Edit tour

Windows Analysis Report
2XnMqJW0u1.exe

Overview

General Information

Sample name:	2XnMqJW0u1.exe renamed because original name is a hash value
Original sample name:	e57c95d15aa7d06d12bad49c0af668c72be26072649e956b35a2ef575fde0cc0.exe
Analysis ID:	1588152
MD5:	c184dc2506baf6db751eb377ed956d80
SHA1:	37dc77b864052992fc80b770a32df7f98ea7aa0c
SHA256:	e57c95d15aa7d06d12bad49c0af668c72be26072649e956b35a2ef575fde0cc0
Tags:	exeXWormuser-adrian__luca
Infos:

Detection

XWorm

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

Yara detected XWorm

AI detected suspicious sample

Binary is likely a compiled AutoIt script file

C2 URLs / IPs found in malware configuration

Connects to many ports of the same IP (likely port scanning)

Drops PE files to the startup folder

Drops VBS files to the startup folder

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Sigma detected: WScript or CScript Dropper

Switches to a custom stack to bypass stack traces

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Extensive use of GetProcAddress (often used to hide API calls)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

OS version to string mapping found (often used in BOTs)

One or more processes crash

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location

Sigma detected: Startup Folder File Write

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

2XnMqJW0u1.exe (PID: 6712 cmdline: "C:\Users\user\Desktop\2XnMqJW0u1.exe" MD5: C184DC2506BAF6DB751EB377ED956D80)

Esher.exe (PID: 7020 cmdline: "C:\Users\user\Desktop\2XnMqJW0u1.exe" MD5: C184DC2506BAF6DB751EB377ED956D80)

RegSvcs.exe (PID: 3536 cmdline: "C:\Users\user\Desktop\2XnMqJW0u1.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

WerFault.exe (PID: 4328 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 1964 MD5: C31336C1EFC2CCB44B4326EA793040F2)

wscript.exe (PID: 3172 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

Esher.exe (PID: 4828 cmdline: "C:\Users\user\AppData\Local\lustring\Esher.exe" MD5: C184DC2506BAF6DB751EB377ED956D80)

RegSvcs.exe (PID: 6104 cmdline: "C:\Users\user\AppData\Local\lustring\Esher.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 1780 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)

conhost.exe (PID: 5144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["87.120.120.15"], "Port": 31952, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V2.1"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x6dbe:$str02: ngrok 0x8b16:$str02: ngrok 0x8b60:$str02: ngrok 0x6b59:$str03: Mutexx 0x8c2a:$str04: FileManagerSplitFileManagerSplit 0x8b34:$str05: InstallngC 0x88d6:$str06: downloadedfile 0x88a8:$str07: creatfile 0x8884:$str08: creatnewfolder 0x8866:$str09: showfolderfile 0x8848:$str10: hidefolderfile 0x881a:$str11: txtttt 0x8d72:$str12: \root\SecurityCenter2 0x8cb0:$str13: [USB] 0x8c96:$str14: [Drive] 0x8c18:$str15: [Folder] 0x8b0c:$str16: HVNC 0x8236:$str17: http://exmple.com/Uploader.php 0x836c:$str18: XKlog.txt 0x8d9e:$str19: Select * from AntivirusProduct 0x8698:$str20: runnnnnn
00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x6dbe:$str02: ngrok 0x8b16:$str02: ngrok 0x8b60:$str02: ngrok 0x6b59:$str03: Mutexx 0x8c2a:$str04: FileManagerSplitFileManagerSplit 0x8b34:$str05: InstallngC 0x88d6:$str06: downloadedfile 0x88a8:$str07: creatfile 0x8884:$str08: creatnewfolder 0x8866:$str09: showfolderfile 0x8848:$str10: hidefolderfile 0x881a:$str11: txtttt 0x8d72:$str12: \root\SecurityCenter2 0x8cb0:$str13: [USB] 0x8c96:$str14: [Drive] 0x8c18:$str15: [Folder] 0x8b0c:$str16: HVNC 0x8236:$str17: http://exmple.com/Uploader.php 0x836c:$str18: XKlog.txt 0x8d9e:$str19: Select * from AntivirusProduct 0x8698:$str20: runnnnnn
00000009.00000002.2409044630.0000000000402000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: Esher.exe PID: 7020	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: Esher.exe PID: 4828	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: RegSvcs.exe PID: 6104	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
8.2.Esher.exe.2030000.1.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
8.2.Esher.exe.2030000.1.unpack	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x4fbe:$str02: ngrok 0x6d16:$str02: ngrok 0x6d60:$str02: ngrok 0x4d59:$str03: Mutexx 0x6e2a:$str04: FileManagerSplitFileManagerSplit 0x6d34:$str05: InstallngC 0x6ad6:$str06: downloadedfile 0x6aa8:$str07: creatfile 0x6a84:$str08: creatnewfolder 0x6a66:$str09: showfolderfile 0x6a48:$str10: hidefolderfile 0x6a1a:$str11: txtttt 0x6f72:$str12: \root\SecurityCenter2 0x6eb0:$str13: [USB] 0x6e96:$str14: [Drive] 0x6e18:$str15: [Folder] 0x6d0c:$str16: HVNC 0x6436:$str17: http://exmple.com/Uploader.php 0x656c:$str18: XKlog.txt 0x6f9e:$str19: Select * from AntivirusProduct 0x6898:$str20: runnnnnn
8.2.Esher.exe.2030000.1.raw.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
8.2.Esher.exe.2030000.1.raw.unpack	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x6dbe:$str02: ngrok 0x8b16:$str02: ngrok 0x8b60:$str02: ngrok 0x6b59:$str03: Mutexx 0x8c2a:$str04: FileManagerSplitFileManagerSplit 0x8b34:$str05: InstallngC 0x88d6:$str06: downloadedfile 0x88a8:$str07: creatfile 0x8884:$str08: creatnewfolder 0x8866:$str09: showfolderfile 0x8848:$str10: hidefolderfile 0x881a:$str11: txtttt 0x8d72:$str12: \root\SecurityCenter2 0x8cb0:$str13: [USB] 0x8c96:$str14: [Drive] 0x8c18:$str15: [Folder] 0x8b0c:$str16: HVNC 0x8236:$str17: http://exmple.com/Uploader.php 0x836c:$str18: XKlog.txt 0x8d9e:$str19: Select * from AntivirusProduct 0x8698:$str20: runnnnnn
2.2.Esher.exe.10e0000.1.raw.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
2.2.Esher.exe.10e0000.1.raw.unpack	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x6dbe:$str02: ngrok 0x8b16:$str02: ngrok 0x8b60:$str02: ngrok 0x6b59:$str03: Mutexx 0x8c2a:$str04: FileManagerSplitFileManagerSplit 0x8b34:$str05: InstallngC 0x88d6:$str06: downloadedfile 0x88a8:$str07: creatfile 0x8884:$str08: creatnewfolder 0x8866:$str09: showfolderfile 0x8848:$str10: hidefolderfile 0x881a:$str11: txtttt 0x8d72:$str12: \root\SecurityCenter2 0x8cb0:$str13: [USB] 0x8c96:$str14: [Drive] 0x8c18:$str15: [Folder] 0x8b0c:$str16: HVNC 0x8236:$str17: http://exmple.com/Uploader.php 0x836c:$str18: XKlog.txt 0x8d9e:$str19: Select * from AntivirusProduct 0x8698:$str20: runnnnnn
2.2.Esher.exe.10e0000.1.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
2.2.Esher.exe.10e0000.1.unpack	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x4fbe:$str02: ngrok 0x6d16:$str02: ngrok 0x6d60:$str02: ngrok 0x4d59:$str03: Mutexx 0x6e2a:$str04: FileManagerSplitFileManagerSplit 0x6d34:$str05: InstallngC 0x6ad6:$str06: downloadedfile 0x6aa8:$str07: creatfile 0x6a84:$str08: creatnewfolder 0x6a66:$str09: showfolderfile 0x6a48:$str10: hidefolderfile 0x6a1a:$str11: txtttt 0x6f72:$str12: \root\SecurityCenter2 0x6eb0:$str13: [USB] 0x6e96:$str14: [Drive] 0x6e18:$str15: [Folder] 0x6d0c:$str16: HVNC 0x6436:$str17: http://exmple.com/Uploader.php 0x656c:$str18: XKlog.txt 0x6f9e:$str19: Select * from AntivirusProduct 0x6898:$str20: runnnnnn
9.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
9.2.RegSvcs.exe.400000.0.unpack	rat_win_xworm_v2	Finds XWorm v2 samples based on characteristic strings	Sekoia.io	0x6dbe:$str02: ngrok 0x8b16:$str02: ngrok 0x8b60:$str02: ngrok 0x6b59:$str03: Mutexx 0x8c2a:$str04: FileManagerSplitFileManagerSplit 0x8b34:$str05: InstallngC 0x88d6:$str06: downloadedfile 0x88a8:$str07: creatfile 0x8884:$str08: creatnewfolder 0x8866:$str09: showfolderfile 0x8848:$str10: hidefolderfile 0x881a:$str11: txtttt 0x8d72:$str12: \root\SecurityCenter2 0x8cb0:$str13: [USB] 0x8c96:$str14: [Drive] 0x8c18:$str15: [Folder] 0x8b0c:$str16: HVNC 0x8236:$str17: http://exmple.com/Uploader.php 0x836c:$str18: XKlog.txt 0x8d9e:$str19: Select * from AntivirusProduct 0x8698:$str20: runnnnnn
Click to see the 5 entries

Sigma Signatures

System Summary

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" , ProcessId: 3172, ProcessName: wscript.exe

Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe" , CommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe, NewProcessName: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe, OriginalFileName: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe" , ProcessId: 1780, ProcessName: RegSvcs.exe

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ProcessId: 3536, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs" , ProcessId: 3172, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\lustring\Esher.exe, ProcessId: 7020, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs

Suricata Signatures

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-10T22:01:18.661977+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.766764+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.874257+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.983223+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.093507+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.201968+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.341405+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.476797+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.592676+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.702157+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.811371+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.920689+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.029950+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.139577+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:24.431761+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.579339+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.742340+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.965357+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.092527+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.202047+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.311306+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.421940+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.530196+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.641749+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.750098+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.858590+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:30.030184+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.139519+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.282302+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.429487+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.545530+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.655213+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.764458+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.873880+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.983230+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.092624+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.202208+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.311234+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.420530+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.529978+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:35.593146+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.701821+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.811285+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.920751+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.030052+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.139245+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.248765+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.358061+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.467550+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.577142+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.686391+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.795726+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.905100+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.014736+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.124051+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:41.249629+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.358667+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.467475+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.577012+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.686444+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.795659+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.905039+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.014376+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.124194+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.233638+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.379455+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.553194+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.745629+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:46.905847+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.014604+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.124152+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.288551+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.434860+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.547227+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.655349+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.764424+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.885637+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.998781+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.108087+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.217492+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.327272+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.436232+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:52.801339+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.906409+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.998947+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.092781+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.186332+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.280079+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.373913+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.467413+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.561427+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.655077+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.748816+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.842570+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.936215+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.029919+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.123755+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:58.218866+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.311354+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.389462+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.467612+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.546059+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.624054+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.702805+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.780238+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.858450+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.936998+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.014567+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.092583+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.170753+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.249679+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.326976+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.405189+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.483337+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.561455+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.639532+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.717559+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:02:03.842631+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.905260+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.967704+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.030184+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.092800+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.155366+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.217658+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.280326+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.342925+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.405037+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.468516+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.530447+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.592802+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.655120+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.717602+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.780171+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.843003+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.905505+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.967662+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.030018+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.092622+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.154967+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.217618+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.280060+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.342539+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:09.451943+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.498727+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.545649+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.592691+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.639514+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.686442+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.733168+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.780070+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.827017+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.873784+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.920974+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.967490+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.014352+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.061353+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.108182+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.155152+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.202324+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.249888+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.301256+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.344094+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.390573+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.436793+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.483237+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.531010+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.587059+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.641896+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.687580+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.733279+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.781203+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.873711+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.928335+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:11.016771+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:14.799787+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.842512+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.873682+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.905527+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.936163+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.967487+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.998631+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.030369+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.062393+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.092561+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.123591+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.154886+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.186394+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.217539+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.248904+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.280017+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.311192+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.342410+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.374443+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.405268+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.436308+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.467668+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.498886+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.530127+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.561419+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.592565+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.623600+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.655081+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.686440+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.717835+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.748884+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.780139+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.820028+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.858219+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.889594+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.920784+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.951949+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.983135+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.014450+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.053241+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.122192+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.155141+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.186848+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.217705+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.248922+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.279996+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.311330+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.342452+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.373626+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:19.675637+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.701955+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.733162+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.764317+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.795601+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.826993+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.858433+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.889695+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.922600+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.952565+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.983978+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.015248+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.045834+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.077029+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.108387+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.139513+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.170658+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.202350+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.233282+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.264600+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.295715+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.327070+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.358368+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.389733+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.420809+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.452026+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.483248+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.514544+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.550320+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.576785+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.608138+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.639389+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.670648+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.701686+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.717501+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.748787+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.780007+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.811269+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.842401+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.874568+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.905129+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.936378+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.967429+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.998523+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.014214+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.029894+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.045562+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.077025+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.092368+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.108102+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.123577+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.139377+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.155066+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.170668+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.186232+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.201829+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.217562+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.233100+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.249079+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:24.092435+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.108109+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.123730+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.139335+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.154862+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.170749+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.186104+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.201855+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.217292+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.233125+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.248559+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.264269+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.280083+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.295532+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.311195+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.326670+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.342586+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.364561+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.373654+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.389267+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.404830+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.420516+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.436068+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.451706+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.467347+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.482866+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.498962+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.514262+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.529765+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.545625+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.561373+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.576844+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.592343+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.608051+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.623605+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.639171+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.658381+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.670770+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.686419+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.701743+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.717435+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.733086+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.748954+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.767949+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.781321+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.796725+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.813580+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.827056+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.842529+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.858206+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.873519+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.889559+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.904796+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.920752+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.936770+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.952281+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.968436+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.060241+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.082163+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.094237+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.121411+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.305889+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.327064+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.342862+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.362601+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.376038+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.393242+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.420526+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.436135+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.451858+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.467390+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.482901+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.498542+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.514248+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.529784+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.545531+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.561350+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.576792+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.592295+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.607872+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.623667+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.639277+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.654920+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.670458+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.686096+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:28.140367+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.157107+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.173143+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.186332+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.202419+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.217426+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.233237+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.248682+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.264386+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.279989+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.295981+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.311274+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.326773+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.342328+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.358006+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.373550+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.389097+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.405088+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.420356+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.436354+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.452338+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.467614+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.483041+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.498714+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.514368+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.530013+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.545551+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.561130+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.576782+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.592515+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.608072+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.623691+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.639617+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.655180+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.670814+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.686428+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.702067+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.717499+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.733121+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.748627+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.764331+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.779899+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.795648+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.811119+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.826796+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.842575+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.858033+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.873529+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.889078+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.904893+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.920392+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.936224+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.952162+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.967363+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.983186+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.998819+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.014340+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.029830+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.045456+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.061240+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.077008+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.092420+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.108121+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.123561+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.139162+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.154837+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.170696+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.196091+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.201991+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.217471+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.232944+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.248451+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.264239+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.279981+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.295468+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.311149+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.326818+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.342554+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.363626+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.376394+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.389280+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.404826+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.420553+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.435995+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.451872+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.467305+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.483155+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.498857+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.514386+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.529976+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.545509+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.561123+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.576640+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.592731+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.608229+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.623619+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.639265+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.655007+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.670949+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.686210+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.701885+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.717447+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.733079+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:31.873828+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.889807+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.905497+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.920539+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.936240+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.951877+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.967351+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.983497+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.999040+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.014570+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.030083+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.045947+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.061356+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.077027+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.092504+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.108068+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.123663+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.139239+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.154841+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.170488+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.186089+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.201779+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.217731+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.233440+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.248756+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.264329+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.313627+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.327137+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.342622+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.363442+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.373597+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.389105+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.404886+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.420654+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.435992+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.451780+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.467299+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.482908+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.498471+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.514303+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.529687+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.545375+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.561322+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.576922+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.592485+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.608074+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.623717+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.639267+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.654973+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.670656+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.686221+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.701651+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.717213+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.732939+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.748640+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.764202+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.780013+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.795446+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.811143+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.826797+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.842424+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.858003+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.873592+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.889384+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.905060+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.920759+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.936140+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.951824+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.967825+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.983169+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.998937+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.014332+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.029872+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.045804+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.061106+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.076816+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.092458+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.108051+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.123638+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.139332+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.154974+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.170594+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.186162+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.201951+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.217578+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.233144+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.248691+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.264527+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.280184+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.295727+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.311354+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.326936+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.342693+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.364878+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.373582+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.389335+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.404851+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.420599+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.436281+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.451781+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.467549+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.482981+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.498874+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:35.358114+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.373666+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.389238+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.404953+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.420420+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.436132+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.451824+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.467435+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.482941+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.498626+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.514433+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.529969+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.545465+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.561183+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.576673+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.592421+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.607996+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.623853+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.639486+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.655052+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.670553+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.686247+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.701814+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.717554+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.733300+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.748553+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.764278+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.779918+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.795900+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.811108+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.826750+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.842486+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.858026+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.873729+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.889336+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.905150+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.920606+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.936203+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.952125+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.967496+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.983166+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.998716+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.014947+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.030317+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.045884+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.061428+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.076777+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.092458+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.107975+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.123544+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.139503+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.154891+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.170625+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.186138+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.201840+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.217317+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.232950+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.248542+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.264223+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.279871+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.295524+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.311004+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.326638+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.342434+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.362669+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.373593+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.389719+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.405063+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.420512+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.436061+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.451895+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.467384+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.483112+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.498693+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.514177+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.529951+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.545455+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.561247+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.583113+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.592330+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.608289+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.623742+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.639562+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.654810+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.670567+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.686304+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.701784+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.717663+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.733204+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.748767+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.764177+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.780029+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.795532+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.811067+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.826873+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.842344+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.858023+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.873558+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.889233+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:38.538727+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.585311+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.590237+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.597141+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.686266+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:40.091592+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:44.309139+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.342655+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.347695+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.405678+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.414806+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.431435+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.461063+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.486279+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.700907+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.023415+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.309746+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:49.912659+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:49.996999+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.182461+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.187487+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.202208+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.217555+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.229533+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.240454+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:51.086678+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:55.606474+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:56.406608+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:57.138801+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:03:01.240883+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.270448+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.275334+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.306487+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.316248+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.007224+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.691230+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.718663+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:06.850586+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.322502+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.466567+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:08.114443+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:16.490344+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.628269+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.792244+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:17.986516+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:22.099812+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:22.566503+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:27.709373+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:28.743935+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:29.139336+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:33.334262+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.369256+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.416120+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:38.949094+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50014	87.120.120.15	31952	TCP
2025-01-10T22:03:48.640117+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.652682+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.731674+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.740847+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.804115+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:54.266706+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.325263+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.339815+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:55.240342+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:59.929357+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.969550+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.974403+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:00.096946+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:03.947342+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:03.983419+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.224184+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.242501+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.287649+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:13.619175+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.776251+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.795257+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:19.279254+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.317247+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.353387+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.372545+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:27.338474+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.363671+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.436569+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.441552+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.563181+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.645803+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.680789+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.692957+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.703092+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.708137+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.752656+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.757816+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.762856+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.772686+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.975713+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.288237+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.298210+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.311270+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:36.978720+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:37.013566+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:46.653339+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.716633+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.721434+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.730381+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.737731+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.747493+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.867532+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.877229+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.885313+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.890165+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.911385+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.951202+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.985540+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.995443+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.005752+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.021710+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.066322+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.076543+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.190969+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.225877+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP

ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-10T22:01:18.661977+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.766764+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.874257+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.983223+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.093507+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.201968+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.341405+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.476797+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.592676+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.702157+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.811371+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.920689+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.029950+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.139577+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:24.431761+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.579339+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.742340+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.965357+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.092527+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.202047+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.311306+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.421940+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.530196+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.641749+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.750098+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.858590+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:30.030184+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.139519+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.282302+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.429487+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.545530+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.655213+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.764458+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.873880+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.983230+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.092624+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.202208+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.311234+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.420530+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.529978+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:35.593146+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.701821+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.811285+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.920751+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.030052+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.139245+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.248765+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.358061+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.467550+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.577142+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.686391+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.795726+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.905100+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.014736+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.124051+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:41.249629+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.358667+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.467475+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.577012+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.686444+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.795659+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.905039+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.014376+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.124194+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.233638+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.379455+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.553194+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.745629+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:46.905847+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.014604+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.124152+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.288551+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.434860+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.547227+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.655349+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.764424+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.885637+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.998781+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.108087+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.217492+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.327272+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.436232+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:52.801339+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.906409+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.998947+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.092781+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.186332+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.280079+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.373913+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.467413+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.561427+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.655077+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.748816+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.842570+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.936215+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.029919+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.123755+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:58.218866+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.311354+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.389462+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.467612+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.546059+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.624054+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.702805+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.780238+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.858450+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.936998+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.014567+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.092583+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.170753+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.249679+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.326976+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.405189+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.483337+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.561455+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.639532+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.717559+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:02:03.842631+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.905260+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.967704+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.030184+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.092800+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.155366+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.217658+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.280326+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.342925+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.405037+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.468516+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.530447+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.592802+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.655120+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.717602+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.780171+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.843003+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.905505+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.967662+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.030018+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.092622+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.154967+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.217618+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.280060+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.342539+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:09.451943+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.498727+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.545649+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.592691+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.639514+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.686442+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.733168+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.780070+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.827017+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.873784+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.920974+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.967490+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.014352+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.061353+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.108182+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.155152+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.202324+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.249888+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.301256+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.344094+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.390573+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.436793+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.483237+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.531010+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.587059+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.641896+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.687580+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.733279+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.781203+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.873711+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.928335+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:11.016771+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:14.799787+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.842512+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.873682+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.905527+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.936163+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.967487+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.998631+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.030369+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.062393+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.092561+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.123591+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.154886+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.186394+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.217539+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.248904+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.280017+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.311192+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.342410+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.374443+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.405268+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.436308+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.467668+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.498886+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.530127+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.561419+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.592565+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.623600+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.655081+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.686440+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.717835+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.748884+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.780139+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.820028+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.858219+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.889594+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.920784+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.951949+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.983135+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.014450+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.053241+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.122192+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.155141+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.186848+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.217705+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.248922+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.279996+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.311330+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.342452+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.373626+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:19.675637+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.701955+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.733162+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.764317+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.795601+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.826993+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.858433+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.889695+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.922600+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.952565+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.983978+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.015248+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.045834+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.077029+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.108387+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.139513+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.170658+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.202350+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.233282+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.264600+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.295715+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.327070+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.358368+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.389733+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.420809+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.452026+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.483248+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.514544+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.550320+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.576785+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.608138+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.639389+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.670648+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.701686+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.717501+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.748787+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.780007+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.811269+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.842401+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.874568+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.905129+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.936378+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.967429+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.998523+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.014214+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.029894+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.045562+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.077025+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.092368+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.108102+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.123577+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.139377+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.155066+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.170668+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.186232+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.201829+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.217562+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.233100+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.249079+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:24.092435+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.108109+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.123730+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.139335+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.154862+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.170749+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.186104+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.201855+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.217292+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.233125+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.248559+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.264269+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.280083+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.295532+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.311195+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.326670+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.342586+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.364561+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.373654+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.389267+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.404830+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.420516+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.436068+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.451706+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.467347+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.482866+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.498962+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.514262+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.529765+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.545625+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.561373+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.576844+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.592343+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.608051+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.623605+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.639171+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.658381+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.670770+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.686419+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.701743+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.717435+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.733086+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.748954+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.767949+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.781321+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.796725+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.813580+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.827056+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.842529+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.858206+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.873519+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.889559+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.904796+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.920752+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.936770+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.952281+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.968436+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.060241+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.082163+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.094237+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.121411+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.305889+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.327064+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.342862+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.362601+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.376038+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.393242+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.420526+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.436135+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.451858+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.467390+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.482901+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.498542+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.514248+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.529784+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.545531+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.561350+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.576792+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.592295+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.607872+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.623667+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.639277+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.654920+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.670458+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.686096+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:28.140367+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.157107+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.173143+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.186332+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.202419+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.217426+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.233237+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.248682+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.264386+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.279989+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.295981+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.311274+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.326773+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.342328+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.358006+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.373550+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.389097+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.405088+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.420356+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.436354+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.452338+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.467614+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.483041+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.498714+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.514368+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.530013+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.545551+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.561130+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.576782+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.592515+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.608072+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.623691+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.639617+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.655180+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.670814+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.686428+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.702067+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.717499+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.733121+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.748627+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.764331+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.779899+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.795648+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.811119+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.826796+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.842575+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.858033+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.873529+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.889078+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.904893+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.920392+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.936224+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.952162+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.967363+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.983186+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.998819+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.014340+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.029830+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.045456+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.061240+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.077008+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.092420+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.108121+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.123561+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.139162+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.154837+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.170696+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.196091+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.201991+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.217471+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.232944+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.248451+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.264239+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.279981+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.295468+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.311149+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.326818+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.342554+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.363626+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.376394+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.389280+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.404826+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.420553+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.435995+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.451872+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.467305+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.483155+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.498857+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.514386+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.529976+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.545509+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.561123+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.576640+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.592731+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.608229+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.623619+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.639265+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.655007+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.670949+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.686210+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.701885+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.717447+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.733079+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:31.873828+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.889807+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.905497+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.920539+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.936240+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.951877+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.967351+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.983497+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.999040+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.014570+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.030083+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.045947+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.061356+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.077027+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.092504+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.108068+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.123663+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.139239+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.154841+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.170488+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.186089+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.201779+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.217731+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.233440+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.248756+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.264329+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.313627+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.327137+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.342622+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.363442+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.373597+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.389105+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.404886+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.420654+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.435992+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.451780+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.467299+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.482908+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.498471+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.514303+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.529687+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.545375+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.561322+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.576922+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.592485+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.608074+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.623717+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.639267+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.654973+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.670656+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.686221+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.701651+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.717213+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.732939+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.748640+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.764202+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.780013+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.795446+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.811143+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.826797+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.842424+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.858003+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.873592+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.889384+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.905060+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.920759+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.936140+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.951824+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.967825+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.983169+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.998937+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.014332+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.029872+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.045804+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.061106+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.076816+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.092458+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.108051+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.123638+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.139332+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.154974+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.170594+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.186162+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.201951+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.217578+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.233144+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.248691+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.264527+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.280184+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.295727+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.311354+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.326936+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.342693+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.364878+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.373582+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.389335+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.404851+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.420599+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.436281+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.451781+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.467549+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.482981+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.498874+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:35.358114+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.373666+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.389238+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.404953+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.420420+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.436132+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.451824+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.467435+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.482941+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.498626+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.514433+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.529969+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.545465+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.561183+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.576673+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.592421+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.607996+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.623853+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.639486+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.655052+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.670553+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.686247+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.701814+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.717554+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.733300+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.748553+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.764278+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.779918+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.795900+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.811108+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.826750+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.842486+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.858026+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.873729+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.889336+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.905150+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.920606+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.936203+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.952125+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.967496+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.983166+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.998716+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.014947+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.030317+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.045884+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.061428+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.076777+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.092458+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.107975+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.123544+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.139503+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.154891+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.170625+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.186138+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.201840+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.217317+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.232950+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.248542+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.264223+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.279871+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.295524+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.311004+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.326638+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.342434+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.362669+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.373593+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.389719+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.405063+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.420512+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.436061+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.451895+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.467384+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.483112+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.498693+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.514177+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.529951+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.545455+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.561247+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.583113+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.592330+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.608289+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.623742+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.639562+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.654810+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.670567+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.686304+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.701784+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.717663+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.733204+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.748767+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.764177+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.780029+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.795532+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.811067+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.826873+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.842344+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.858023+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.873558+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.889233+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:38.538727+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.585311+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.590237+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.597141+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.686266+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:40.091592+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:44.309139+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.342655+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.347695+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.405678+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.414806+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.431435+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.461063+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.486279+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.700907+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.023415+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.309746+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:49.912659+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:49.996999+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.182461+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.187487+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.202208+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.217555+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.229533+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.240454+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:51.086678+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:55.606474+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:56.406608+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:57.138801+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:03:01.240883+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.270448+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.275334+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.306487+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.316248+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.007224+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.691230+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.718663+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:06.850586+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.322502+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.466567+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:08.114443+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:16.490344+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.628269+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.792244+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:17.986516+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:22.099812+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:22.566503+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:27.709373+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:28.743935+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:29.139336+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:33.334262+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.369256+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.416120+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:38.949094+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50014	87.120.120.15	31952	TCP
2025-01-10T22:03:48.640117+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.652682+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.731674+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.740847+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.804115+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:54.266706+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.325263+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.339815+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:55.240342+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:59.929357+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.969550+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.974403+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:00.096946+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:03.947342+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:03.983419+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.224184+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.242501+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.287649+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:13.619175+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.776251+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.795257+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:19.279254+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.317247+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.353387+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.372545+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:27.338474+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.363671+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.436569+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.441552+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.563181+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.645803+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.680789+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.692957+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.703092+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.708137+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.752656+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.757816+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.762856+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.772686+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.975713+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.288237+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.298210+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.311270+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:36.978720+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:37.013566+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:46.653339+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.716633+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.721434+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.730381+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.737731+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.747493+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.867532+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.877229+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.885313+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.890165+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.911385+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.951202+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.985540+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.995443+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.005752+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.021710+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.066322+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.076543+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.190969+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.225877+0100	2852873	1	Malware Command and Control Activity Detected	192.168.2.6	50051	87.120.120.15	31952	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000003.00000002.4481495089.0000000002951000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Xworm {"C2 url": ["87.120.120.15"], "Port": 31952, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V2.1"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\lustring\Esher.exe

ReversingLabs: Detection: 82%

Multi AV Scanner detection for submitted file

Source: 2XnMqJW0u1.exe

ReversingLabs: Detection: 82%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\lustring\Esher.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 2XnMqJW0u1.exe

Joe Sandbox ML: detected

Source: 2XnMqJW0u1.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: mscorlib.pdb1wr source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Xml.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: \??\C:\Windows\System.pdbi source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E77000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.pdbTe source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: ?8oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000A.00000000.2429284309.0000000000C52000.00000002.00000001.01000000.00000008.sdmp, RegSvcs.exe.3.dr
Source:	Binary string: wntdll.pdbUGP source: Esher.exe, 00000002.00000003.2244752002.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000002.00000003.2244063711.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2396511131.0000000004140000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2395453932.00000000042E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Esher.exe, 00000002.00000003.2244752002.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000002.00000003.2244063711.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2396511131.0000000004140000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2395453932.00000000042E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Windows.Forms.pdb.> source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbhl source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.pdb, source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000A.00000000.2429284309.0000000000C52000.00000002.00000001.01000000.00000008.sdmp, RegSvcs.exe.3.dr
Source:	Binary string: System.Configuration.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: .Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: RegSvcs.exe, 00000003.00000002.4480892253.0000000000C31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Xml.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Xml.pdb` source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.pdb source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Core.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: %%.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: HP,o0C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: @8o.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E80000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4482033119.0000000004E74000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp, WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: mscorlib.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Core.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERD8BB.tmp.dmp.19.dr

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092445A GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0092445A
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092C6D1 FindFirstFileW,FindClose,	0_2_0092C6D1
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0092C75C
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0092EF95
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0092F0F2
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0092F3F3
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_009237EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_009237EF
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00923B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00923B12
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0092BCBC
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078445A GetFileAttributesW,FindFirstFileW,FindClose,	2_2_0078445A
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078C6D1 FindFirstFileW,FindClose,	2_2_0078C6D1
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	2_2_0078C75C
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_0078EF95
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_0078F0F2
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_0078F3F3
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007837EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_007837EF
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00783B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_00783B12
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_0078BCBC

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49767 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49808 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49843 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49843 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49879 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49879 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49808 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49767 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49918 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49918 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49956 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49956 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49988 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49988 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49989 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49989 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49994 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49994 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49992 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49996 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49992 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49999 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49999 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49996 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50002 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50000 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50002 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50003 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50000 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50003 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50006 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49998 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49998 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50006 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50008 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50008 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50010 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50010 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49991 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49991 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50012 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50012 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50013 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50013 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50018 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50018 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50020 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50020 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50022 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50022 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:49995 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49995 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50024 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50024 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50030 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50030 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50035 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50035 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50042 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50042 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50051 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50051 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50011 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50011 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50028 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50028 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50004 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50004 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50014 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50014 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.6:50005 -> 87.120.120.15:31952
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:50005 -> 87.120.120.15:31952

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 87.120.120.15

Connects to many ports of the same IP (likely port scanning)

Source: global traffic

TCP traffic: 87.120.120.15 ports 1,2,3,5,9,31952

Source: global traffic

TCP traffic: 192.168.2.6:49767 -> 87.120.120.15:31952

Source: Joe Sandbox View

ASN Name: UNACS-AS-BG8000BurgasBG UNACS-AS-BG8000BurgasBG

Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15
Source: unknown	TCP traffic detected without corresponding DNS query: 87.120.120.15

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_009322EE InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

0_2_009322EE

Source: Esher.exe, 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4481495089.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Esher.exe, 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2415325084.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2409044630.0000000000402000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://exmple.com/Uploader.php
Source: RegSvcs.exe, 00000003.00000002.4481495089.0000000002951000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.19.dr	String found in binary or memory: http://upx.sf.net

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00934164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

0_2_00934164

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00934164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,		0_2_00934164
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00794164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,		2_2_00794164

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00933F66 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

0_2_00933F66

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0092001C GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

0_2_0092001C

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0094CABC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,		0_2_0094CABC
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007ACABC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,		2_2_007ACABC

System Summary

Malicious sample detected (through community Yara rule)

Source: 8.2.Esher.exe.2030000.1.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
Source: 8.2.Esher.exe.2030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
Source: 2.2.Esher.exe.10e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
Source: 2.2.Esher.exe.10e0000.1.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
Source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
Source: 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io
Source: 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Finds XWorm v2 samples based on characteristic strings Author: Sekoia.io

Binary is likely a compiled AutoIt script file

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: This is a third-party compiled AutoIt script.	0_2_008C3B3A
Source: 2XnMqJW0u1.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: 2XnMqJW0u1.exe, 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_833bd9d4-5
Source: 2XnMqJW0u1.exe, 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_25bb2be3-0
Source: 2XnMqJW0u1.exe, 00000000.00000003.2210618125.0000000003C03000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_2ad44d34-d
Source: 2XnMqJW0u1.exe, 00000000.00000003.2210618125.0000000003C03000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_8a23236b-3
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: This is a third-party compiled AutoIt script.	2_2_00723B3A
Source: Esher.exe	String found in binary or memory: This is a third-party compiled AutoIt script.
Source: Esher.exe, 00000002.00000000.2210905410.00000000007D4000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_0568c4c0-e
Source: Esher.exe, 00000002.00000000.2210905410.00000000007D4000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_cdaf4a5d-5
Source: Esher.exe, 00000008.00000000.2356195433.00000000007D4000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_e4a5e0b9-0
Source: Esher.exe, 00000008.00000000.2356195433.00000000007D4000.00000002.00000001.01000000.00000004.sdmp	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_9754377a-8
Source: 2XnMqJW0u1.exe	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_f19aca85-b
Source: 2XnMqJW0u1.exe	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_ca1b9b18-9
Source: Esher.exe.0.dr	String found in binary or memory: This is a third-party compiled AutoIt script.	memstr_d9532482-e
Source: Esher.exe.0.dr	String found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox\|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`	memstr_d3bcefa9-9

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0092A1EF: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,

0_2_0092A1EF

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00918310 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

0_2_00918310

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_009251BD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,		0_2_009251BD
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007851BD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,		2_2_007851BD

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008CE6A0	0_2_008CE6A0
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008ED975	0_2_008ED975
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008CFCE0	0_2_008CFCE0
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E21C5	0_2_008E21C5
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008F62D2	0_2_008F62D2
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_009403DA	0_2_009403DA
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008F242E	0_2_008F242E
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E25FA	0_2_008E25FA
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D66E1	0_2_008D66E1
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0091E616	0_2_0091E616
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008F878F	0_2_008F878F
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00928889	0_2_00928889
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D8808	0_2_008D8808
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00940857	0_2_00940857
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008F6844	0_2_008F6844
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008ECB21	0_2_008ECB21
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008F6DB6	0_2_008F6DB6
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D6F9E	0_2_008D6F9E
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D3030	0_2_008D3030
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E3187	0_2_008E3187
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008EF1D9	0_2_008EF1D9
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008C1287	0_2_008C1287
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E1484	0_2_008E1484
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D5520	0_2_008D5520
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E7696	0_2_008E7696
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D5760	0_2_008D5760
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E1978	0_2_008E1978
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008F9AB5	0_2_008F9AB5
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E1D90	0_2_008E1D90
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008EBDA6	0_2_008EBDA6
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00947DDB	0_2_00947DDB
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008D3FE0	0_2_008D3FE0
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008CDF00	0_2_008CDF00
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_013E72C0	0_2_013E72C0
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0072E6A0	2_2_0072E6A0
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0074D975	2_2_0074D975
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0072FCE0	2_2_0072FCE0
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007421C5	2_2_007421C5
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007562D2	2_2_007562D2
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007A03DA	2_2_007A03DA
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0075242E	2_2_0075242E
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007425FA	2_2_007425FA
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0077E616	2_2_0077E616
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007366E1	2_2_007366E1
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0075878F	2_2_0075878F
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007A0857	2_2_007A0857
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00756844	2_2_00756844
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00738808	2_2_00738808
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00788889	2_2_00788889
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0074CB21	2_2_0074CB21
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00756DB6	2_2_00756DB6
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00736F9E	2_2_00736F9E
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00733030	2_2_00733030
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0074F1D9	2_2_0074F1D9
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00743187	2_2_00743187
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00721287	2_2_00721287
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00741484	2_2_00741484
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00735520	2_2_00735520
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00747696	2_2_00747696
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00735760	2_2_00735760
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00741978	2_2_00741978
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00759AB5	2_2_00759AB5
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007A7DDB	2_2_007A7DDB
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0074BDA6	2_2_0074BDA6
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00741D90	2_2_00741D90
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0072DF00	2_2_0072DF00
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00733FE0	2_2_00733FE0
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_015F8128	2_2_015F8128

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: String function: 008E0AE3 appears 70 times
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: String function: 008C7DE1 appears 35 times
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: String function: 008E8900 appears 42 times
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: String function: 00748900 appears 42 times
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: String function: 00727DE1 appears 36 times
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: String function: 00740AE3 appears 70 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 1964

Source: 2XnMqJW0u1.exe

Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: 8.2.Esher.exe.2030000.1.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
Source: 8.2.Esher.exe.2030000.1.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
Source: 2.2.Esher.exe.10e0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
Source: 2.2.Esher.exe.10e0000.1.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
Source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
Source: 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8
Source: 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: rat_win_xworm_v2 author = Sekoia.io, description = Finds XWorm v2 samples based on characteristic strings, creation_date = 2022-11-07, classification = TLP:CLEAR, version = 1.0, reference = https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/, id = 6cf06f52-0337-415d-8f29-f63d67e228f8

Source: classification engine

Classification label: mal100.troj.adwa.expl.evad.winEXE@13/14@0/1

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0092A06A GetLastError,FormatMessageW,

0_2_0092A06A

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_009181CB AdjustTokenPrivileges,CloseHandle,	0_2_009181CB
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_009187E1 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,	0_2_009187E1
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007781CB AdjustTokenPrivileges,CloseHandle,	2_2_007781CB
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007787E1 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,	2_2_007787E1

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0092B3FB SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

0_2_0092B3FB

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0093EE0D CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,

0_2_0093EE0D

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0092C397 CoInitialize,CoCreateInstance,CoUninitialize,

0_2_0092C397

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C4E89 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,

0_2_008C4E89

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

File created: C:\Users\user\AppData\Local\lustring

Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5144:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3536
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\dKUknpjo9tF1uRbX

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

File created: C:\Users\user\AppData\Local\Temp\aut6222.tmp

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs"

Source: 2XnMqJW0u1.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2XnMqJW0u1.exe

ReversingLabs: Detection: 82%

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

File read: C:\Users\user\Desktop\2XnMqJW0u1.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\2XnMqJW0u1.exe "C:\Users\user\Desktop\2XnMqJW0u1.exe"
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Process created: C:\Users\user\AppData\Local\lustring\Esher.exe "C:\Users\user\Desktop\2XnMqJW0u1.exe"
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\2XnMqJW0u1.exe"
Source: unknown	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\lustring\Esher.exe "C:\Users\user\AppData\Local\lustring\Esher.exe"
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\lustring\Esher.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 1964
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Process created: C:\Users\user\AppData\Local\lustring\Esher.exe "C:\Users\user\Desktop\2XnMqJW0u1.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\2XnMqJW0u1.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\lustring\Esher.exe "C:\Users\user\AppData\Local\lustring\Esher.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\lustring\Esher.exe"	Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: wldp.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: 2XnMqJW0u1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 2XnMqJW0u1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 2XnMqJW0u1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 2XnMqJW0u1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 2XnMqJW0u1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 2XnMqJW0u1.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: 2XnMqJW0u1.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mscorlib.pdb1wr source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Xml.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: \??\C:\Windows\System.pdbi source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E77000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.pdbTe source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: ?8oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: RegSvcs.pdb, source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000A.00000000.2429284309.0000000000C52000.00000002.00000001.01000000.00000008.sdmp, RegSvcs.exe.3.dr
Source:	Binary string: wntdll.pdbUGP source: Esher.exe, 00000002.00000003.2244752002.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000002.00000003.2244063711.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2396511131.0000000004140000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2395453932.00000000042E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Esher.exe, 00000002.00000003.2244752002.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000002.00000003.2244063711.0000000003A60000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2396511131.0000000004140000.00000004.00001000.00020000.00000000.sdmp, Esher.exe, 00000008.00000003.2395453932.00000000042E0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Windows.Forms.pdb.> source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbhl source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.pdb, source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: RegSvcs.pdb source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 0000000A.00000000.2429284309.0000000000C52000.00000002.00000001.01000000.00000008.sdmp, RegSvcs.exe.3.dr
Source:	Binary string: System.Configuration.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: .Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: RegSvcs.exe, 00000003.00000002.4480892253.0000000000C31000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Xml.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Xml.pdb` source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.pdb source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E77000.00000004.00000020.00020000.00000000.sdmp, WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Core.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: %%.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: HP,o0C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: @8o.pdb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E80000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4482033119.0000000004E74000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp, WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: mscorlib.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Management.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Core.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: symbols\dll\mscorlib.pdbLb source: RegSvcs.exe, 00000003.00000002.4483551143.0000000006A5A000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.ni.pdb source: WERD8BB.tmp.dmp.19.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WERD8BB.tmp.dmp.19.dr

Source: 2XnMqJW0u1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 2XnMqJW0u1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 2XnMqJW0u1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 2XnMqJW0u1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 2XnMqJW0u1.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C4B37 LoadLibraryA,GetProcAddress,

0_2_008C4B37

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008E8945 push ecx; ret	0_2_008E8958
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0072C4C7 push A30072BAh; retn 0072h	2_2_0072C50D
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00748945 push ecx; ret	2_2_00748958

