466bd0315300d7497382cd8b37475
Instruction Fuzzy Hash: 78E0D8B290030467D2609E079C45F53FB98DB44A30F04C557EE0C1BB02E176B50489F1

Uniqueness

Uniqueness Score: -1.00%

Function 05621CCB Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2852984743.0000000005620000.00000040.00000800.00020000.00000000.sdmp, Offset: 05620000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_5620000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72035db374aefa5f97cf91890af36035affa35a7b3f53124042f259cdc3def1d
Instruction ID: fc7b0cf768d52291d73d35638303995f81a54f76eb71736521e0c10f9ba48437
Opcode Fuzzy Hash: 72035db374aefa5f97cf91890af36035affa35a7b3f53124042f259cdc3def1d
Instruction Fuzzy Hash: 97E0D8B294030067D3208E079C45F52FBDCDB84A31F04C567ED081BB41E176B51889E1

Uniqueness

Uniqueness Score: -1.00%

Function 0137AE3B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2851058184.000000000137A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0137A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_137a000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d12553ea8bb37df78d5a39d5e2cf7d11f5af072645cc71859f108c117a01da48
Instruction ID: 29e30c397f6c79f769f00ff5494212aba529b38719f586b08c27993fcbf30cae
Opcode Fuzzy Hash: d12553ea8bb37df78d5a39d5e2cf7d11f5af072645cc71859f108c117a01da48
Instruction Fuzzy Hash: FBE0D8B294020467D2208E079C45F52FB98DB44A31F04C557FE091B701E176B50489F1

Uniqueness

Uniqueness Score: -1.00%

Function 013623F4 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2850994289.0000000001362000.00000040.00000800.00020000.00000000.sdmp, Offset: 01362000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1362000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf7f78bd4fcc6288fdb48920b54f481eb413a9ea14d433beffbb234a4127893e
Instruction ID: 3710ae34dbcebbbf2d7bd1e48a371aab86412a2ba369ac540809c001d5f621e1
Opcode Fuzzy Hash: cf7f78bd4fcc6288fdb48920b54f481eb413a9ea14d433beffbb234a4127893e
Instruction Fuzzy Hash: 15D05E792056C14FE7179A1CC1A8BA63FE8AF55718F4B84F9A8008BB67CB68D585D600

Uniqueness

Uniqueness Score: -1.00%

Function 013623BC Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.2850994289.0000000001362000.00000040.00000800.00020000.00000000.sdmp, Offset: 01362000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1362000_xkzdRi6nGpg3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37ed65dc29493f34555542321c28f52a97fa63083cd99c855e1e46fb965e19aa
Instruction ID: 3b479683a3d1729830d604cb5434b67102e48c7d6f5edf2b348cda42d1513136
Opcode Fuzzy Hash: 37ed65dc29493f34555542321c28f52a97fa63083cd99c855e1e46fb965e19aa
Instruction Fuzzy Hash: 6AD05E342002814BEB19DB0CC2D4F5A3BD8AB44718F1684E9AC108B766C7A4D8C0DA00

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report xkzdRi6nGpg3.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Njrat

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\xkzdRi6nGpg3.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
xkzdRi6nGpg3.exe

Function 018619F0 Relevance: 12.6, Strings: 9, Instructions: 1396
COMMON

Function 018603F8 Relevance: 1.6, APIs: 1, Instructions: 104
COMMON

Function 0136B5DE Relevance: 1.6, APIs: 1, Instructions: 103
fileCOMMON

Function 018603E8 Relevance: 1.6, APIs: 1, Instructions: 102
COMMON

Function 055E1D7E Relevance: 1.6, APIs: 1, Instructions: 99
registryCOMMON

Function 0136BB4B Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Function 0136A7C7 Relevance: 1.6, APIs: 1, Instructions: 95
registryCOMMON

Function 055E099C Relevance: 1.6, APIs: 1, Instructions: 93
COMMON

Function 055E0894 Relevance: 1.6, APIs: 1, Instructions: 89
timeCOMMON

Function 055E0190 Relevance: 1.6, APIs: 1, Instructions: 89
COMMON

Function 0136A612 Relevance: 1.6, APIs: 1, Instructions: 89
synchronizationCOMMON

Function 055E1DAA Relevance: 1.6, APIs: 1, Instructions: 86
registryCOMMON