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	File created: C:\Users\user\AppData\Local\lustring\Esher.exe			Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe			Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe

Jump to dropped file

Drops VBS files to the startup folder

Source: C:\Users\user\AppData\Local\lustring\Esher.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs

Jump to dropped file

Source: C:\Users\user\AppData\Local\lustring\Esher.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs

Jump to behavior

Source: C:\Users\user\AppData\Local\lustring\Esher.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe			Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008C48D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,	0_2_008C48D7
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00945376 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,	0_2_00945376
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007248D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,	2_2_007248D7
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007A5376 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,	2_2_007A5376

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008E3187 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_008E3187

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\lustring\Esher.exe	API/Special instruction interceptor: Address: 15F7D4C
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	API/Special instruction interceptor: Address: 1A0B97C

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 1814			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Window / User API: threadDelayed 8098			Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_0-105818

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	API coverage: 4.6 %
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	API coverage: 4.8 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092445A GetFileAttributesW,FindFirstFileW,FindClose,	0_2_0092445A
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092C6D1 FindFirstFileW,FindClose,	0_2_0092C6D1
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	0_2_0092C75C
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0092EF95
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	0_2_0092F0F2
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0092F3F3
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_009237EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_009237EF
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00923B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	0_2_00923B12
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_0092BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	0_2_0092BCBC
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078445A GetFileAttributesW,FindFirstFileW,FindClose,	2_2_0078445A
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078C6D1 FindFirstFileW,FindClose,	2_2_0078C6D1
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	2_2_0078C75C
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_0078EF95
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	2_2_0078F0F2
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_0078F3F3
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_007837EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_007837EF
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00783B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	2_2_00783B12
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0078BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	2_2_0078BCBC

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C49A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_008C49A0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Source: Amcache.hve.19.dr	Binary or memory string: VMware
Source: Amcache.hve.19.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.19.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.19.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.19.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.19.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.19.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.19.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.19.dr	Binary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
Source: wscript.exe, 00000007.00000002.2361843947.000001B6D2E94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: r&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{5d-0,
Source: Amcache.hve.19.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: RegSvcs.exe, 00000003.00000002.4480892253.0000000000C31000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
Source: Amcache.hve.19.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.19.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.19.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.19.dr	Binary or memory string: vmci.sys
Source: wscript.exe, 00000007.00000002.2361843947.000001B6D2E94000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.19.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.19.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.19.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.19.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.19.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.19.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.19.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.19.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.19.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.19.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.19.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.19.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.19.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.19.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.19.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00933F09 BlockInput,

0_2_00933F09

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C3B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_008C3B3A

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008F5A7C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_008F5A7C

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C4B37 LoadLibraryA,GetProcAddress,

0_2_008C4B37

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_013E7150 mov eax, dword ptr fs:[00000030h]	0_2_013E7150
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_013E71B0 mov eax, dword ptr fs:[00000030h]	0_2_013E71B0
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_013E5B30 mov eax, dword ptr fs:[00000030h]	0_2_013E5B30
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_015F8018 mov eax, dword ptr fs:[00000030h]	2_2_015F8018
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_015F6998 mov eax, dword ptr fs:[00000030h]	2_2_015F6998
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_015F7FB8 mov eax, dword ptr fs:[00000030h]	2_2_015F7FB8

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_009180A9 GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,

0_2_009180A9

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008EA124 SetUnhandledExceptionFilter,	0_2_008EA124
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_008EA155 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_008EA155
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0074A155 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0074A155
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_0074A124 SetUnhandledExceptionFilter,	2_2_0074A124

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and write			Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Section loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and write			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 72B008			Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: C4E008			Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_009187B1 LogonUserW,

0_2_009187B1

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C3B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

0_2_008C3B3A

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C48D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,

0_2_008C48D7

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00924C27 mouse_event,

0_2_00924C27

Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\2XnMqJW0u1.exe"	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\lustring\Esher.exe "C:\Users\user\AppData\Local\lustring\Esher.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\AppData\Local\lustring\Esher.exe"	Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00917CAF GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

0_2_00917CAF

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_0091874B AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

0_2_0091874B

Source: 2XnMqJW0u1.exe, Esher.exe.0.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: 2XnMqJW0u1.exe, Esher.exe	Binary or memory string: Shell_TrayWnd

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008E862B cpuid

0_2_008E862B

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Queries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008F4E87 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_008F4E87

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_00901E06 GetUserNameW,

0_2_00901E06

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008F3F3A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

0_2_008F3F3A

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Code function: 0_2_008C49A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

0_2_008C49A0

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.19.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.19.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.19.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.19.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: RegSvcs.exe, 00000003.00000002.4482033119.0000000004E80000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4482033119.0000000004EB2000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4482033119.0000000004E48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.19.dr	Binary or memory string: MsMpEng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 8.2.Esher.exe.2030000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.Esher.exe.2030000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Esher.exe.10e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Esher.exe.10e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2409044630.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Esher.exe PID: 7020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Esher.exe PID: 4828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6104, type: MEMORYSTR

Source: Esher.exe	Binary or memory string: WIN_81
Source: Esher.exe	Binary or memory string: WIN_XP
Source: Esher.exe	Binary or memory string: WIN_XPe
Source: Esher.exe	Binary or memory string: WIN_VISTA
Source: Esher.exe	Binary or memory string: WIN_7
Source: Esher.exe	Binary or memory string: WIN_8
Source: Esher.exe.0.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 8.2.Esher.exe.2030000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.Esher.exe.2030000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Esher.exe.10e0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.Esher.exe.10e0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2409044630.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Esher.exe PID: 7020, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Esher.exe PID: 4828, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6104, type: MEMORYSTR

Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00936283 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,	0_2_00936283
Source: C:\Users\user\Desktop\2XnMqJW0u1.exe	Code function: 0_2_00936747 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,	0_2_00936747
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00796283 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,	2_2_00796283
Source: C:\Users\user\AppData\Local\lustring\Esher.exe	Code function: 2_2_00796747 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,	2_2_00796747

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	2 Valid Accounts	1 Windows Management Instrumentation	111 Scripting	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	21 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	21 Input Capture	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	2 Valid Accounts	2 Valid Accounts	2 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	3 Clipboard Data	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	12 Registry Run Keys / Startup Folder	21 Access Token Manipulation	1 DLL Side-Loading	NTDS	127 System Information Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	212 Process Injection	1 Masquerading	LSA Secrets	251 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	12 Registry Run Keys / Startup Folder	2 Valid Accounts	Cached Domain Credentials	11 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Virtualization/Sandbox Evasion	DCSync	2 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Access Token Manipulation	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	212 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
2XnMqJW0u1.exe	83%	ReversingLabs	Win32.Trojan.AutoitInject
2XnMqJW0u1.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\lustring\Esher.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\lustring\Esher.exe	83%	ReversingLabs	Win32.Trojan.AutoitInject
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
87.120.120.15	0%	Avira URL Cloud	safe
http://exmple.com/Uploader.php	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
87.120.120.15	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://exmple.com/Uploader.php	Esher.exe, 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000003.00000002.4481495089.0000000002951000.00000004.00000800.00020000.00000000.sdmp, Esher.exe, 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2415325084.0000000002D41000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000009.00000002.2409044630.0000000000402000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.19.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegSvcs.exe, 00000003.00000002.4481495089.0000000002951000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
87.120.120.15	unknown	Bulgaria		25206	UNACS-AS-BG8000BurgasBG	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1588152
Start date and time:	2025-01-10 22:00:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 40s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2XnMqJW0u1.exe renamed because original name is a hash value
Original Sample Name:	e57c95d15aa7d06d12bad49c0af668c72be26072649e956b35a2ef575fde0cc0.exe
Detection:	MAL
Classification:	mal100.troj.adwa.expl.evad.winEXE@13/14@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 55 Number of non-executed functions: 276
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.73.29, 13.107.246.45, 20.109.210.53, 4.245.163.56, 20.190.159.71
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: 2XnMqJW0u1.exe

Simulations

Behavior and APIs

Time	Type	Description
16:01:13	API Interceptor	5382875x Sleep call for process: RegSvcs.exe modified
16:04:55	API Interceptor	1x Sleep call for process: WerFault.exe modified
22:01:14	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs
22:01:22	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
87.120.120.15	QwMcsmYcxv.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse
87.120.120.15	QwMcsmYcxv.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNACS-AS-BG8000BurgasBG	VmoLw6EKj5.exe	Get hash	malicious	RedLine	Browse	87.120.120.86
	QwMcsmYcxv.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	87.120.120.15
	QwMcsmYcxv.exe	Get hash	malicious	AsyncRAT, VenomRAT	Browse	87.120.120.15
	Xf3rn1smZw.exe	Get hash	malicious	RedLine	Browse	87.120.120.86
	wqSmINeWgm.exe	Get hash	malicious	RedLine	Browse	87.120.120.7
	2eRd5imEKU.exe	Get hash	malicious	RedLine	Browse	87.120.120.86
	2eRd5imEKU.exe	Get hash	malicious	RedLine	Browse	87.120.120.86
	17364916859ea2c227941e63335bcf02a749f58a3f6d7a5fc5312d32a2ea1c4a4cc26022a4160.dat-decoded.exe	Get hash	malicious	XWorm	Browse	87.120.116.179
	Material Requirments.pif.exe	Get hash	malicious	Remcos, PureLog Stealer	Browse	87.120.116.245
	Material requirements_1.pif.exe	Get hash	malicious	Remcos	Browse	87.120.116.245

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe	B8FnDUj8hy.exe	Get hash	malicious	AgentTesla	Browse
	yjOJ1YK5M3.exe	Get hash	malicious	AsyncRAT	Browse
	PO.exe	Get hash	malicious	DarkCloud	Browse
	Statement 2024-11-29 (K07234).exe	Get hash	malicious	AgentTesla	Browse
	PO54782322024.exe	Get hash	malicious	AgentTesla	Browse
	m30zZYga23.exe	Get hash	malicious	AgentTesla	Browse
	RFQ.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse
	AWB#150332.exe	Get hash	malicious	AgentTesla	Browse
	SOA_9828392091.exe	Get hash	malicious	AgentTesla	Browse
	ngPebbPhbp.exe	Get hash	malicious	RHADAMANTHYS	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_a666021dc984861fc71dcf4d0549ad4bc6d7789_380355b3_169fe224-055a-41bf-bfbe-70fe38e4fde3\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1770241796076926
Encrypted:	false
SSDEEP:	192:ERJpk8QNme0BU/SaiJFHJEmzuiFBZ24IO8a8:OJ7QNsBU/SayTdzuiFBY4IO8a8
MD5:	AE22E57BEB4B284F83DE352F767696B2
SHA1:	0DD45F58B47C6D8979F9C5C283023888A3678A40
SHA-256:	5E12058007D3DDED5B60BD70AE7678907F28BDFDF1603DA8941A586395FD1E19
SHA-512:	A86334A6C8FD0A2BFE2AAAC9878702D994C850C1D9F6D84857853DE70005872FA41899897948E9CE6AB63561FF4A3BD717343815832E5BC37C817E3818B18DF6
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.1.0.1.6.6.9.2.9.0.5.3.1.3.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.1.0.1.6.6.9.3.6.2.4.0.6.9.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.6.9.f.e.2.2.4.-.0.5.5.a.-.4.1.b.f.-.b.f.b.e.-.7.0.f.e.3.8.e.4.f.d.e.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.3.7.8.e.5.f.5.-.8.8.1.8.-.4.b.f.e.-.9.2.f.2.-.3.c.e.2.d.a.0.8.b.c.5.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.d.d.0.-.0.0.0.1.-.0.0.1.5.-.b.4.6.6.-.b.8.c.7.a.2.6.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.1.9.6.9.7.7.1.b.2.f.0.2.2.f.9.a.8.6.d.7.7.a.c.4.d.4.d.2.3.9.b.e.c.d.f.0.8.d.0.7.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8BB.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Jan 10 21:04:53 2025, 0x1205a4 type
Category:	dropped
Size (bytes):	412669
Entropy (8bit):	3.647486076253766
Encrypted:	false
SSDEEP:	3072:A+qDfBzlHi0zYORPusHCtSy5pY0NE4uEqo5sk2jkBG73s+gLTg30Az:A+qDfdlHp06jHCtSy5ptO4VjTgE+
MD5:	995976A97885EC6094064BE62FBEAC21
SHA1:	42F32DA3667B6EABF730B4CABE2B7E565E17859C
SHA-256:	71A1C0170FC4AE7357FE730F4783B341AED9EA85B2F9ABD5A936F5B8D4863028
SHA-512:	5A0F64CD06E31F1EBF1CDFC66A88319D512279AF592518E3101D269C79C53F16FEB08E87186BC891CB93C21D4E24445EAEA9D56305D212973F5728ACA2530C97
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .......u..g....................................$....'.......;...m..........`.......8...........T............I...............'...........)..............................................................................eJ......4*......GenuineIntel............T..............g....\........................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAC0.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8374
Entropy (8bit):	3.6949937478180104
Encrypted:	false
SSDEEP:	192:R6l7wVeJnT6Kmv7T6YPf6agmfZnnprY89bWUsfuiSm:R6lXJT6lv7T6Yn6agmf5/WHfue
MD5:	C8E1275C40D42BC02A964AE8BD1EA429
SHA1:	B54B881EBB234DD94F5AF1C964F46AD78C0A3D90
SHA-256:	5BDDE50D47EC7FF990128CCAF60E8DDB3CB3E4C29D9D4AC458EF04F6632845BF
SHA-512:	E78641FAF3428A14E01C2D5C270212131288D3D9F151A149CE43EF0C1B7AEA7F2F76E07A8463F3703293E9F5CA0A4E8D602E4672FFB50F70AABC140231E4B2C3
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.5.3.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAEF.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4748
Entropy (8bit):	4.464102054114146
Encrypted:	false
SSDEEP:	48:cvIwWl8zszJg77aI9RxtCWpW8VYHYm8M4JUQFj+q8vTeEumDIld:uIjfNI7LxtD7VLJVKiFmDIld
MD5:	97F9D09EC4BF03CB9FFB06D67BFB63E7
SHA1:	05FD708E58C6C168D415EB9200281B8624AE4675
SHA-256:	C9A6AA7FBCEA1F700F6CA6B0E18D59875E274C337AFE98D53808B82667FCD9D6
SHA-512:	E1252ADD8EF040AF278F8FA9C431F2DF4C00DD5ED276492AB0C73C305EC0BEBF9ED8F6042BA8D067349C36B98B477C7A1E6BBD448B28B10F605D28531D5D99A4
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="670327" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.356499146491567
Encrypted:	false
SSDEEP:	12:Q3La/hhkvoDLI4MWuCqDLI4MWuPTAt92n4M6:MLUE4K5E4Ke84j
MD5:	A76B6F2687EBB8D1431673D0F7DE1F23
SHA1:	99543B236437FC7CE320E06063ADF88EDE56D48F
SHA-256:	A7B92434B657CB09F8CCC96911EA43F06DF4FE8873F3CE9CCA567753C96146FE
SHA-512:	D61C66EC36431337897D8CB14676E574237AC3F0FC7621D09D2B1179455C6DEF5396D7130011F0D1B7961688D72350F769BD67088847AEB980FAB7A20F0E4613
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Local\Temp\Allene

Download File

Process:	C:\Users\user\Desktop\2XnMqJW0u1.exe
File Type:	data
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	6.754387562045656
Encrypted:	false
SSDEEP:	768:GU/bTy0ivUJ14qlaw/Hv3R7XX/Qa86jbOYmg6U5ZWSSectjZxS1rGrrD:GU/vyj2TdHv3R7XPJnOfgDwHBpZxSNCf
MD5:	74F38115E57845CCDDC6EF0E818727B2
SHA1:	959D604309691C50A2C8933249B4F408A7DC46C5
SHA-256:	2628D26F119028795D3D1D4CFB42DF56AB1546D81B041396481F7558CD6B13DB
SHA-512:	2A7D287E4D1CCAA5623F21719793DE6B0A7A07CEE52A6F3C9F30DEF092495B6DDB2A0716D89961DA514B444A9211276FCED1E8297E4513DC8674FAABE7C78124
Malicious:	false
Preview:	.k.Z3MUFPEXG..H1.Z0MUFTE.GSOH1NZ0MUFTEXGSOH1NZ0MUFTEXGSOH1NZ.MUFZZ.IS.A.o.1..g.-14s?:^)(Q u%5+6('oTn(E#u/:e...o%^?.@XLpEXGSOH1..0M.GWE...(H1NZ0MUF.EZFXNC1N.0MUNTEXGSO..NZ0mUFT.XGSO.1Nz0MUDTE\GSOH1NZ4MUFTEXGSOI1NX0MUFTEZG..H1^Z0]UFTEHGS_H1NZ0MEFTEXGSOH1NZX.UF.EXGS.H1.^0MUFTEXGSOH1NZ0MUFT.XG_OH1NZ0MUFTEXGSOH1NZ0MUFTEXGSOH1NZ0MUFTEXGSOH1NZ0MUFTeXG[OH1NZ0MUFTEPgSO.1NZ0MUFTEXG};-I:Z0M..TEXgSOH.NZ0OUFTEXGSOH1NZ0MuFT%v5 =+1NZ.IUFT.XGSIH1N.0MUFTEXGSOH1NZpMU.z7=+<,H1BZ0MU.TEXESOH.NZ0MUFTEXGSOH1.Z0.UFTEXGSOH1NZ0MUF..XGSOH1.Z0MWFQE.7SO.uNZ1MUF@EXASOH1NZ0MUFTEXGSOH1NZ0MUFTEXGSOH1NZ0MUFTEXGSOH1NZ.O}GTERmMM`5NZ:g.5REXM.NH1J)7MUL.GXGW<@1NP.NUFP6QGSE.5NZ4gUFGuYG\OH1OZ0\+GTE\(YOH;Dq0K.FGuYG\OH1LZ0\+DTE\(XOH;Dq0K.FGuYG\OH1MZ0\+ETE\(_OH;Dq0K.FGuYG\OH1JZ0\+BTE\(^OH;Dq0K.FGuZGBOH1KZ0\WE\|TXGYgZ1NP:fU@~EXG@.I1EZ0MSFTTZo@OH;Dq0K.FGuYG\OH1IZ0\.CTEZoGOH;Dq0K.FGuYGXOH1FZ0\WnAEXMYdH7dZ#}TFLEXGZOH L.1MU]yOpFSOc;e\.IWL.E^m@.J1^Z0M_FTT[US.]3NZ+K.DTECmMM`&NZ:gFvUExGSOC1NKNTUF^.[GSTe;fX0M~.MEXM-VH1DP.MSlJGpPSOB.]j1M

C:\Users\user\AppData\Local\Temp\aut6222.tmp

Download File

Process:	C:\Users\user\Desktop\2XnMqJW0u1.exe
File Type:	data
Category:	dropped
Size (bytes):	30248
Entropy (8bit):	7.8690924603477335
Encrypted:	false
SSDEEP:	768:BwsnbN+W5pHt/I1WOv0YB3Fnc/GSaLLidwUD4DlhzpGrV7:BwsnbAWfNA1zMqFnchLdMzpGrV7
MD5:	6E3B8B2D0D553136D0E236D22FAE481C
SHA1:	B36F21780A984E737ABB1AE47DF63265689C8053
SHA-256:	B38F85C37889CABDAFF2E97F31E8487A65B4AA6AF83678425FFEF06B9634567C
SHA-512:	CD1047D51F984F1B9323B2F2356079D1D1811EED9F9875F2E5C8EAB0051E764E627CDD4CD1EF4C27AA3C3CB6F1F536998B144C6D6FF1517C480FEA171B76BBFE
Malicious:	false
Preview:	EA06.........6.F.Qk.}f.1.V....R......8.;5...`..V.^MO.A.[.S..b....f.9..).Td.Y,.W6.I...QE..e.,r....k..z.X.\......)..=^...A...Z.QkTj.:.1.s...p..>.@.....a@..D.z..(.J-p.33@...f4...F+Tx..1.V.....G.....E...c.U.A...}"c...w\|.Z........\|.Z....9...O...v.;..g@..G.......8..O.F.n.j...5.Oe`..B....H....p.n....7....D......(.....a..<....\|.......j...7....Zujb.8P(...L.....S.z...m..l.Zujug..jTZ.7.N.LiR..6.L.Q..z..1.T6..'bmQ.....ig...Z.....S.S.....J+4.D.q.R....... ?....9.S@..(.._...)@....q...v.G.......E.U+.z...4N..Z...H._.3.(..S.U..}..S...Z..Ao...\|..D.... ..f.H..+R;.R.L.T+T.D....^+..}.S...vZ.n.W._..m..J..i.....U..k.:ujWK..w.0..L....Z-.....)t.V.^....:..wf../.jh..-.R&4J.n.S.R....N.B..mS.l8..3..:.@.i..Uj.O.l@1.L..T..8.U..y=.Sd.j...C..)...juM.....G..p+./uV.$..(.:].X..sk@.....l@-.M....b1Z..-.;.B....'..^...,.p..1...V....hT.Q.!BM..b&4p."1o.8-..!B.9._.B.UZ.E....Z5..TW&....8.v...M.....-..5jaG.P.....#H..F4..J.X..g. ...f.T:j...H..n......,.d...B...R........@....oi..i

C:\Users\user\AppData\Local\Temp\aut6F42.tmp

Download File

Process:	C:\Users\user\AppData\Local\lustring\Esher.exe
File Type:	data
Category:	dropped
Size (bytes):	30248
Entropy (8bit):	7.8690924603477335
Encrypted:	false
SSDEEP:	768:BwsnbN+W5pHt/I1WOv0YB3Fnc/GSaLLidwUD4DlhzpGrV7:BwsnbAWfNA1zMqFnchLdMzpGrV7
MD5:	6E3B8B2D0D553136D0E236D22FAE481C
SHA1:	B36F21780A984E737ABB1AE47DF63265689C8053
SHA-256:	B38F85C37889CABDAFF2E97F31E8487A65B4AA6AF83678425FFEF06B9634567C
SHA-512:	CD1047D51F984F1B9323B2F2356079D1D1811EED9F9875F2E5C8EAB0051E764E627CDD4CD1EF4C27AA3C3CB6F1F536998B144C6D6FF1517C480FEA171B76BBFE
Malicious:	false
Preview:	EA06.........6.F.Qk.}f.1.V....R......8.;5...`..V.^MO.A.[.S..b....f.9..).Td.Y,.W6.I...QE..e.,r....k..z.X.\......)..=^...A...Z.QkTj.:.1.s...p..>.@.....a@..D.z..(.J-p.33@...f4...F+Tx..1.V.....G.....E...c.U.A...}"c...w\|.Z........\|.Z....9...O...v.;..g@..G.......8..O.F.n.j...5.Oe`..B....H....p.n....7....D......(.....a..<....\|.......j...7....Zujb.8P(...L.....S.z...m..l.Zujug..jTZ.7.N.LiR..6.L.Q..z..1.T6..'bmQ.....ig...Z.....S.S.....J+4.D.q.R....... ?....9.S@..(.._...)@....q...v.G.......E.U+.z...4N..Z...H._.3.(..S.U..}..S...Z..Ao...\|..D.... ..f.H..+R;.R.L.T+T.D....^+..}.S...vZ.n.W._..m..J..i.....U..k.:ujWK..w.0..L....Z-.....)t.V.^....:..wf../.jh..-.R&4J.n.S.R....N.B..mS.l8..3..:.@.i..Uj.O.l@1.L..T..8.U..y=.Sd.j...C..)...juM.....G..p+./uV.$..(.:].X..sk@.....l@-.M....b1Z..-.;.B....'..^...,.p..1...V....hT.Q.!BM..b&4p."1o.8-..!B.9._.B.UZ.E....Z5..TW&....8.v...M.....-..5jaG.P.....#H..F4..J.X..g. ...f.T:j...H..n......,.d...B...R........@....oi..i

C:\Users\user\AppData\Local\Temp\autA9CA.tmp

Download File

Process:	C:\Users\user\AppData\Local\lustring\Esher.exe
File Type:	data
Category:	dropped
Size (bytes):	30248
Entropy (8bit):	7.8690924603477335
Encrypted:	false
SSDEEP:	768:BwsnbN+W5pHt/I1WOv0YB3Fnc/GSaLLidwUD4DlhzpGrV7:BwsnbAWfNA1zMqFnchLdMzpGrV7
MD5:	6E3B8B2D0D553136D0E236D22FAE481C
SHA1:	B36F21780A984E737ABB1AE47DF63265689C8053
SHA-256:	B38F85C37889CABDAFF2E97F31E8487A65B4AA6AF83678425FFEF06B9634567C
SHA-512:	CD1047D51F984F1B9323B2F2356079D1D1811EED9F9875F2E5C8EAB0051E764E627CDD4CD1EF4C27AA3C3CB6F1F536998B144C6D6FF1517C480FEA171B76BBFE
Malicious:	false
Preview:	EA06.........6.F.Qk.}f.1.V....R......8.;5...`..V.^MO.A.[.S..b....f.9..).Td.Y,.W6.I...QE..e.,r....k..z.X.\......)..=^...A...Z.QkTj.:.1.s...p..>.@.....a@..D.z..(.J-p.33@...f4...F+Tx..1.V.....G.....E...c.U.A...}"c...w\|.Z........\|.Z....9...O...v.;..g@..G.......8..O.F.n.j...5.Oe`..B....H....p.n....7....D......(.....a..<....\|.......j...7....Zujb.8P(...L.....S.z...m..l.Zujug..jTZ.7.N.LiR..6.L.Q..z..1.T6..'bmQ.....ig...Z.....S.S.....J+4.D.q.R....... ?....9.S@..(.._...)@....q...v.G.......E.U+.z...4N..Z...H._.3.(..S.U..}..S...Z..Ao...\|..D.... ..f.H..+R;.R.L.T+T.D....^+..}.S...vZ.n.W._..m..J..i.....U..k.:ujWK..w.0..L....Z-.....)t.V.^....:..wf../.jh..-.R&4J.n.S.R....N.B..mS.l8..3..:.@.i..Uj.O.l@1.L..T..8.U..y=.Sd.j...C..)...juM.....G..p+./uV.$..(.:].X..sk@.....l@-.M....b1Z..-.;.B....'..^...,.p..1...V....hT.Q.!BM..b&4p."1o.8-..!B.9._.B.UZ.E....Z5..TW&....8.v...M.....-..5jaG.P.....#H..F4..J.X..g. ...f.T:j...H..n......,.d...B...R........@....oi..i

C:\Users\user\AppData\Local\lustring\Esher.exe

Download File

Process:	C:\Users\user\Desktop\2XnMqJW0u1.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	970240
Entropy (8bit):	6.855203880902976
Encrypted:	false
SSDEEP:	24576:+u6J33O0c+JY5UZ+XC0kGso6Fa4AmC8KxzKWY:Qu0c++OCvkGs9Fa4BC8KjY
MD5:	C184DC2506BAF6DB751EB377ED956D80
SHA1:	37DC77B864052992FC80B770A32DF7F98EA7AA0C
SHA-256:	E57C95D15AA7D06D12BAD49C0AF668C72BE26072649E956B35A2EF575FDE0CC0
SHA-512:	DDE3ED67F784FD1D465F51653A4B1AA38B805C0A6CB000EEAC24D261D7B20923FAA90384B5363C613AF240DA1D43412E177FFC8BCF219BC0F51D0FE0CF442335
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}.r}.r}.4,".p}.....s}../..A}../#..}../".G}.{.@.{}.{.P.W}.r}.R....)."}.....s}../..s}.r}T.s}.....s}.Richr}.................PE..L.....Xg.........."..................}............@..........................@...........@...@.......@.....................L...\|....p...D.......................q...+..............................pH..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc....D...p...F..................@..@.reloc...q.......r...\..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs

Download File

Process:	C:\Users\user\AppData\Local\lustring\Esher.exe
File Type:	data
Category:	dropped
Size (bytes):	274
Entropy (8bit):	3.3831211405146835
Encrypted:	false
SSDEEP:	6:DMM8lfm3OOQdUfclzXUEZ+lX1n+LnriIM8lfQVn:DsO+vNlDQ1+zmA2n
MD5:	894F6A2AE23FFC0525AF978E1E26186E
SHA1:	D90A8CAE98B635457A5CB930FF34FC0CB00283BC
SHA-256:	1129F9B58B3D2D2F2E96F4F61100DB3B0D3BFC8BCB79A17C142C80198EC7A4F5
SHA-512:	CB9E55C6DF6F491E86AB9E0C049514643BDB040BC547771A38572923CFE6DDA26616AF1488B98C0080545B4749A716CA66464C3368F9598C888ED84FBD88719B
Malicious:	true
Preview:	S.e.t. .W.s.h.S.h.e.l.l. .=. .C.r.e.a.t.e.O.b.j.e.c.t.(.".W.S.c.r.i.p.t...S.h.e.l.l.".)...W.s.h.S.h.e.l.l...R.u.n. .".C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.l.u.s.t.r.i.n.g.\.E.s.h.e.r...e.x.e.".,. .1...S.e.t. .W.s.h.S.h.e.l.l. .=. .N.o.t.h.i.n.g...

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	45984
Entropy (8bit):	6.16795797263964
Encrypted:	false
SSDEEP:	768:4BbSoy+SdIBf0k2dsjYg6Iq8S1GYqWH8BR:noOIBf0ddsjY/ZGyc7
MD5:	9D352BC46709F0CB5EC974633A0C3C94
SHA1:	1969771B2F022F9A86D77AC4D4D239BECDF08D07
SHA-256:	2C1EEB7097023C784C2BD040A2005A5070ED6F3A4ABF13929377A9E39FAB1390
SHA-512:	13C714244EC56BEEB202279E4109D59C2A43C3CF29F90A374A751C04FD472B45228CA5A0178F41109ED863DBD34E0879E4A21F5E38AE3D89559C57E6BE990A9B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: B8FnDUj8hy.exe, Detection: malicious, Browse Filename: yjOJ1YK5M3.exe, Detection: malicious, Browse Filename: PO.exe, Detection: malicious, Browse Filename: Statement 2024-11-29 (K07234).exe, Detection: malicious, Browse Filename: PO54782322024.exe, Detection: malicious, Browse Filename: m30zZYga23.exe, Detection: malicious, Browse Filename: RFQ.exe, Detection: malicious, Browse Filename: AWB#150332.exe, Detection: malicious, Browse Filename: SOA_9828392091.exe, Detection: malicious, Browse Filename: ngPebbPhbp.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0..d..........V.... ........@.. ..............................s.....`.....................................O.......8............r...A.......................................................... ............... ..H............text...\c... ...d.................. ..`.rsrc...8............f..............@..@.reloc...............p..............@..B................8.......H........+...S..........\|...P...........................................r...p(....2.(....(....z..r...p(....(....(......}......{.....s..........0..{...........Q.-.s.....+i~....o....(.....s.......o.....r!..p..(....Q.P,:.P.....(....o....o ........(....o!...o".....,..o#...t........0..(....... ....s$........o%....X..(....-...o&....0...........('......&.........................0...........(.......&.....*.................0............(.....(....~....,.(....~....o....9]...

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.469482903734266
Encrypted:	false
SSDEEP:	6144:2zZfpi6ceLPx9skLmb0f/ZWSP3aJG8nAgeiJRMMhA2zX4WABluuNLjDH5S:YZHt/ZWOKnMM6bFppj4
MD5:	3316608D1B1FDB1C5BC644BA40B68E8B
SHA1:	DDA532F5DA52479C73EDCE5455AFB6559A6224BC
SHA-256:	E79B02A328CF6B37914DB44A77D7711F56D9FBAAE1F4CECEC69DD88BA84D5052
SHA-512:	B0563E1788963451D27B4D81590840CB18984CF787CFA4D384F0DFF9507A591E7A189FD9528C381D77E1AC45403334B7AD02781DE961E3F94D1F45D9A221C797
Malicious:	false
Preview:	regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm...K.c..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

\Device\ConDrv

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1141
Entropy (8bit):	4.442398121585593
Encrypted:	false
SSDEEP:	24:zKLXkhDObntKlglUEnfQtvNuNpKOK5aM9YJC:zKL0hDQntKKH1MqJC
MD5:	6FB4D27A716A8851BC0505666E7C7A10
SHA1:	AD2A232C6E709223532C4D1AB892303273D8C814
SHA-256:	1DC36F296CE49BDF1D560B527DB06E1E9791C10263459A67EACE706C6DDCDEAE
SHA-512:	3192095C68C6B7AD94212B7BCA0563F2058BCE00C0C439B90F0E96EA2F029A37C2F2B69487591B494C1BA54697FE891E214582E392127CB8C90AB682E0D81ADB
Malicious:	false
Preview:	Microsoft (R) .NET Framework Services Installation Utility Version 4.8.4084.0..Copyright (C) Microsoft Corporation. All rights reserved.....USAGE: regsvcs.exe [options] AssemblyName..Options:.. /? or /help Display this usage message... /fc Find or create target application (default)... /c Create target application, error if it already exists... /exapp Expect an existing application... /tlb:<tlbfile> Filename for the exported type library... /appname:<name> Use the specified name for the target application... /parname:<name> Use the specified name or id for the target partition... /extlb Use an existing type library... /reconfig Reconfigure existing target application (default)... /noreconfig Don't reconfigure existing target application... /u Uninstall target application... /nologo Suppress logo output... /quiet Suppress logo output and success output... /c

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.855203880902976
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	2XnMqJW0u1.exe
File size:	970'240 bytes
MD5:	c184dc2506baf6db751eb377ed956d80
SHA1:	37dc77b864052992fc80b770a32df7f98ea7aa0c
SHA256:	e57c95d15aa7d06d12bad49c0af668c72be26072649e956b35a2ef575fde0cc0
SHA512:	dde3ed67f784fd1d465f51653a4b1aa38b805c0a6cb000eeac24d261d7b20923faa90384b5363c613af240da1d43412e177ffc8bcf219bc0f51d0fe0cf442335
SSDEEP:	24576:+u6J33O0c+JY5UZ+XC0kGso6Fa4AmC8KxzKWY:Qu0c++OCvkGs9Fa4BC8KjY
TLSH:	6025AD2273DDC360CB669173BF29B7016EBF3C614630B95B2F980D7DA950162262D7A3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

File Icon


Icon Hash:	aaf3e3e3938382a0

Static PE Info

General

Entrypoint:	0x427dcd
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x6758DE01 [Wed Dec 11 00:34:09 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	afcdf79be1557326c854b6e20cb900a7

Entrypoint Preview

Instruction
call 00007F9270AFAF2Ah
jmp 00007F9270AEDCF4h
int3
int3
int3
int3
int3
int3
int3
int3
int3
push edi
push esi
mov esi, dword ptr [esp+10h]
mov ecx, dword ptr [esp+14h]
mov edi, dword ptr [esp+0Ch]
mov eax, ecx
mov edx, ecx
add eax, esi
cmp edi, esi
jbe 00007F9270AEDE7Ah
cmp edi, eax
jc 00007F9270AEE1DEh
bt dword ptr [004C31FCh], 01h
jnc 00007F9270AEDE79h
rep movsb
jmp 00007F9270AEE18Ch
cmp ecx, 00000080h
jc 00007F9270AEE044h
mov eax, edi
xor eax, esi
test eax, 0000000Fh
jne 00007F9270AEDE80h
bt dword ptr [004BE324h], 01h
jc 00007F9270AEE350h
bt dword ptr [004C31FCh], 00000000h
jnc 00007F9270AEE01Dh
test edi, 00000003h
jne 00007F9270AEE02Eh
test esi, 00000003h
jne 00007F9270AEE00Dh
bt edi, 02h
jnc 00007F9270AEDE7Fh
mov eax, dword ptr [esi]
sub ecx, 04h
lea esi, dword ptr [esi+04h]
mov dword ptr [edi], eax
lea edi, dword ptr [edi+04h]
bt edi, 03h
jnc 00007F9270AEDE83h
movq xmm1, qword ptr [esi]
sub ecx, 08h
lea esi, dword ptr [esi+08h]
movq qword ptr [edi], xmm1
lea edi, dword ptr [edi+08h]
test esi, 00000007h
je 00007F9270AEDED5h
bt esi, 03h
jnc 00007F9270AEDF28h

Rich Headers

Programming Language:

[ASM] VS2013 build 21005
[ C ] VS2013 build 21005
[C++] VS2013 build 21005
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[ASM] VS2013 UPD4 build 31101
[RES] VS2013 build 21005
[LNK] VS2013 UPD4 build 31101

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xba44c	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xc7000	0x244e8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xec000	0x711c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x92bc0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xa4870	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8f000	0x884	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8dcc4	0x8de00	d28a820a1d9ff26cda02d12b888ba4b4	False	0.5728679102422908	data	6.676118058520316	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8f000	0x2e10e	0x2e200	79b14b254506b0dbc8cd0ad67fb70ad9	False	0.33535526761517614	OpenPGP Public Key	5.76010872795207	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xbe000	0x8f74	0x5200	9f9d6f746f1a415a63de45f8b7983d33	False	0.1017530487804878	data	1.198745897703538	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xc7000	0x244e8	0x24600	e511a029ebce7943481a171de2f90f10	False	0.8184868986254296	data	7.594443660473072	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xec000	0x711c	0x7200	6fcae3cbbf6bfbabf5ec5bbe7cf612c3	False	0.7650767543859649	data	6.779031650454199	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xc75a8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.7466216216216216
RT_ICON	0xc76d0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	English	Great Britain	0.3277027027027027
RT_ICON	0xc77f8	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	English	Great Britain	0.3885135135135135
RT_ICON	0xc7920	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 0	English	Great Britain	0.3333333333333333
RT_ICON	0xc7c08	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 0	English	Great Britain	0.5
RT_ICON	0xc7d30	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	English	Great Britain	0.2835820895522388
RT_ICON	0xc8bd8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	English	Great Britain	0.37906137184115524
RT_ICON	0xc9480	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	English	Great Britain	0.23699421965317918
RT_ICON	0xc99e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	Great Britain	0.13858921161825727
RT_ICON	0xcbf90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	Great Britain	0.25070356472795496
RT_ICON	0xcd038	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	Great Britain	0.3173758865248227
RT_MENU	0xcd4a0	0x50	data	English	Great Britain	0.9
RT_STRING	0xcd4f0	0x594	data	English	Great Britain	0.3333333333333333
RT_STRING	0xcda84	0x68a	data	English	Great Britain	0.2747909199522103
RT_STRING	0xce110	0x490	data	English	Great Britain	0.3715753424657534
RT_STRING	0xce5a0	0x5fc	data	English	Great Britain	0.3087467362924282
RT_STRING	0xceb9c	0x65c	data	English	Great Britain	0.34336609336609336
RT_STRING	0xcf1f8	0x466	data	English	Great Britain	0.3605683836589698
RT_STRING	0xcf660	0x158	Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0	English	Great Britain	0.502906976744186
RT_RCDATA	0xcf7b8	0x1b7ad	data			1.0003642598861022
RT_GROUP_ICON	0xeaf68	0x76	data	English	Great Britain	0.6610169491525424
RT_GROUP_ICON	0xeafe0	0x14	data	English	Great Britain	1.25
RT_GROUP_ICON	0xeaff4	0x14	data	English	Great Britain	1.15
RT_GROUP_ICON	0xeb008	0x14	data	English	Great Britain	1.25
RT_VERSION	0xeb01c	0xdc	data	English	Great Britain	0.6181818181818182
RT_MANIFEST	0xeb0f8	0x3ef	ASCII text, with CRLF line terminators	English	Great Britain	0.5074478649453823

Imports

DLL	Import
WSOCK32.dll	WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
VERSION.dll	GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
WINMM.dll	timeGetTime, waveOutSetVolume, mciSendStringW
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
MPR.dll	WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
WININET.dll	InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
PSAPI.DLL	GetProcessMemoryInfo
IPHLPAPI.DLL	IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
USERENV.dll	DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
UxTheme.dll	IsThemeActive
KERNEL32.dll	DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
USER32.dll	AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
GDI32.dll	StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
COMDLG32.dll	GetOpenFileNameW, GetSaveFileNameW
ADVAPI32.dll	GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
SHELL32.dll	DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
ole32.dll	CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
OLEAUT32.dll	LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	Great Britain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-10T22:01:18.661977+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.661977+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.766764+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.766764+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.874257+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.874257+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.983223+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:18.983223+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.093507+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.093507+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.201968+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.201968+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.341405+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.341405+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.476797+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.476797+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.592676+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.592676+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.702157+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.702157+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.811371+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.811371+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.920689+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:19.920689+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.029950+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.029950+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.139577+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:20.139577+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49767	87.120.120.15	31952	TCP
2025-01-10T22:01:24.431761+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.431761+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.579339+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.579339+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.742340+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.742340+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.965357+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:24.965357+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.092527+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.092527+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.202047+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.202047+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.311306+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.311306+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.421940+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.421940+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.530196+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.530196+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.641749+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.641749+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.750098+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.750098+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.858590+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:25.858590+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49808	87.120.120.15	31952	TCP
2025-01-10T22:01:30.030184+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.030184+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.139519+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.139519+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.282302+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.282302+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.429487+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.429487+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.545530+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.545530+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.655213+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.655213+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.764458+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.764458+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.873880+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.873880+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.983230+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:30.983230+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.092624+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.092624+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.202208+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.202208+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.311234+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.311234+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.420530+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.420530+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.529978+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:31.529978+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49843	87.120.120.15	31952	TCP
2025-01-10T22:01:35.593146+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.593146+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.701821+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.701821+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.811285+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.811285+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.920751+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:35.920751+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.030052+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.030052+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.139245+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.139245+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.248765+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.248765+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.358061+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.358061+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.467550+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.467550+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.577142+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.577142+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.686391+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.686391+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.795726+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.795726+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.905100+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:36.905100+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.014736+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.014736+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.124051+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:37.124051+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49879	87.120.120.15	31952	TCP
2025-01-10T22:01:41.249629+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.249629+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.358667+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.358667+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.467475+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.467475+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.577012+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.577012+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.686444+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.686444+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.795659+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.795659+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.905039+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:41.905039+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.014376+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.014376+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.124194+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.124194+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.233638+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.233638+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.379455+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.379455+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.553194+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.553194+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.745629+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:42.745629+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49918	87.120.120.15	31952	TCP
2025-01-10T22:01:46.905847+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:46.905847+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.014604+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.014604+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.124152+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.124152+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.288551+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.288551+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.434860+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.434860+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.547227+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.547227+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.655349+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.655349+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.764424+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.764424+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.885637+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.885637+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.998781+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:47.998781+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.108087+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.108087+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.217492+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.217492+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.327272+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.327272+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.436232+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:48.436232+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49956	87.120.120.15	31952	TCP
2025-01-10T22:01:52.801339+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.801339+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.906409+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.906409+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.998947+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:52.998947+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.092781+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.092781+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.186332+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.186332+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.280079+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.280079+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.373913+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.373913+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.467413+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.467413+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.561427+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.561427+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.655077+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.655077+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.748816+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.748816+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.842570+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.842570+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.936215+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:53.936215+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.029919+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.029919+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.123755+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:54.123755+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49988	87.120.120.15	31952	TCP
2025-01-10T22:01:58.218866+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.218866+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.311354+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.311354+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.389462+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.389462+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.467612+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.467612+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.546059+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.546059+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.624054+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.624054+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.702805+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.702805+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.780238+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.780238+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.858450+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.858450+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.936998+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:58.936998+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.014567+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.014567+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.092583+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.092583+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.170753+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.170753+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.249679+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.249679+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.326976+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.326976+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.405189+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.405189+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.483337+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.483337+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.561455+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.561455+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.639532+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.639532+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.717559+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:01:59.717559+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49989	87.120.120.15	31952	TCP
2025-01-10T22:02:03.842631+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.842631+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.905260+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.905260+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.967704+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:03.967704+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.030184+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.030184+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.092800+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.092800+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.155366+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.155366+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.217658+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.217658+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.280326+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.280326+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.342925+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.342925+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.405037+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.405037+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.468516+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.468516+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.530447+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.530447+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.592802+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.592802+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.655120+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.655120+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.717602+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.717602+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.780171+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.780171+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.843003+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.843003+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.905505+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.905505+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.967662+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:04.967662+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.030018+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.030018+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.092622+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.092622+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.154967+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.154967+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.217618+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.217618+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.280060+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.280060+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.342539+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:05.342539+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49991	87.120.120.15	31952	TCP
2025-01-10T22:02:09.451943+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.451943+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.498727+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.498727+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.545649+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.545649+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.592691+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.592691+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.639514+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.639514+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.686442+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.686442+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.733168+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.733168+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.780070+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.780070+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.827017+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.827017+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.873784+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.873784+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.920974+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.920974+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.967490+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:09.967490+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.014352+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.014352+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.061353+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.061353+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.108182+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.108182+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.155152+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.155152+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.202324+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.202324+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.249888+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.249888+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.301256+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.301256+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.344094+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.344094+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.390573+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.390573+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.436793+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.436793+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.483237+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.483237+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.531010+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.531010+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.587059+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.587059+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.641896+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.641896+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.687580+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.687580+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.733279+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.733279+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.781203+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.781203+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.873711+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.873711+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.928335+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:10.928335+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:11.016771+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:11.016771+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49992	87.120.120.15	31952	TCP
2025-01-10T22:02:14.799787+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.799787+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.842512+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.842512+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.873682+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.873682+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.905527+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.905527+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.936163+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.936163+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.967487+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.967487+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.998631+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:14.998631+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.030369+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.030369+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.062393+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.062393+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.092561+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.092561+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.123591+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.123591+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.154886+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.154886+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.186394+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.186394+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.217539+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.217539+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.248904+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.248904+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.280017+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.280017+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.311192+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.311192+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.342410+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.342410+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.374443+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.374443+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.405268+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.405268+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.436308+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.436308+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.467668+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.467668+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.498886+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.498886+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.530127+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.530127+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.561419+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.561419+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.592565+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.592565+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.623600+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.623600+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.655081+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.655081+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.686440+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.686440+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.717835+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.717835+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.748884+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.748884+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.780139+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.780139+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.820028+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.820028+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.858219+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.858219+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.889594+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.889594+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.920784+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.920784+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.951949+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.951949+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.983135+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:15.983135+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.014450+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.014450+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.053241+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.053241+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.122192+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.122192+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.155141+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.155141+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.186848+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.186848+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.217705+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.217705+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.248922+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.248922+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.279996+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.279996+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.311330+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.311330+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.342452+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.342452+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.373626+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:16.373626+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49994	87.120.120.15	31952	TCP
2025-01-10T22:02:19.675637+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.675637+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.701955+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.701955+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.733162+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.733162+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.764317+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.764317+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.795601+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.795601+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.826993+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.826993+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.858433+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.858433+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.889695+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.889695+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.922600+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.922600+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.952565+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.952565+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.983978+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:19.983978+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.015248+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.015248+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.045834+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.045834+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.077029+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.077029+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.108387+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.108387+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.139513+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.139513+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.170658+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.170658+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.202350+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.202350+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.233282+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.233282+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.264600+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.264600+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.295715+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.295715+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.327070+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.327070+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.358368+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.358368+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.389733+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.389733+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.420809+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.420809+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.452026+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.452026+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.483248+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.483248+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.514544+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.514544+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.550320+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.550320+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.576785+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.576785+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.608138+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.608138+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.639389+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.639389+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.670648+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.670648+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.701686+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.701686+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.717501+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.717501+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.748787+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.748787+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.780007+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.780007+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.811269+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.811269+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.842401+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.842401+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.874568+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.874568+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.905129+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.905129+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.936378+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.936378+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.967429+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.967429+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.998523+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:20.998523+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.014214+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.014214+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.029894+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.029894+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.045562+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.045562+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.077025+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.077025+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.092368+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.092368+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.108102+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.108102+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.123577+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.123577+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.139377+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.139377+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.155066+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.155066+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.170668+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.170668+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.186232+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.186232+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.201829+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.201829+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.217562+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.217562+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.233100+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.233100+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.249079+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:21.249079+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49995	87.120.120.15	31952	TCP
2025-01-10T22:02:24.092435+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.092435+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.108109+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.108109+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.123730+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.123730+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.139335+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.139335+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.154862+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.154862+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.170749+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.170749+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.186104+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.186104+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.201855+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.201855+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.217292+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.217292+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.233125+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.233125+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.248559+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.248559+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.264269+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.264269+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.280083+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.280083+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.295532+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.295532+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.311195+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.311195+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.326670+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.326670+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.342586+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.342586+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.364561+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.364561+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.373654+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.373654+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.389267+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.389267+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.404830+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.404830+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.420516+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.420516+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.436068+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.436068+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.451706+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.451706+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.467347+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.467347+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.482866+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.482866+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.498962+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.498962+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.514262+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.514262+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.529765+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.529765+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.545625+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.545625+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.561373+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.561373+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.576844+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.576844+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.592343+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.592343+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.608051+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.608051+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.623605+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.623605+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.639171+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.639171+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.658381+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.658381+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.670770+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.670770+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.686419+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.686419+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.701743+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.701743+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.717435+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.717435+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.733086+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.733086+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.748954+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.748954+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.767949+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.767949+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.781321+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.781321+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.796725+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.796725+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.813580+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.813580+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.827056+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.827056+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.842529+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.842529+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.858206+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.858206+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.873519+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.873519+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.889559+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.889559+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.904796+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.904796+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.920752+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.920752+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.936770+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.936770+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.952281+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.952281+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.968436+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:24.968436+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.060241+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.060241+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.082163+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.082163+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.094237+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.094237+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.121411+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.121411+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.305889+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.305889+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.327064+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.327064+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.342862+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.342862+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.362601+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.362601+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.376038+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.376038+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.393242+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.393242+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.420526+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.420526+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.436135+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.436135+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.451858+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.451858+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.467390+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.467390+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.482901+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.482901+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.498542+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.498542+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.514248+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.514248+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.529784+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.529784+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.545531+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.545531+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.561350+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.561350+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.576792+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.576792+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.592295+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.592295+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.607872+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.607872+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.623667+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.623667+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.639277+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.639277+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.654920+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.654920+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.670458+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.670458+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.686096+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:25.686096+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49996	87.120.120.15	31952	TCP
2025-01-10T22:02:28.140367+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.140367+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.157107+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.157107+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.173143+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.173143+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.186332+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.186332+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.202419+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.202419+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.217426+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.217426+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.233237+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.233237+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.248682+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.248682+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.264386+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.264386+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.279989+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.279989+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.295981+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.295981+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.311274+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.311274+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.326773+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.326773+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.342328+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.342328+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.358006+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.358006+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.373550+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.373550+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.389097+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.389097+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.405088+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.405088+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.420356+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.420356+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.436354+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.436354+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.452338+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.452338+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.467614+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.467614+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.483041+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.483041+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.498714+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.498714+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.514368+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.514368+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.530013+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.530013+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.545551+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.545551+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.561130+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.561130+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.576782+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.576782+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.592515+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.592515+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.608072+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.608072+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.623691+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.623691+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.639617+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.639617+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.655180+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.655180+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.670814+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.670814+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.686428+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.686428+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.702067+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.702067+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.717499+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.717499+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.733121+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.733121+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.748627+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.748627+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.764331+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.764331+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.779899+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.779899+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.795648+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.795648+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.811119+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.811119+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.826796+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.826796+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.842575+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.842575+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.858033+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.858033+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.873529+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.873529+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.889078+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.889078+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.904893+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.904893+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.920392+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.920392+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.936224+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.936224+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.952162+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.952162+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.967363+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.967363+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.983186+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.983186+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.998819+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:28.998819+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.014340+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.014340+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.029830+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.029830+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.045456+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.045456+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.061240+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.061240+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.077008+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.077008+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.092420+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.092420+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.108121+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.108121+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.123561+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.123561+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.139162+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.139162+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.154837+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.154837+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.170696+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.170696+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.196091+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.196091+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.201991+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.201991+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.217471+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.217471+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.232944+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.232944+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.248451+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.248451+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.264239+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.264239+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.279981+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.279981+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.295468+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.295468+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.311149+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.311149+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.326818+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.326818+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.342554+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.342554+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.363626+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.363626+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.376394+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.376394+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.389280+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.389280+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.404826+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.404826+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.420553+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.420553+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.435995+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.435995+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.451872+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.451872+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.467305+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.467305+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.483155+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.483155+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.498857+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.498857+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.514386+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.514386+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.529976+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.529976+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.545509+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.545509+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.561123+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.561123+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.576640+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.576640+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.592731+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.592731+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.608229+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.608229+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.623619+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.623619+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.639265+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.639265+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.655007+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.655007+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.670949+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.670949+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.686210+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.686210+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.701885+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.701885+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.717447+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.717447+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.733079+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:29.733079+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49998	87.120.120.15	31952	TCP
2025-01-10T22:02:31.873828+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.873828+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.889807+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.889807+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.905497+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.905497+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.920539+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.920539+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.936240+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.936240+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.951877+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.951877+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.967351+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.967351+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.983497+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.983497+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.999040+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:31.999040+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.014570+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.014570+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.030083+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.030083+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.045947+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.045947+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.061356+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.061356+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.077027+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.077027+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.092504+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.092504+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.108068+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.108068+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.123663+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.123663+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.139239+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.139239+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.154841+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.154841+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.170488+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.170488+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.186089+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.186089+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.201779+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.201779+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.217731+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.217731+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.233440+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.233440+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.248756+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.248756+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.264329+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.264329+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.313627+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.313627+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.327137+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.327137+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.342622+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.342622+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.363442+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.363442+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.373597+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.373597+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.389105+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.389105+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.404886+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.404886+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.420654+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.420654+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.435992+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.435992+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.451780+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.451780+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.467299+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.467299+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.482908+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.482908+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.498471+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.498471+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.514303+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.514303+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.529687+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.529687+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.545375+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.545375+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.561322+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.561322+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.576922+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.576922+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.592485+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.592485+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.608074+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.608074+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.623717+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.623717+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.639267+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.639267+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.654973+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.654973+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.670656+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.670656+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.686221+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.686221+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.701651+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.701651+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.717213+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.717213+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.732939+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.732939+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.748640+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.748640+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.764202+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.764202+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.780013+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.780013+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.795446+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.795446+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.811143+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.811143+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.826797+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.826797+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.842424+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.842424+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.858003+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.858003+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.873592+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.873592+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.889384+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.889384+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.905060+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.905060+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.920759+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.920759+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.936140+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.936140+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.951824+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.951824+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.967825+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.967825+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.983169+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.983169+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.998937+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:32.998937+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.014332+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.014332+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.029872+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.029872+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.045804+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.045804+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.061106+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.061106+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.076816+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.076816+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.092458+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.092458+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.108051+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.108051+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.123638+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.123638+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.139332+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.139332+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.154974+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.154974+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.170594+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.170594+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.186162+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.186162+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.201951+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.201951+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.217578+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.217578+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.233144+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.233144+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.248691+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.248691+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.264527+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.264527+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.280184+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.280184+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.295727+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.295727+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.311354+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.311354+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.326936+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.326936+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.342693+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.342693+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.364878+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.364878+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.373582+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.373582+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.389335+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.389335+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.404851+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.404851+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.420599+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.420599+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.436281+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.436281+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.451781+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.451781+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.467549+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.467549+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.482981+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.482981+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.498874+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:33.498874+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	49999	87.120.120.15	31952	TCP
2025-01-10T22:02:35.358114+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.358114+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.373666+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.373666+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.389238+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.389238+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.404953+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.404953+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.420420+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.420420+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.436132+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.436132+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.451824+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.451824+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.467435+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.467435+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.482941+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.482941+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.498626+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.498626+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.514433+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.514433+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.529969+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.529969+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.545465+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.545465+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.561183+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.561183+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.576673+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.576673+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.592421+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.592421+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.607996+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.607996+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.623853+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.623853+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.639486+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.639486+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.655052+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.655052+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.670553+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.670553+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.686247+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.686247+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.701814+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.701814+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.717554+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.717554+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.733300+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.733300+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.748553+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.748553+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.764278+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.764278+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.779918+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.779918+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.795900+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.795900+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.811108+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.811108+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.826750+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.826750+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.842486+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.842486+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.858026+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.858026+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.873729+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.873729+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.889336+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.889336+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.905150+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.905150+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.920606+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.920606+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.936203+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.936203+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.952125+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.952125+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.967496+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.967496+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.983166+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.983166+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.998716+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:35.998716+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.014947+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.014947+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.030317+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.030317+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.045884+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.045884+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.061428+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.061428+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.076777+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.076777+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.092458+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.092458+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.107975+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.107975+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.123544+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.123544+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.139503+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.139503+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.154891+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.154891+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.170625+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.170625+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.186138+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.186138+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.201840+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.201840+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.217317+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.217317+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.232950+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.232950+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.248542+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.248542+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.264223+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.264223+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.279871+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.279871+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.295524+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.295524+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.311004+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.311004+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.326638+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.326638+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.342434+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.342434+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.362669+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.362669+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.373593+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.373593+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.389719+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.389719+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.405063+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.405063+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.420512+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.420512+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.436061+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.436061+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.451895+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.451895+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.467384+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.467384+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.483112+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.483112+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.498693+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.498693+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.514177+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.514177+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.529951+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.529951+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.545455+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.545455+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.561247+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.561247+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.583113+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.583113+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.592330+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.592330+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.608289+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.608289+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.623742+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.623742+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.639562+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.639562+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.654810+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.654810+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.670567+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.670567+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.686304+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.686304+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.701784+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.701784+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.717663+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.717663+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.733204+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.733204+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.748767+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.748767+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.764177+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.764177+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.780029+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.780029+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.795532+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.795532+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.811067+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.811067+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.826873+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.826873+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.842344+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.842344+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.858023+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.858023+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.873558+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.873558+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.889233+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:36.889233+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50000	87.120.120.15	31952	TCP
2025-01-10T22:02:38.538727+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.538727+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.585311+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.585311+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.590237+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.590237+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.597141+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.597141+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.686266+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:38.686266+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:40.091592+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:40.091592+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50002	87.120.120.15	31952	TCP
2025-01-10T22:02:44.309139+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.309139+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.342655+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.342655+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.347695+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.347695+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.405678+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.405678+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.414806+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.414806+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.431435+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.431435+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.461063+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.461063+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.486279+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.486279+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.700907+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:44.700907+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.023415+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.023415+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.309746+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:45.309746+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50003	87.120.120.15	31952	TCP
2025-01-10T22:02:49.912659+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:49.912659+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:49.996999+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:49.996999+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.182461+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.182461+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.187487+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.187487+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.202208+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.202208+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.217555+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.217555+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.229533+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.229533+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.240454+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:50.240454+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:51.086678+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:51.086678+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50004	87.120.120.15	31952	TCP
2025-01-10T22:02:55.606474+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:55.606474+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:56.406608+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:56.406608+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:57.138801+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:02:57.138801+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50005	87.120.120.15	31952	TCP
2025-01-10T22:03:01.240883+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.240883+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.270448+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.270448+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.275334+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.275334+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.306487+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.306487+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.316248+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:01.316248+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.007224+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.007224+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.691230+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.691230+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.718663+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:02.718663+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50006	87.120.120.15	31952	TCP
2025-01-10T22:03:06.850586+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:06.850586+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.322502+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.322502+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.466567+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:07.466567+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:08.114443+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:08.114443+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50008	87.120.120.15	31952	TCP
2025-01-10T22:03:16.490344+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.490344+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.628269+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.628269+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.792244+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:16.792244+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:17.986516+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:17.986516+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50010	87.120.120.15	31952	TCP
2025-01-10T22:03:22.099812+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:22.099812+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:22.566503+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:22.566503+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50011	87.120.120.15	31952	TCP
2025-01-10T22:03:27.709373+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:27.709373+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:28.743935+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:28.743935+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:29.139336+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:29.139336+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50012	87.120.120.15	31952	TCP
2025-01-10T22:03:33.334262+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.334262+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.369256+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.369256+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.416120+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:33.416120+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50013	87.120.120.15	31952	TCP
2025-01-10T22:03:38.949094+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50014	87.120.120.15	31952	TCP
2025-01-10T22:03:38.949094+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50014	87.120.120.15	31952	TCP
2025-01-10T22:03:48.640117+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.640117+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.652682+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.652682+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.731674+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.731674+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.740847+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.740847+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.804115+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:48.804115+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50018	87.120.120.15	31952	TCP
2025-01-10T22:03:54.266706+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.266706+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.325263+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.325263+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.339815+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:54.339815+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:55.240342+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:55.240342+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50020	87.120.120.15	31952	TCP
2025-01-10T22:03:59.929357+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.929357+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.969550+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.969550+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.974403+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:03:59.974403+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:00.096946+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:00.096946+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50022	87.120.120.15	31952	TCP
2025-01-10T22:04:03.947342+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:03.947342+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:03.983419+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:03.983419+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.224184+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.224184+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.242501+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.242501+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.287649+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:04.287649+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50024	87.120.120.15	31952	TCP
2025-01-10T22:04:13.619175+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.619175+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.776251+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.776251+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.795257+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:13.795257+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50028	87.120.120.15	31952	TCP
2025-01-10T22:04:19.279254+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.279254+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.317247+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.317247+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.353387+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.353387+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.372545+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:19.372545+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50030	87.120.120.15	31952	TCP
2025-01-10T22:04:27.338474+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.338474+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.363671+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.363671+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.436569+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.436569+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.441552+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.441552+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.563181+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.563181+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.645803+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.645803+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.680789+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.680789+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.692957+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.692957+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.703092+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.703092+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.708137+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.708137+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.752656+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.752656+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.757816+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.757816+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.762856+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.762856+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.772686+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.772686+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.975713+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:27.975713+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.288237+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.288237+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.298210+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.298210+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.311270+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:28.311270+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50035	87.120.120.15	31952	TCP
2025-01-10T22:04:36.978720+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:36.978720+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:37.013566+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:37.013566+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50042	87.120.120.15	31952	TCP
2025-01-10T22:04:46.653339+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.653339+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.716633+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.716633+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.721434+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.721434+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.730381+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.730381+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.737731+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.737731+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.747493+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.747493+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.867532+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.867532+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.877229+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.877229+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.885313+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.885313+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.890165+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.890165+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.911385+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.911385+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.951202+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.951202+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.985540+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.985540+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.995443+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:46.995443+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.005752+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.005752+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.021710+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.021710+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.066322+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.066322+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.076543+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.076543+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.190969+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.190969+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.225877+0100	2852873	ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2	1	192.168.2.6	50051	87.120.120.15	31952	TCP
2025-01-10T22:04:47.225877+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.6	50051	87.120.120.15	31952	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 10, 2025 22:01:18.646435976 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.651348114 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:18.651530027 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.661977053 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.666800976 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:18.766763926 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.771527052 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:18.874257088 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.879054070 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:18.879148960 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.883904934 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:18.983222961 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:18.988013029 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.093507051 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.098342896 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.201967955 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.206742048 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.341404915 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.346194983 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.476797104 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.481618881 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.592675924 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.597506046 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.702157021 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.706971884 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.811371088 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.816211939 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:19.920689106 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:19.925523996 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:20.029949903 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:20.034837961 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:20.139576912 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:20.144392014 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:20.237237930 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:20.237323046 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:20.248786926 CET	49767	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:20.253632069 CET	31952	49767	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:24.288736105 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.293524027 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:24.293632984 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.431761026 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.436609983 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:24.579339027 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.584216118 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:24.742340088 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.747605085 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:24.918966055 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.923779011 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:24.965357065 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:24.970149040 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.092526913 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.097300053 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.202047110 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.206859112 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.311306000 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.316103935 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.421940088 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.426743031 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.530195951 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.535028934 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.641748905 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.646616936 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.750097990 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.769153118 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.858589888 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.869203091 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.912597895 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:25.912786007 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.917712927 CET	49808	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:25.922461987 CET	31952	49808	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:29.929883003 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:29.934751034 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:29.934835911 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.022447109 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.027262926 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.030184031 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.034949064 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.139518976 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.144454002 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.282301903 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.287121058 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.429486990 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.434266090 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.545530081 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.550352097 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.655213118 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.660069942 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.764457941 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.769267082 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.873879910 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.878653049 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:30.983230114 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:30.988001108 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.092623949 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.097382069 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.202208042 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.207112074 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.311233997 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.315987110 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.420530081 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.425333023 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.529978037 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.534815073 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.554924965 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:31.554995060 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.555085897 CET	49843	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:31.559963942 CET	31952	49843	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:35.563846111 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.568674088 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:35.568763971 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.593146086 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.598041058 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:35.637305975 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.642122030 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:35.701821089 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.707252979 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:35.811285019 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.816065073 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:35.920751095 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:35.925615072 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.030051947 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.034872055 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.139245033 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.144005060 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.248764992 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.253643990 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.358061075 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.362941027 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.467550039 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.472373962 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.577142000 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.581908941 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.686391115 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.691642046 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.795726061 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.800510883 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:36.905100107 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:36.909970999 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:37.014735937 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:37.021142960 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:37.124051094 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:37.128873110 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:37.178280115 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:37.178345919 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:37.178392887 CET	49879	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:37.183118105 CET	31952	49879	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.188142061 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.192949057 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.193039894 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.227741957 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.232574940 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.249629021 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.254455090 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.358666897 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.363584995 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.467474937 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.472295046 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.577012062 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.581937075 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.686444044 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.692390919 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.795659065 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.800458908 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:41.905039072 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:41.909873009 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.014375925 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.019257069 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.124193907 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.129029036 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.233638048 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.238512993 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.379455090 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.384315968 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.553194046 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.558060884 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.745629072 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.750428915 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.803404093 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:42.803466082 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.803529024 CET	49918	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:42.808393955 CET	31952	49918	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:46.813797951 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:46.818733931 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:46.818823099 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:46.862046003 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:46.866852045 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:46.905847073 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:46.910643101 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.014604092 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.019531965 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.124151945 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.128942966 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.288551092 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.293323040 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.434859991 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.439873934 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.547226906 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.552048922 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.655349016 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.660167933 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.764424086 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.769222975 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.885637045 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:47.890492916 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:47.998780966 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.003582001 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:48.108087063 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.112853050 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:48.217492104 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.222276926 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:48.327271938 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.332009077 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:48.436232090 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.440998077 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:48.446424007 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:48.446485043 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.446542025 CET	49956	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:48.451298952 CET	31952	49956	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:52.494402885 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:52.499275923 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:52.499372005 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:52.801338911 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:52.806164980 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:52.906409025 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:52.911186934 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:52.965186119 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:52.970027924 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:52.998946905 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.003762007 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.092781067 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.097606897 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.186331987 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.191220999 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.280078888 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.284929991 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.373913050 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.378779888 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.467412949 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.472235918 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.561427116 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.566251040 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.655076981 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.659852028 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.748816013 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.753662109 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.842570066 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.847512960 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:53.936214924 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:53.941082001 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:54.029918909 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:54.034727097 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:54.123754978 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:54.128570080 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:54.137077093 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:54.137142897 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:54.137212038 CET	49988	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:54.141948938 CET	31952	49988	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.140435934 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.145299911 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.145397902 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.167525053 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.172319889 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.218866110 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.223655939 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.311353922 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.316260099 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.389461994 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.394222975 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.467612028 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.472949982 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.546058893 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.550867081 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.624053955 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.628875017 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.702805042 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.707667112 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.780237913 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.785063982 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.858449936 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.863240957 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:58.936997890 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:58.941915989 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.014566898 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.019371986 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.092582941 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.097492933 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.170753002 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.175581932 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.249679089 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.254561901 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.326976061 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.331902981 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.405189037 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.410100937 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.483336926 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.488137960 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.561455011 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.566246986 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.639532089 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.644448042 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.717559099 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.722392082 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.768737078 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:01:59.768820047 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.768883944 CET	49989	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:01:59.773628950 CET	31952	49989	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:03.781703949 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:03.786601067 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:03.786691904 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:03.832545996 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:03.837354898 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:03.842631102 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:03.847434044 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:03.905260086 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:03.910171986 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:03.967704058 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:03.972630978 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.030184031 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.034985065 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.092799902 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.097618103 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.155365944 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.160228014 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.217658043 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.222453117 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.280325890 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.285139084 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.342925072 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.347888947 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.405036926 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.410010099 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.468516111 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.474069118 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.530447006 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.535350084 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.592802048 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.597644091 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.655119896 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.660134077 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.717602015 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.722505093 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.780170918 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.785063982 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.843003035 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.847848892 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.905504942 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.910393000 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:04.967662096 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:04.972461939 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.030018091 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.035135031 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.092622042 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.097421885 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.154967070 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.159770966 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.217617989 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.222456932 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.280060053 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.285000086 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.342539072 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.369904041 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.397636890 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:05.397762060 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.398673058 CET	49991	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:05.403433084 CET	31952	49991	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.406992912 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.411978006 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.412108898 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.436521053 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.441310883 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.451942921 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.456726074 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.498727083 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.503705025 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.545649052 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.559406042 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.592690945 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.597680092 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.639513969 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.644455910 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.686441898 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.691224098 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.733167887 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.738261938 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.780070066 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.784976006 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.827017069 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.831851959 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.873784065 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.878818989 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.920974016 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.925906897 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:09.967489958 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:09.972522974 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.014352083 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.019134998 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.061352968 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.066184998 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.108181953 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.113142967 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.155152082 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.160024881 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.202323914 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.207205057 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.249887943 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.254806995 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.301255941 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.306164980 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.344094038 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.363838911 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.390573025 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.395960093 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.436793089 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.441869020 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.483237028 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.488133907 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.531009912 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.536007881 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.587059021 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.591953039 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.641896009 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.646820068 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.687580109 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.692374945 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.733278990 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.738161087 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.781203032 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.786067963 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.873711109 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.878536940 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:10.928334951 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:10.933243990 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:11.016771078 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:11.021733046 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:11.022892952 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:11.022945881 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:11.023000002 CET	49992	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:11.027782917 CET	31952	49992	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.766374111 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.771291971 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.771409988 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.794918060 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.799741030 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.799787045 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.804528952 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.842511892 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.847635984 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.873682022 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.878603935 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.905527115 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.910388947 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.936162949 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.941097975 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.967487097 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:14.972310066 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:14.998631001 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.003722906 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.030369043 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.035280943 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.062392950 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.067536116 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.092561007 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.097434044 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.123590946 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.128473997 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.154886007 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.159796953 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.186393976 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.191204071 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.217539072 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.222493887 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.248903990 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.253875971 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.280016899 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.284874916 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.311192036 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.316088915 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.342410088 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.362962008 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.374443054 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.379451990 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.405267954 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.410274982 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.436307907 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.441226959 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.467668056 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.472543955 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.498886108 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.503844023 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.530127048 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.535073042 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.561419010 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.566324949 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.592565060 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.597512960 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.623600006 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.628429890 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.655081034 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.660010099 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.686439991 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.693110943 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.717834949 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.722815037 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.748883963 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.753688097 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.780138969 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.784959078 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.820028067 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.824853897 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.858218908 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.863070965 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.889594078 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.894495964 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.920783997 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.925714970 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.951948881 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.956800938 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:15.983134985 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:15.988042116 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.014450073 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.019258976 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.053241014 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.058111906 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.122191906 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.127135038 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.155141115 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.160083055 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.186847925 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.191687107 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.217705011 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.222492933 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.248922110 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.253781080 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.279995918 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.285943985 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.311330080 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.316246033 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.342452049 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.364063025 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.373625994 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.379198074 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.398591995 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:16.398694992 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.398772001 CET	49994	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:16.403539896 CET	31952	49994	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.641136885 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.646126032 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.646245956 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.670607090 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.675559998 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.675637007 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.680469990 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.701955080 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.706868887 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.733161926 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.738042116 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.764317036 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.769188881 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.795600891 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.800473928 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.826992989 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.831825018 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.858433008 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.864700079 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.889694929 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.894651890 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.922600031 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.928901911 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.952564955 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.957475901 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:19.983978033 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:19.988945007 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.015248060 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.020781994 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.045834064 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.050733089 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.077028990 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.081968069 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.108386993 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.113317013 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.139513016 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.144371986 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.170658112 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.175642967 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.202349901 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.207374096 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.233282089 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.238267899 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.264600039 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.269526958 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.295715094 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.300573111 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.327069998 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.331948996 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.358367920 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.363846064 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.389733076 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.394609928 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.420809031 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.425945997 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.452025890 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.456907034 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.483247995 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.488270998 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.514544010 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.519666910 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.550319910 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.555370092 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.576785088 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.582349062 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.608138084 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.613075018 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.639389038 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.644443989 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.670648098 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.676559925 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.701685905 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.706892014 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.717500925 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.722841024 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.748786926 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.753746033 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.780006886 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.785187960 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.811269045 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.816406012 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.842401028 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.847366095 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.874567986 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.879503012 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.905128956 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.910062075 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.936378002 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.941270113 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.967428923 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:20.972281933 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:20.998522997 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.003375053 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.014214039 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.019013882 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.029894114 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.034816980 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.045562029 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.050755978 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.077024937 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.082355022 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.092367887 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.097342968 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.108102083 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.115782022 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.123577118 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.128573895 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.139377117 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.144328117 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.155066013 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.159991980 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.170667887 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.175656080 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.186232090 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.192161083 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.201828957 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.206799984 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.217561960 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.222790003 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.233099937 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.238591909 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.249078989 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.255511045 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.258311033 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:21.258414984 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.259598017 CET	49995	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:21.266756058 CET	31952	49995	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.078202009 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.083024979 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.083105087 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.092434883 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.097186089 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.108108997 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.112943888 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.113003969 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.118033886 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.123729944 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.128575087 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.139334917 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.144164085 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.154861927 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.160157919 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.170748949 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.175656080 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.186104059 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.190948963 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.201854944 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.206799030 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.217292070 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.222151995 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.233124971 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.238281012 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.248558998 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.253353119 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.264269114 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.269196987 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.280082941 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.284914017 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.295531988 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.300317049 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.311194897 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.315998077 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.326669931 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.332526922 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.342586040 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.364448071 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.364561081 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.370435953 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.373653889 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.378436089 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.389266968 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.394038916 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.404829979 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.409646988 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.420516014 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.425374031 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.436068058 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.440910101 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.451705933 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.456485033 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.467346907 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.472166061 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.482866049 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.487683058 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.498961926 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.503884077 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.514261961 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.519301891 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.529764891 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.534581900 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.545624971 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.550462008 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.561372995 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.566226006 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.576843977 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.581641912 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.592343092 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.597232103 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.608051062 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.612879038 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.623605013 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.628894091 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.639170885 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.643970013 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.658380985 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.663237095 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.670769930 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.675673962 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.686419010 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.691258907 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.701742887 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.706660986 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.717434883 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.722357988 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.733086109 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.737934113 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.748954058 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.753889084 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.767949104 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.772783995 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.781321049 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.786180019 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.796725035 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.801541090 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.813580036 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.818403006 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.827055931 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.831948996 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.842529058 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.847381115 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.858206034 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.863708019 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.873518944 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.878365993 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.889559031 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.894355059 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.904795885 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.909588099 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.920752048 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.925625086 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.936769962 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.941626072 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.952280998 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.957190037 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:24.968436003 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:24.973458052 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.060240984 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.065064907 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.082163095 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.086996078 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.094237089 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.099059105 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.121411085 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.127073050 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.305888891 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.310724020 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.327064037 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.331866980 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.342861891 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.362535000 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.362601042 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.367448092 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.376038074 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.380867004 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.393241882 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.398221970 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.420526028 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.425360918 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.436135054 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.440992117 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.451858044 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.456717968 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.467390060 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.472176075 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.482901096 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.487704039 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.498542070 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.503325939 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.514247894 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.519136906 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.529783964 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.534667015 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.545531034 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.550349951 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.561350107 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.566186905 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.576792002 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.581646919 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.592294931 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.597131014 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.607872009 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.612643003 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.623667002 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.628535032 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.639276981 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.644054890 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.654920101 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.659718990 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.670458078 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.675350904 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.686095953 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.690949917 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.691653967 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:25.691721916 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.691780090 CET	49996	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:25.696569920 CET	31952	49996	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.125679016 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.130836010 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.130939007 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.140367031 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.145240068 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.157107115 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.162120104 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.162215948 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.167063951 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.173142910 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.178528070 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.186331987 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.191255093 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.202419043 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.207331896 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.217426062 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.222244024 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.233237028 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.238045931 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.248682022 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.253562927 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.264385939 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.269382000 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.279989004 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.284800053 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.295980930 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.301728010 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.311274052 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.316174984 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.326772928 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.331559896 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.342328072 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.347141981 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.358006001 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.362766027 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.373549938 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.378777027 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.389096975 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.393950939 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.405087948 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.411648035 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.420356035 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.426664114 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.436353922 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.441255093 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.452337980 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.457192898 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.467613935 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.472851038 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.483041048 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.487921000 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.498713970 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.503664017 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.514368057 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.519283056 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.530013084 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.534943104 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.545551062 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.550441027 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.561130047 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.565995932 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.576781988 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.581662893 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.592514992 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.597433090 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.608072042 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.612946987 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.623691082 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.628788948 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.639616966 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.644515038 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.655179977 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.660077095 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.670814037 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.675616980 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.686428070 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.691230059 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.702066898 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.706861973 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.717499018 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.722753048 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.733120918 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.738106012 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.748626947 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.753531933 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.764331102 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.769217968 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.779898882 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.784699917 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.795648098 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.800546885 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.811119080 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.816118002 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.826796055 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.831734896 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.842575073 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.847446918 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.858032942 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.862935066 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.873528957 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.878420115 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.889077902 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.894099951 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.904892921 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.909928083 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.920392036 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.925322056 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.936223984 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.941195011 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.952162027 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.956970930 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.967363119 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.972291946 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.983186007 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:28.988086939 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:28.998819113 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.003808022 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.014339924 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.019185066 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.029829979 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.034657001 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.045455933 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.050409079 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.061239958 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.066282034 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.077008009 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.081923962 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.092420101 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.097285986 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.108120918 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.113045931 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.123560905 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.128451109 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.139162064 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.144042015 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.154836893 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.159717083 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.170696020 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.175579071 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.196090937 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.200998068 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.201991081 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.206918955 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.217470884 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.222410917 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.232944012 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.237962961 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.248450994 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.253601074 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.264239073 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.269165993 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.279980898 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.284786940 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.295468092 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.300365925 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.311148882 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.316036940 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.326817989 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.331764936 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.342554092 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.363526106 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.363626003 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.368531942 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.376394033 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.381251097 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.389280081 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.394193888 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.404825926 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.409692049 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.420552969 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.425436974 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.435995102 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.440860033 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.451872110 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.456775904 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.467304945 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.472346067 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.483155012 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.488084078 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.498857021 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.503830910 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.514385939 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.519263029 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.529975891 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.534872055 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.545509100 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.550347090 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.561122894 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.565952063 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.576639891 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.581496000 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.592730999 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.597565889 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.608228922 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.613225937 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.623619080 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.628376007 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.639265060 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.644073009 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.655006886 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.660013914 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.670948982 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.676054955 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.686209917 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.691051006 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.701884985 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.706962109 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.717447042 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.722268105 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.733078957 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.737942934 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.744981050 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:29.746525049 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.746587038 CET	49998	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:29.751363993 CET	31952	49998	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.859864950 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.864938974 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.865087986 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.873827934 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.878767014 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.889806986 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.894723892 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.894920111 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.899806023 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.905497074 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.910490990 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.920538902 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.925483942 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.936239958 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.941195965 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.951877117 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.957053900 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.967350960 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.975267887 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.983496904 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:31.988455057 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:31.999039888 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.003959894 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.014569998 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.019634962 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.030082941 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.035090923 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.045947075 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.050873995 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.061356068 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.066438913 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.077027082 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.081943035 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.092504025 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.097371101 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.108067989 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.112910986 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.123662949 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.128532887 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.139239073 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.144166946 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.154840946 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.159748077 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.170488119 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.175390959 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.186089039 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.191055059 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.201778889 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.206655025 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.217730999 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.222538948 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.233439922 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.238385916 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.248755932 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.253679037 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.264328957 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.269295931 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.313627005 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.318516970 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.327136993 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.332011938 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.342622042 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.363348961 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.363441944 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.368347883 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.373596907 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.378427029 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.389105082 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.394057035 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.404886007 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.409775019 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.420654058 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.425487041 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.435992002 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.440931082 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.451780081 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.456645012 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.467298985 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.472157955 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.482908010 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.487711906 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.498471022 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.503437996 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.514302969 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.519135952 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.529686928 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.534552097 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.545375109 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.550452948 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.561321974 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.566435099 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.576921940 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.582001925 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.592484951 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.597537994 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.608073950 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.612938881 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.623717070 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.628660917 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.639266968 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.644241095 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.654973030 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.659989119 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.670655966 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.675607920 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.686220884 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.691096067 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.701651096 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.706538916 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.717212915 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.722033978 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.732939005 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.737845898 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.748640060 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.753571033 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.764202118 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.769107103 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.780013084 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.784910917 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.795445919 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.800358057 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.811142921 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.816059113 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.826797009 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.831685066 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.842423916 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.847265959 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.858002901 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.862859011 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.873591900 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.878441095 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.889384031 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.894342899 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.905060053 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.909837961 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.920758963 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.925616026 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.936140060 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.941148043 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.951823950 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.956763983 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.967824936 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.972646952 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.983169079 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:32.987936974 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:32.998936892 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.003779888 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.014332056 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.019248962 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.029871941 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.034780979 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.045804024 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.050647020 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.061105967 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.065948963 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.076816082 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.081728935 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.092458010 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.097440958 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.108051062 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.112849951 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.123637915 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.128441095 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.139332056 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.144157887 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.154973984 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.159956932 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.170593977 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.175626993 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.186161995 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.191035986 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.201951027 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.206851959 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.217577934 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.222553968 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.233144045 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.238037109 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.248691082 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.253513098 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.264527082 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.270109892 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.280184031 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.284960985 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.295727015 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.300535917 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.311353922 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.316131115 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.326936007 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.331794977 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.342693090 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.364826918 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.364877939 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.369669914 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.373581886 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.378369093 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.389334917 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.394150019 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.404850960 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.409677982 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.420598984 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.425513983 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.436280966 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.441150904 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.451781034 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.457751989 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.467549086 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.473022938 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.482980967 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.488091946 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.498873949 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.503745079 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.505291939 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:33.505485058 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.505544901 CET	49999	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:33.510375023 CET	31952	49999	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.344000101 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.348997116 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.349112034 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.358114004 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.362987041 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.373666048 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.378545046 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.380688906 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.385530949 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.389238119 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.394114017 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.404953003 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.409778118 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.420419931 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.425291061 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.436131954 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.441001892 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.451823950 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.456876993 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.467434883 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.472318888 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.482940912 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.487730026 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.498625994 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.503468037 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.514432907 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.519382954 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.529968977 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.534749985 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.545464993 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.550314903 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.561182976 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.566009045 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.576673031 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.581619024 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.592421055 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.597332001 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.607995987 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.612807035 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.623852968 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.628700972 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.639486074 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.644296885 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.655051947 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.659960985 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.670552969 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.675401926 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.686247110 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.691063881 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.701813936 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.707559109 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.717554092 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.723412991 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.733299971 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.738177061 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.748553038 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.754272938 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.764277935 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.770221949 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.779917955 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.785510063 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.795900106 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.800739050 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.811108112 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.815947056 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.826750040 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.831542969 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.842485905 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.847359896 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.858026028 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.862889051 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.873728991 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.878664017 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.889336109 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.894164085 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.905149937 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.910036087 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.920605898 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.926182032 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.936203003 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.941040039 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.952125072 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.957000017 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.967495918 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.972474098 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.983165979 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:35.987998009 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:35.998716116 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.003694057 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.014946938 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.022483110 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.030317068 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.036232948 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.045883894 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.050731897 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.061428070 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.066232920 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.076776981 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.081653118 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.092458010 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.097289085 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.107975006 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.112797976 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.123543978 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.128494978 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.139503002 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.144359112 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.154891014 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.159921885 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.170624971 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.175549984 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.186137915 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.191112041 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.201839924 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.206908941 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.217317104 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.222737074 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.232949972 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.237842083 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.248542070 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.253498077 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.264223099 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.269088030 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.279870987 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.284794092 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.295523882 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.300354004 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.311003923 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.315884113 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.326637983 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.331473112 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.342433929 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.362481117 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.362668991 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.367635012 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.373593092 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.378437042 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.389719009 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.394783020 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.405062914 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.409966946 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.420511961 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.425333023 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.436060905 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.440912962 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.451894999 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.456700087 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.467384100 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.472342968 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.483112097 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.487998009 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.498692989 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.503462076 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.514177084 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.519049883 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.529951096 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.534806013 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.545454979 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.550273895 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.561247110 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.583008051 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.583112955 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.588179111 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.592329979 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.597158909 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.608289003 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.613301039 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.623742104 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.628959894 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.639561892 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.644525051 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.654809952 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.659856081 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.670567036 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.675474882 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.686304092 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.691128016 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.701783895 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.707370043 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.717663050 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.722846985 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.733203888 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.738195896 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.748766899 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.754861116 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.764177084 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.769001961 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.780029058 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.785044909 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.795531988 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.800569057 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.811067104 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.815918922 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.826873064 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.832485914 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.842344046 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.847199917 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.858022928 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.862974882 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.873558044 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.878493071 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.889233112 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.894186974 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.894299984 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.899200916 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.899292946 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.904162884 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.904242992 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.909111977 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.909228086 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.914160967 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.914237976 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.919065952 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.919143915 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.923907042 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.923981905 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.928808928 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.928874016 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.933729887 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.933788061 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.938580036 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.938635111 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.941991091 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.942043066 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.942481995 CET	50000	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:36.944529057 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.947628021 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:36.947647095 CET	31952	50000	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.531393051 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.536246061 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.536592960 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.538727045 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.543566942 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.543689966 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.548599958 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.548687935 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.553551912 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.553690910 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.558526993 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.558655024 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.563493967 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.564049959 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.568866968 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.568985939 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.573873043 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.574095011 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.578885078 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.580110073 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.584923029 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.585310936 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.590106010 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.590236902 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.595021963 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.597141027 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.602817059 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.602938890 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.608606100 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.608808994 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.614458084 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.614557028 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.620228052 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.620346069 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.626084089 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.628135920 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.633625984 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.633774042 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.638931036 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.640347958 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.645946026 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.648098946 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.657001019 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.660136938 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.680056095 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.685894012 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.686074972 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.686105013 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.686265945 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.691972017 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.692082882 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.692152977 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.697932959 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.698035002 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.704081059 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.704165936 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.710148096 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.710272074 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.715383053 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.715476990 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.721827984 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.721973896 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.727202892 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.727302074 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.732408047 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.732521057 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.737493038 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.737571001 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.743609905 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.743691921 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.749898911 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.750010967 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.755001068 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.755090952 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.759895086 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.759993076 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.765976906 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.766166925 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.771428108 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.771505117 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.777883053 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.777942896 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.782803059 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.782907963 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.788355112 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.788501024 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.794564009 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.794681072 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.799638033 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.799716949 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.804879904 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.804994106 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.810602903 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.810689926 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.815573931 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.818268061 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.823149920 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.823250055 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.828162909 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.828284025 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.833247900 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.833365917 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.839627028 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.839752913 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.844552994 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.844671965 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.850373983 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.850492954 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.855289936 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.855350971 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.861434937 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.861499071 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.867842913 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.867952108 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.872859955 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.872939110 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.877799988 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.877901077 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.882767916 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.882874012 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.888271093 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.888367891 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.893214941 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.893309116 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.898343086 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.898437023 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.903583050 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.903649092 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.908556938 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.908648968 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.933592081 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.940134048 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.940275908 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.960922956 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:38.982480049 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:38.982637882 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.005696058 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.028569937 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.033401012 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.033698082 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.069964886 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.074456930 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.074516058 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.122605085 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.122792006 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.170892000 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.171017885 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.218630075 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.218724966 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.270428896 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.270545006 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.312186956 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.317161083 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.317348957 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.342942953 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.348068953 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.348408937 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.374510050 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.379611969 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.379745960 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.409338951 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.415018082 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.415199041 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.446213007 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.451133013 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.451457977 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.478931904 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.484158993 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.484500885 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.527472019 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.527957916 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.554811001 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.578881025 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.579250097 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.608799934 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.626504898 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.626753092 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.665493011 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.671101093 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.671266079 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.695600986 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.718527079 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.718755007 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.750597954 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.755490065 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.755681992 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.787049055 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.792009115 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.792201996 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.845268965 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.866192102 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.890103102 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.912708998 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.936050892 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.962852001 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.987513065 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:39.997945070 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:39.998051882 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.020045996 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.044060946 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.046439886 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:40.047185898 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.069494009 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.090825081 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.091296911 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:40.091592073 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.113207102 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.135427952 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.138386011 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:40.138628006 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.161559105 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.182423115 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:40.182656050 CET	50002	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:40.183619976 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:40.187526941 CET	31952	50002	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.258228064 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.263355017 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.263463974 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.309139013 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.314069033 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.342654943 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.347619057 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.347695112 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.352596998 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.352695942 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.357541084 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.357671976 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.362545013 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.362663984 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.367507935 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.367592096 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.372448921 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.372571945 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.377474070 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.377650976 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.382590055 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.382771015 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.387583017 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.405678034 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.410654068 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.414805889 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.419773102 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.431435108 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.436300039 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.436392069 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.441230059 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.441296101 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.446139097 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.446202993 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.451066017 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.451143026 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.456070900 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.456123114 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.461004972 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.461062908 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.465931892 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.465981960 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.471251965 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.471321106 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.476254940 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.476310015 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.481169939 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.481220007 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.486134052 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.486279011 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.491126060 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.491183996 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.496082067 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.496124983 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.500947952 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.500988960 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.505844116 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.505884886 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.510699987 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.510746956 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.515616894 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.515661001 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.520503044 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.520550013 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.525461912 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.525517941 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.530483961 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.530534983 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.535475969 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.535528898 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.540440083 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.540491104 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.545387030 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.545438051 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.550295115 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.550353050 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.555223942 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.555277109 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.560219049 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.560270071 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.565125942 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.565176964 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.570116997 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.570177078 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.575053930 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.575108051 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.580588102 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.580641031 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.585716009 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.585772991 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.590600014 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.590647936 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.595484018 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.595530033 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.600383043 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.600439072 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.605274916 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.605330944 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.610207081 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.610260010 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.615113974 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.615165949 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.620070934 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.620136976 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.625025988 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.625087023 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.629940033 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.629996061 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.634848118 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.634922981 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.639794111 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.639839888 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.644640923 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.644684076 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.649485111 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.649530888 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.654392004 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.654438972 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.659348965 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.659395933 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.664293051 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.664352894 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.669193029 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.669245958 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.674468994 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.674527884 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.679915905 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.679997921 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.685491085 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.685537100 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.690449953 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.690524101 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.695446014 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.695511103 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.700314045 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.700906992 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.705739975 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.705785036 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.710823059 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.710874081 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.715682983 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.715742111 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.720561028 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.720607042 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.725682020 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.725727081 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.730531931 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.730581999 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.735420942 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.735467911 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.740401030 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.740447998 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.745255947 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.745305061 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.750206947 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.750262976 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.755069971 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.755129099 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.759969950 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.760018110 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.764863968 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.764916897 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.770638943 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.770701885 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.776278973 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.776340008 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.781999111 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.782084942 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.787596941 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.787692070 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.792520046 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.792610884 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.797691107 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.797802925 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.802689075 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.802758932 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.807586908 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.807668924 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.812508106 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.812578917 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.817399025 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.817478895 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.822370052 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.822432995 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.827734947 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.827817917 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.832664967 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.832731962 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.837599039 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.837687969 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.842611074 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.842674971 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.847556114 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.847637892 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.852477074 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.852560043 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.857379913 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.857490063 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.862340927 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.862425089 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.867275000 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.867353916 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.872209072 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.872298956 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.877132893 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.877209902 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.882065058 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.882144928 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.887005091 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.887082100 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.894901991 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.895021915 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.899849892 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.899935961 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.904757977 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.904833078 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.925499916 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.930412054 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.930557013 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.951232910 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.972873926 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.974397898 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:44.974529028 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:44.995259047 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.017252922 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.022136927 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.023415089 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.043322086 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.062443972 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.062567949 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.082736015 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.109745979 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.144947052 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.176358938 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.214260101 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.243397951 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.273561001 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.297848940 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.308984995 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309079885 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.309557915 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309568882 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309633970 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309734106 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309745073 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309746027 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.309746027 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.309748888 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309762001 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309853077 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309861898 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309875011 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309937000 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309990883 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.309999943 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.310010910 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.310024023 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.310072899 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.332535028 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.354882956 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.358397961 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.358493090 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.393695116 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.398479939 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.398612022 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.424959898 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.442358017 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.442554951 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.464904070 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.487215996 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.490417957 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.491799116 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.511730909 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.534390926 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.534425020 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.534538984 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.555942059 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.574913025 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.579859018 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.580327034 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.602060080 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.622420073 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.622598886 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.645323038 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.670450926 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.670613050 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.718594074 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.719235897 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.741672039 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.766160011 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.770457983 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.770690918 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.792056084 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.816916943 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.818428040 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.818690062 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.841898918 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.862471104 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:45.862842083 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.883061886 CET	50003	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:45.902287960 CET	31952	50003	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.907031059 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.912036896 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.912127972 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.912658930 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.917536974 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.917834044 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.922663927 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.922734022 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.927558899 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.927653074 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.932559013 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.932651043 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.937477112 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.937657118 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.942471027 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.942528009 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.947374105 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.947427988 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.952316046 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.952442884 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.957298040 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.957386017 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.962259054 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.962387085 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.967287064 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.967349052 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.972186089 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.972255945 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.977113008 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.977183104 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.982022047 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.982098103 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.987057924 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.987112999 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.991964102 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.992060900 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:49.996922970 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:49.996999025 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.003175020 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.003612995 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.008774996 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.008850098 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.013750076 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.013824940 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.018641949 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.018718004 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.023605108 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.023693085 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.028537035 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.028601885 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.033451080 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.034063101 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.038872957 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.038944006 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.043920040 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.044380903 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.049177885 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.049334049 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.054167986 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.054254055 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.059079885 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.059164047 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.064001083 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.064119101 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.068945885 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.069035053 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.074640036 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.074718952 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.079708099 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.079783916 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.085052967 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.085129023 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.089994907 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.090106010 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.094974041 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.095043898 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.099926949 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.100024939 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.104909897 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.105005026 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.109833956 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.109894037 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.114743948 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.114819050 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.119693995 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.119787931 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.124685049 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.124825001 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.129836082 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.129899025 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.134731054 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.134859085 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.139719963 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.139786959 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.144695997 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.144754887 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.149609089 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.149764061 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.154685974 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.158180952 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.163203955 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.182461023 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.187406063 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.187486887 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.192368984 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.192440033 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.197213888 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.197273970 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.202146053 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.202208042 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.207057953 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.207142115 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.212011099 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.212079048 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.217500925 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.217555046 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.224070072 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.224118948 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.229485035 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.229532957 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.235409021 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.235493898 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.240350962 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.240453959 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.245239973 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.245290995 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.250142097 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.250214100 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.255943060 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.256020069 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.261858940 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.261945963 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.267714024 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.267812967 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.273674011 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.273730993 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.278537989 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.278633118 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.283570051 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.283729076 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.288564920 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.288631916 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.293471098 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.293549061 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.298468113 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.299196959 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.304075003 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.304189920 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.309153080 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.309233904 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.314117908 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.314280033 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.319104910 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.319165945 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.323925018 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.323990107 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.328777075 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.328886986 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.333657980 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.333765030 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.338526964 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.338586092 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.343373060 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.344680071 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.364502907 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.364594936 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.388268948 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.393030882 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.393129110 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.393244982 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.397905111 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.397968054 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.422364950 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.427211046 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.427328110 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.450021029 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.470429897 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.470539093 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.494247913 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.518424988 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.520169973 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.548712015 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.566421986 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.566555977 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.591937065 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.614567041 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.614712000 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.636073112 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.658839941 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.662416935 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.662554026 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.684113979 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.706079960 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.706424952 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.708170891 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.729458094 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.751441002 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.754419088 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.754702091 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.777528048 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.798521996 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.798729897 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.828917980 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.846565008 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.846827984 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.880680084 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.885516882 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.885637045 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.909691095 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.914557934 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.914693117 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.939106941 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.958441019 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:50.958578110 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:50.979048014 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.000572920 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.005530119 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.005690098 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.037554026 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.042365074 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.042479038 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.064840078 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.086122036 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.086585045 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.086678028 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.106580973 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.129089117 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.133965969 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.134115934 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.156347036 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.174463987 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.174587965 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.200335979 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.222445011 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.222606897 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.261374950 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.266284943 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.266417980 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.310473919 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.312103033 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.355786085 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.358408928 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.358510017 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.379419088 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.398128033 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.403157949 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.403306007 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.422837973 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.450462103 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.450592995 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.498394012 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:51.498512030 CET	50004	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:51.523627043 CET	31952	50004	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.598551989 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.603547096 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.605981112 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.606473923 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.611372948 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.611551046 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.617407084 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.617563009 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.622396946 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.622505903 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.627433062 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.627554893 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.632453918 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.632642031 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.637552977 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.637758970 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.642662048 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.642905951 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.647753954 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.647943020 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.652869940 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.653007984 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.657876015 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.658000946 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.662934065 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.663058043 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.667941093 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.668100119 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.673034906 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.673155069 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.677977085 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.678180933 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.683063030 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.683298111 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.688384056 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.688529968 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.693393946 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.693543911 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.698419094 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.698494911 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.703319073 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.703440905 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.708326101 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.708497047 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.713500023 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.713628054 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.718874931 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.719077110 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.724812031 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.725171089 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.730710983 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.730837107 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.736490011 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.736601114 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.741450071 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.741545916 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.746371031 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.746474981 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.751318932 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.751401901 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.756243944 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.756385088 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.761221886 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.761298895 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.766213894 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.766385078 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.771222115 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.771342993 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.776154041 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.776281118 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.781095028 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.781194925 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.785986900 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.786214113 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.791055918 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.791178942 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.796010971 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.796089888 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.800899982 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.801029921 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.806679964 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.806782961 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.811666965 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.811988115 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.816844940 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.816926003 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.821752071 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.821841002 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.826698065 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.826780081 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.831645966 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.831775904 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.836595058 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.836750031 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.844142914 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.844274998 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.849606037 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.849870920 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.857779026 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.857942104 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.863334894 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.863464117 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.868355036 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.868418932 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.873266935 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.873385906 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.878180981 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.878473997 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.884248018 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.884346008 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.889117956 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.889302969 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.894121885 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.894241095 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.899013042 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.899123907 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.903951883 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.904066086 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.909164906 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.909298897 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.914382935 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.914649010 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.919523001 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.919872046 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.924700975 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.924942970 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.929817915 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.929956913 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.934798002 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.934922934 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.939723015 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.939872980 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.944700003 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.944802999 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.949698925 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.949832916 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.954680920 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.954823971 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.959645987 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.960190058 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.984066963 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:55.988938093 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:55.989094973 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.010886908 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.034087896 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.034339905 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.034461975 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.056068897 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.082411051 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.082452059 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.082593918 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.101851940 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.120973110 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.125746012 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.125941038 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.146678925 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.170504093 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.170782089 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.194695950 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.212059975 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.216866016 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.217114925 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.239428997 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.258466005 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.258605003 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.282110929 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.306521893 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.306663036 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.329601049 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.354398966 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.354449034 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.354599953 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.383080006 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.405695915 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.406464100 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.406608105 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.437925100 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.442780018 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.442898035 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.475723982 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.480591059 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.480674028 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.522414923 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.522517920 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.570463896 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.570550919 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.613343000 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.618282080 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.618422985 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.643625021 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.662395000 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.662508965 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.697186947 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.702003002 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.702164888 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.742356062 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.742682934 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.772375107 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.790467978 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.790575981 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.814630985 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.839112043 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.864723921 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.886967897 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.913892031 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:56.999159098 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:56.999294996 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:57.042584896 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:57.043395996 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:57.090482950 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:57.138801098 CET	50005	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:02:57.186433077 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:02:57.231578112 CET	31952	50005	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.234788895 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.240036964 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.240123034 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.240883112 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.245755911 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.245825052 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.250701904 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.250761986 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.255666018 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.255804062 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.260675907 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.260763884 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.265556097 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.265630960 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.270390987 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.270447969 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.275254011 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.275333881 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.280201912 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.306487083 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.311336040 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.311389923 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.316184998 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.316247940 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.321026087 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.321079016 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.325833082 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.325908899 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.330725908 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.330796003 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.335608006 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.335692883 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.340486050 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.340570927 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.345413923 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.345472097 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.366657972 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.366728067 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.391877890 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.396740913 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.396852970 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.396853924 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.402019024 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.402086973 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.409126997 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.409185886 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.414144993 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.414212942 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.419075012 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.419135094 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.424092054 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.424173117 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.429040909 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.429101944 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.433983088 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.434047937 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.438868046 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.438930988 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.443789959 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.443841934 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.448704004 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.448755980 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.453583956 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.453640938 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.458900928 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.458951950 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.464015961 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.464072943 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.468868017 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.468943119 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.473733902 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.473812103 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.478622913 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.478679895 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.483483076 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.483551979 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.488331079 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.488385916 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.493177891 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.493259907 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.498089075 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.498146057 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.503006935 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.503067970 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.507884026 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.507940054 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.512784004 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.512993097 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.517857075 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.517908096 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.522708893 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.522795916 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.535569906 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.535641909 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.542712927 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.542788029 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.550024033 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.550093889 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.555053949 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.555123091 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.560015917 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.560108900 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.564923048 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.564989090 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.569813967 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.569869041 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.574645996 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.574711084 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.579536915 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.579611063 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.584400892 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.584500074 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.589361906 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.589420080 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.594274998 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.594355106 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.599186897 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.599251032 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.604115009 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.604269981 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.609289885 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.609445095 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.650209904 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.655200005 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.655325890 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.680110931 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.698400021 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.698489904 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.721127987 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.743485928 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.750344992 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.750490904 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.775069952 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.781196117 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.781285048 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.806394100 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.812680960 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.812815905 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.837486029 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.846153975 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.846247911 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.874795914 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.879611015 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.879789114 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.902118921 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.926373005 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.926476955 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.948240042 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.973007917 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:01.974447012 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:01.974579096 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.002207994 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.007093906 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.007224083 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.032608032 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.050403118 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.050487995 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.073818922 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.095271111 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.100066900 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.104228973 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.130017042 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.134864092 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.134968042 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.160629034 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.178402901 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.178492069 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.226447105 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.226557016 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.274513006 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.274621010 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.322455883 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.326208115 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.378422022 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.691230059 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.696114063 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.718662977 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.725248098 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.725420952 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.732145071 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.732229948 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.738725901 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.738791943 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.745330095 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.745390892 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.751776934 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.751983881 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.756854057 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.756943941 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.761786938 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.761904001 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.766773939 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.766959906 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.775752068 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.775876999 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.782388926 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.782481909 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.789136887 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.789917946 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.795550108 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.795656919 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.800604105 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.800797939 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.805694103 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.805778980 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.810583115 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:02.810645103 CET	50006	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:02.831929922 CET	31952	50006	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.844074965 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.848939896 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.849037886 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.850585938 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.855415106 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.855465889 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.860224962 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.860488892 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.865253925 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.865320921 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.870101929 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.870151997 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.874921083 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.874998093 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.879781961 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.879971981 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.884830952 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.884893894 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.889693022 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.889750004 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.894643068 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.894834995 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.899796963 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.899848938 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.904659033 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.904715061 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.909549952 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.909632921 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.914412022 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.914472103 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.919311047 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.919363976 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.924175978 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.924242020 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.929075003 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.929125071 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.933907986 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.933985949 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.938770056 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.938831091 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.943634987 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.943726063 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.948508978 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.948581934 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.953382969 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.953625917 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.958468914 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.958539009 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.963349104 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.963875055 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.968677998 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.968749046 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.973618031 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.973675013 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.978543997 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.978610992 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.983472109 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.983531952 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.988399982 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.988517046 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.993344069 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.994659901 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:06.999511003 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:06.999658108 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.004488945 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.004614115 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.009452105 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.009521008 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.014381886 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.014501095 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.019345999 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.019391060 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.024182081 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.024257898 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.029021978 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.029119968 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.033936024 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.034008026 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.038810015 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.038877010 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.043677092 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.043741941 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.048870087 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.048954010 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.053725958 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.053806067 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.058574915 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.058723927 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.063611984 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.063672066 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.068466902 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.068542004 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.073326111 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.073415041 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.078223944 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.078288078 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.083134890 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.083256006 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.088043928 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.088219881 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.093009949 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.093096972 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.097964048 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.098053932 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.102925062 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.103066921 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.108031988 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.108122110 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.112987995 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.113059998 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.117887020 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.117954969 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.122771978 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.122844934 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.128298044 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.128385067 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.133647919 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.133744001 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.138993979 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.139072895 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.144727945 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.144809008 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.151118040 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.151235104 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.156909943 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.156987906 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.162456036 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.162530899 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.167347908 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.167424917 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.172281981 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.172353983 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.177195072 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.177272081 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.182090044 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.182166100 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.187026024 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.187100887 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.191955090 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.194087029 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.198894024 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.198986053 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.203814983 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.203965902 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.208781004 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.208852053 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.213767052 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.213859081 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.218866110 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.218931913 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.223824024 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.223891973 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.228709936 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.228785992 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.233608961 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.234469891 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.240282059 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.240360022 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.245937109 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.246023893 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.270884037 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.275777102 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.275897980 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.298090935 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.321759939 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.322416067 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.322501898 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.346574068 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.370408058 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.370538950 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.393563032 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.416234016 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.418407917 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.418530941 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.441801071 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.465452909 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.466391087 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.466567039 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.518467903 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.518568993 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.564390898 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.569262028 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.569405079 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.605564117 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.610765934 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.610838890 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.644366980 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.649285078 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.649357080 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.682048082 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.686882973 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.686949968 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.718715906 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.723579884 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.723655939 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.755330086 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.760272980 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.760418892 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.790169954 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.795066118 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.795202971 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.838430882 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.838506937 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.886471033 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.886550903 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.934406996 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.934490919 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.962086916 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.982244968 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:07.982446909 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:07.984137058 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.005848885 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.030531883 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.030643940 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.066690922 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.071549892 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.071671963 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.112381935 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.114378929 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.114443064 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.140726089 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.158397913 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.158576965 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.206479073 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.206557035 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.258457899 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.258569956 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.278228045 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.306435108 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.306572914 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.334506035 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.358504057 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.358618975 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.387630939 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.406476974 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.406686068 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.431566954 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.454422951 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.454571962 CET	50008	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:08.461103916 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:08.461360931 CET	31952	50008	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:12.468940973 CET	50009	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:12.474000931 CET	31952	50009	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:12.474081993 CET	50009	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.484750032 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.489711046 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.489799976 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.490344048 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.495138884 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.495218992 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.500050068 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.500130892 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.504959106 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.505034924 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.509867907 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.509932041 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.514816999 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.515124083 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.519979954 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.520064116 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.524912119 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.525017023 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.529961109 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.530085087 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.534935951 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.535032034 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.539875031 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.542195082 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.547089100 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.549815893 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.554742098 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.555514097 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.560379028 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.560560942 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.565368891 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.565483093 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.570267916 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.570348978 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.575212002 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.575294971 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.580116034 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.581960917 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.586793900 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.586883068 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.591674089 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.591752052 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.596596003 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.596743107 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.601555109 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.601706028 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.606547117 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.606617928 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.611530066 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.611617088 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.616419077 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.616488934 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.621309042 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.621445894 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.626254082 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.628268957 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.633091927 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.634463072 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.639328957 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.639692068 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.644526005 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.644697905 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.649513960 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.649928093 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.654810905 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.654901028 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.659780025 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.659883976 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.665112972 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.665193081 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.670008898 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.670186043 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.675015926 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.675096989 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.679904938 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.679981947 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.684773922 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.684850931 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.689678907 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.689821959 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.694626093 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.694814920 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.699754953 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.699843884 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.704690933 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.704773903 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.709645033 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.709784031 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.714886904 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.714981079 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.719842911 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.720021963 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.725212097 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.725306034 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.730123997 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.730262995 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.735066891 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.735198975 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.739999056 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.740283966 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.745148897 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.745237112 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.750111103 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.750201941 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.755028963 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.755204916 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.760008097 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.760094881 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.764950037 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.765049934 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.769936085 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.770057917 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.774872065 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.776637077 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.781512976 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.792243958 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.797219038 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.797332048 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.802170038 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.802258015 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.807080030 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.807168961 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.812037945 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.812659979 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.817501068 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.817641020 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.823096037 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.823239088 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.828242064 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.828326941 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.833286047 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.833481073 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.838366032 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.838643074 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.843528986 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.843666077 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.848464012 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.850567102 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.855638027 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.855731964 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.860761881 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.860869884 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.865761995 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.865952969 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.870937109 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.871098995 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.876003027 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.876143932 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.881064892 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.881140947 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.885983944 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.886157990 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.890964985 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.891043901 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.895848989 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.895982981 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.900785923 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.900949001 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.905731916 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.905833006 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.910821915 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.910933971 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.915743113 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.915899038 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.920701981 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.920981884 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.950355053 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.955236912 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.955384016 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.983704090 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:16.988677025 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:16.988759041 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.017549038 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.022408009 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.022510052 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.047544956 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.070127010 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.070429087 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.070744038 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.098982096 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.118412018 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.122843981 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.151325941 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.170445919 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.170761108 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.196096897 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.213303089 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.218179941 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.218415976 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.244100094 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.249057055 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.249177933 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.271338940 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.290353060 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.290503979 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.312777996 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.338373899 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.338418007 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.338531017 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.364095926 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.382443905 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.386336088 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.386497021 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.408272028 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.430350065 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.430543900 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.462435961 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.467279911 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.467462063 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.490396976 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.510468006 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.510636091 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.546442986 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.551320076 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.551422119 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.586752892 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.591519117 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.591605902 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.621407032 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.626333952 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.626413107 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.653959036 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.658793926 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.658875942 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.695399046 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.700207949 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.700290918 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.742364883 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.742434978 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.790497065 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.790642023 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.838391066 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.838473082 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.890470982 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.890556097 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.938452959 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.938534975 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.957600117 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.982628107 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:17.986380100 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:17.986515999 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:18.030507088 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:18.030675888 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:18.078515053 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:18.078676939 CET	50010	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:18.082691908 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:18.083551884 CET	31952	50010	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.094265938 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.099086046 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.099165916 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.099812031 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.104615927 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.104696035 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.109601021 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.109653950 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.114505053 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.114715099 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.119493008 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.119551897 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.124367952 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.124449015 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.129236937 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.129302025 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.134069920 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.134140015 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.138920069 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.138978004 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.143795013 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.143853903 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.148588896 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.148646116 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.153409958 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.153470039 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.158279896 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.158339977 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.163340092 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.163404942 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.168226957 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.168298006 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.173130989 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.173197031 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.177961111 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.178024054 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.182876110 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.182934999 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.187788010 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.187858105 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.192727089 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.192786932 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.197635889 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.197717905 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.202622890 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.202687025 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.207595110 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.207690954 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.212539911 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.212639093 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.217461109 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.217585087 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.222419977 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.222479105 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.227371931 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.227443933 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.232355118 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.232426882 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.237314939 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.237396002 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.242254019 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.242353916 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.247174978 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.247235060 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.252039909 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.252238989 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.257405996 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.257466078 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.263125896 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.263231039 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.268655062 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.268717051 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.273622990 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.273736954 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.278717995 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.278806925 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.283699989 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.283768892 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.288554907 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.288625956 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.293471098 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.293529987 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.298418999 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.298505068 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.303366899 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.303426027 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.308290005 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.308360100 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.313239098 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.313318014 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.318109035 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.318201065 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.323069096 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.323144913 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.327961922 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.328042984 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.332890987 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.332962990 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.337780952 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.337857962 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.342703104 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.342756987 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.364248037 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.364361048 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.393558025 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.398380995 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.398495913 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.398519993 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.403278112 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.403348923 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.408214092 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.408267021 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.413052082 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.413105011 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.417884111 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.417943954 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.422750950 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.422816038 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.427647114 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.427707911 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.432873011 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.432921886 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.437745094 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.437796116 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.442589045 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.442756891 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.448328972 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.448421001 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.454345942 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.454411030 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.459319115 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.459378958 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.464235067 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.464344025 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.509947062 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.510489941 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.514949083 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.515022039 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.540364981 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.566015959 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.566405058 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.566503048 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.591665983 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.614398003 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.614552975 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.648097992 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.652930021 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.653100967 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.681759119 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.686532021 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.686780930 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.730556011 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.730650902 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.756100893 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.774122000 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.778346062 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.778466940 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.798125029 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.819346905 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.822377920 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.822513103 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.846123934 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.864105940 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.866343975 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.866503954 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.888091087 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.912101030 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.914362907 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.914541960 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.935970068 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.958445072 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:22.958791971 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:22.979468107 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.002140045 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.006365061 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.006603003 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.028119087 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.052097082 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.054316998 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.054548979 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.080622911 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.102616072 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.102670908 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.102849007 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.124094963 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.148111105 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.150702953 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.151014090 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.171658993 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.195137024 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.195188046 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.195396900 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.216073990 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.238131046 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.242352962 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.242465019 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.265893936 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.286341906 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.286639929 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.310132980 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.331824064 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.334373951 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.334496021 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.357477903 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.378017902 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.378350019 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.400388002 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.426337004 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.426476002 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.451111078 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.472096920 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.474349976 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.474478960 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.496099949 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.520160913 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.522355080 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.522488117 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.546305895 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.566349983 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.566509962 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.589119911 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.612426996 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.614384890 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.614494085 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.639431953 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.662379980 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:23.662570000 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.686564922 CET	50011	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:23.695888042 CET	31952	50011	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.703916073 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.708748102 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.708822012 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.709372997 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.714179993 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.714238882 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.719130039 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.719197989 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.724087000 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.724159956 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.729100943 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.729173899 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.733973026 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.734049082 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.738872051 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.738925934 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.743649960 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.743705034 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.748543978 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.748591900 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.753674030 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.753730059 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.758481979 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.758533955 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.763293982 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.763351917 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.768318892 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.768387079 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.773221016 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.773282051 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.778078079 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.778126955 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.782911062 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.782968998 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.788348913 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.788408041 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.793236971 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.793282032 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.798145056 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.798194885 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.803082943 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.803133011 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.808024883 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.808079004 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.812926054 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.813060045 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.818032980 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.818120956 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.822869062 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.822920084 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.827688932 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.827739954 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.832516909 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.832567930 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.837760925 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.837814093 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.843060017 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.843110085 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.848031998 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.848140001 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.852948904 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.852997065 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.857981920 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.858031034 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.863141060 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.863207102 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.868134022 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.868191004 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.873044968 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.873096943 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.878010035 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.878056049 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.882900953 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.882941008 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.887845993 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.887898922 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.892779112 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.892832041 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.897733927 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.897814035 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.902751923 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.902815104 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.907663107 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.907723904 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.913393021 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.913450003 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.918346882 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.918412924 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.924103022 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.924186945 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.931355000 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.931432009 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.936429977 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.936491013 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.942080975 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.942152023 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.947089911 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.947155952 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.952022076 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.952100992 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.957515001 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.957573891 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.962488890 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.962554932 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.967359066 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.967421055 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.972573996 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.972635031 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.977449894 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.977761984 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.982584953 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.982675076 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.987884045 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.987941027 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.992789984 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.992857933 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:27.998125076 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:27.998184919 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.003129959 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.003221989 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.008093119 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.008147001 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.012969971 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.013031960 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.017822027 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.017935038 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.022846937 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.022896051 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.027724028 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.027777910 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.032812119 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.032865047 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.038691998 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.038749933 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.043710947 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.043770075 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.048608065 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.048671961 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.053515911 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.053605080 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.058407068 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.058473110 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.063651085 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.063704967 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.068634987 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.068706989 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.073522091 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.073586941 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.078437090 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.078500032 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.083369970 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.083435059 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.088232994 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.088359118 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.093406916 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.093492985 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.098473072 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.098598957 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.103456974 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.103535891 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.108390093 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.108573914 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.113794088 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.113873959 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.118689060 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.118949890 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.123821020 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.123910904 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.128705025 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.128772974 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.135780096 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.135854959 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.140750885 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.140826941 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.145714045 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.145885944 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.151396990 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.151467085 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.156375885 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.156552076 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.181849957 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.186707973 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.186870098 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.212264061 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.230581045 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.230767965 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.261904001 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.266716957 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.266972065 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.287988901 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.308604002 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.310702085 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.310880899 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.330001116 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.350656033 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.354367018 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.354510069 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.381304979 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.402393103 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.402508020 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.431113958 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.454412937 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.454566002 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.483059883 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.506498098 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.506704092 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.532211065 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.554142952 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.554358959 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.554609060 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.574927092 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.602433920 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.602621078 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.624115944 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.645322084 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.650276899 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.650439978 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.672723055 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.694691896 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.694864988 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.719577074 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.743036032 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.743778944 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.743935108 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.767102957 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.789560080 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.791537046 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.792288065 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.814558983 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.839550018 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.840121984 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.840970993 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.864089012 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.883687019 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.889961004 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.890108109 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.916109085 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.920934916 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.921646118 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.950850964 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.955836058 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.956072092 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.980906010 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:28.998564959 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:28.998955965 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.021924019 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.044827938 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.046323061 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:29.046418905 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.070398092 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.090358019 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:29.090503931 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.116096973 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.138370991 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:29.138411045 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.139336109 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.161025047 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.184113026 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.187411070 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:29.188230038 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.210151911 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.230487108 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:29.230684996 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.252100945 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.278441906 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:29.278485060 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.278671980 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.298418045 CET	50012	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:29.323416948 CET	31952	50012	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.328397036 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.333266973 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.333549976 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.334261894 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.339106083 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.339524031 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.344321966 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.344422102 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.349194050 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.349433899 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.354244947 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.354346037 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.359155893 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.359342098 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.364130020 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.364309072 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.369113922 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.369256020 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.374083042 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.374135017 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.378927946 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.379012108 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.383850098 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.384094000 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.388906956 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.389424086 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.394239902 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.394576073 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.399353981 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.399420977 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.404213905 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.404578924 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.409353971 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.409449100 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.414262056 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.416120052 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.420958042 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.421442986 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.426376104 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.426758051 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.431524038 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.431665897 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.436497927 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.437452078 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.442331076 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.442532063 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.447364092 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.447552919 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.452366114 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.452579975 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.457427979 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.457525015 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.462425947 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.462508917 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.467401028 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.467551947 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.472393990 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.472620010 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.477453947 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.477691889 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.482501984 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.482628107 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.487448931 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.487514973 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.492383957 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.492489100 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.497308969 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.497632980 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.502402067 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.502466917 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.507915020 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.507988930 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.512881041 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.513040066 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.517870903 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.517946959 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.522795916 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.523334980 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.528141975 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.528263092 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.533148050 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.533350945 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.538177967 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.538252115 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.543025970 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.543086052 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.547946930 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.548290014 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.553127050 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.553195000 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.558017015 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.558423042 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.563205957 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.563261986 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.568103075 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.568166971 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.573048115 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.573137045 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.577986956 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.578063011 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.582922935 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.583338976 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.588186979 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.589071035 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.594386101 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.594454050 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.599257946 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.599318981 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.604160070 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.604249954 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.609050035 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.609112978 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.613945007 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.614414930 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.619216919 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.619283915 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.624103069 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.624571085 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.629350901 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.630436897 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.635215998 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.635307074 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.640079975 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.640646935 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.645436049 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.645494938 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.650325060 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.650496006 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.655513048 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.655798912 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.661478996 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.661577940 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.666517973 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.666743994 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.671530008 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.671629906 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.676570892 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.676639080 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.681433916 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.681653976 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.686491966 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.686731100 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.691556931 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.691606045 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.696429014 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.696643114 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.701481104 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.701539040 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.706469059 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.706535101 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.747906923 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.752675056 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.752809048 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.791677952 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.794378996 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.794439077 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.828686953 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.833494902 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.833692074 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.867214918 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.872054100 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.872133017 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.902018070 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.906882048 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.906963110 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.933826923 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.938700914 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.938828945 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.968105078 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.972968102 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:33.973053932 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:33.996053934 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.014419079 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.015064955 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.038048983 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.060077906 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.062366009 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.062565088 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.085526943 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.110095978 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.137217045 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.157375097 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.176712036 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.196491003 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.216588974 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.235965967 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.253444910 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.272403955 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.287381887 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.287491083 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.288711071 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.288722992 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.288820028 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.288870096 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289210081 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289225101 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289238930 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289252043 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289295912 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.289396048 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289412975 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289427996 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289441109 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289534092 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289546013 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289555073 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289566040 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.289591074 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.311019897 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.330399036 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.330703974 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.353377104 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.377711058 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.378372908 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.379694939 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.402529955 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.426367044 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.426769972 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.472336054 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.474399090 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.474642992 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.501142025 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.518359900 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.518506050 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.548285961 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.566329002 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.566436052 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.596178055 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.614337921 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.614465952 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.634613991 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.660703897 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.662355900 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.662452936 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.683954954 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.706398010 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.706934929 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.728379011 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.749708891 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.754332066 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.756215096 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.789499044 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.794380903 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.796236992 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.815819979 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.836468935 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.841298103 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.844283104 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.864794970 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.882379055 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.888207912 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.909671068 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.929683924 CET	50013	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:34.930902004 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.934509039 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:34.934578896 CET	31952	50013	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.940179110 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.945012093 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.948250055 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.949094057 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.954027891 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.954579115 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.959381104 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.959609032 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.964432001 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.964621067 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.969439030 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.969592094 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.974625111 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.975150108 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.979999065 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.980320930 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.985382080 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.985454082 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.990601063 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.990921021 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:38.995800018 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:38.995981932 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.001140118 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.001342058 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.006191015 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.006283045 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.011168003 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.011303902 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.016182899 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.016417980 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.021275043 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.024211884 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.029136896 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.029361010 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.034208059 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.034856081 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.039685965 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.042382956 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.047230005 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.047343016 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.052165031 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.052395105 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.057241917 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.057322025 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.062197924 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.062422037 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.067223072 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.067473888 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.072443008 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.072679043 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.077450991 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.077660084 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.082473040 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.082567930 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.087354898 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.087498903 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.092314959 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.092546940 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.097305059 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.097457886 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.102240086 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.102375031 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.107187986 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.107465982 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.112365007 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.112629890 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.117433071 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.117564917 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.122416973 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.122643948 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.127418995 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.127578974 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.132419109 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.132586002 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.137490034 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.137590885 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.142545938 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.146622896 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.168118000 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.172987938 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.173079014 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.173408031 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.178278923 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.178414106 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.183428049 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.184214115 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.189033985 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.192231894 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.197046995 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.199259043 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.204134941 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.204431057 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.209287882 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.212224960 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.217103004 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.220314026 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.225167990 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.228190899 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.233144999 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.236243963 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.241157055 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.243918896 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.248764992 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.252332926 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.257239103 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.260377884 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.265338898 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.265443087 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.270266056 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.272583008 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.277873039 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.277972937 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.282752037 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.284919024 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.289735079 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.290683031 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.295505047 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.296268940 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.301080942 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.302237034 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.307101965 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.307219982 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.332743883 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.337522030 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.338392973 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.368119955 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.373845100 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.374011993 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.398159027 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.403023958 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.404181004 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.427118063 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.445311069 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.450282097 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.456336021 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.480109930 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.485040903 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.485187054 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.511324883 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.516269922 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.520268917 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.543998957 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.549350977 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.556102991 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.581366062 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.586447954 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.586563110 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.630407095 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.630816936 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.659250975 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.678361893 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.678512096 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.704673052 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.726373911 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.726506948 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.752926111 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.774372101 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.774494886 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.798358917 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.822432041 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.822570086 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.849104881 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.870413065 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.870542049 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.902359009 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.907280922 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.907391071 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.946697950 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.950398922 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.950498104 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:39.994405985 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:39.994512081 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.029356956 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.034271955 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.034380913 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.058725119 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.082314968 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.082402945 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.105546951 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.126909971 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.131525993 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.131629944 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.154211044 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.174359083 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.174580097 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.204421043 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.222382069 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.222489119 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.262420893 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.267374039 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.267478943 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.313755035 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.357341051 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.379641056 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.402513981 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.424710989 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.444906950 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.465070009 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.485487938 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.505501986 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.517020941 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.517163038 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.519798994 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.519911051 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.538975954 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.558463097 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.562407970 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:40.567979097 CET	50014	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:40.575553894 CET	31952	50014	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:44.594989061 CET	50017	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:44.599782944 CET	31952	50017	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:44.600148916 CET	50017	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:44.601136923 CET	50017	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:44.606002092 CET	31952	50017	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:44.606098890 CET	50017	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.632114887 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.637012959 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.637144089 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.640116930 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.644884109 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.652682066 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.657535076 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.657610893 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.662415028 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.662503958 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.667355061 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.667458057 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.672275066 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.672482014 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.677299976 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.677403927 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.682307005 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.682387114 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.687225103 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.692162991 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.697014093 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.697118044 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.701920986 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.702023983 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.706803083 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.706928015 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.711721897 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.711822033 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.716609955 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.716860056 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.721658945 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.721822023 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.726577044 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.726794958 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.731530905 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.731673956 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.736447096 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.740847111 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.745702982 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.745765924 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.750567913 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.750643969 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.755429983 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.755491972 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.760288000 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.761213064 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.766043901 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.766107082 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.770854950 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.770922899 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.775753021 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.775883913 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.780647993 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.780709982 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.785506964 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.785563946 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.790426970 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.790604115 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.795392036 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.795471907 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.800285101 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.804115057 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.808933973 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.809039116 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.813822985 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.813950062 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.818708897 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.818783045 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.823575974 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.823664904 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.828506947 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.828645945 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.833409071 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.833484888 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.838293076 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.840221882 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.844985962 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.845105886 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.849868059 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.850373983 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.855166912 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.859160900 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.864084005 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.866677046 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.871547937 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.874736071 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.879614115 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.882606030 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.887559891 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.891112089 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.911892891 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.916719913 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.916834116 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.916944981 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.921758890 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.921833992 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.926673889 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.926755905 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.931617022 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.931704044 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.936578989 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.936656952 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.941451073 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.941593885 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.946394920 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.946480036 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.951286077 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.951395035 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.956357002 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.956717014 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.961565018 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.961654902 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.966496944 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.966614962 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.971455097 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.974303007 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.979173899 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.979254007 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.984091043 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.984168053 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.989002943 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.989126921 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:48.994044065 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:48.994312048 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.015698910 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.020545006 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.022876978 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.044117928 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.062329054 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.062438011 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.084116936 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.103476048 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.108289003 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.108423948 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.128348112 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.148839951 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.150315046 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.150475025 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.174731016 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.194370031 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.194602013 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.220144987 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.242552042 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.246340036 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.246507883 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.268155098 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.289817095 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.294336081 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.294550896 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.339390993 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.342384100 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.342519045 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.372678041 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.377573013 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.377736092 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.405880928 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.410762072 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.410888910 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.433830976 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.454381943 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.454507113 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.476391077 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.503194094 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.506376028 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.512239933 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.536520004 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.541394949 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.541552067 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.564161062 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.582405090 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.582561970 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.614624977 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.619559050 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.619774103 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.662350893 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.662946939 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.683815002 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.706792116 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.710378885 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.710609913 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.734065056 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.754393101 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.754582882 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.775712013 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.797238111 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.802119970 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.802318096 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.825686932 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.830523968 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.830693960 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.853004932 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.876257896 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.878357887 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.878509998 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.900849104 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.922382116 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.922525883 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.953532934 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.958405018 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:49.958534956 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:49.980000973 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.006328106 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:50.006534100 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.041214943 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.046112061 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:50.046246052 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.082472086 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.086329937 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:50.086410999 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.123130083 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.128072023 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:50.128201008 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.154488087 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.159365892 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:50.159493923 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.183701038 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.206337929 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:50.206518888 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.229564905 CET	50018	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:50.243292093 CET	31952	50018	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.259008884 CET	50019	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.260138035 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.263823032 CET	31952	50019	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.264184952 CET	50019	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.264921904 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.264983892 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.265903950 CET	50019	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.266705990 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.271473885 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.271531105 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.276484966 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.276550055 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.281363010 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.281415939 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.286269903 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.286346912 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.291125059 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.291201115 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.295986891 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.296051025 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.300808907 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.300879955 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.305723906 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.305830956 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.310580969 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.310631990 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.315416098 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.315464973 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.320321083 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.320368052 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.325206995 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.325263023 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.330019951 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.330130100 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.334923029 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.334975004 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.339766026 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.339814901 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.344584942 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.344644070 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.349445105 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.349500895 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.354259014 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.354314089 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.375241041 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.375303030 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.404375076 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.404375076 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.409295082 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.409379005 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.409393072 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.415654898 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.415724993 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.420584917 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.420698881 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.425497055 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.425573111 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.430425882 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.430490017 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.435271025 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.435342073 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.440126896 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.440262079 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.445049047 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.445262909 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.450043917 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.450105906 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.457633018 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.457686901 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.462460041 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.462518930 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.468749046 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.468797922 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.474147081 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.474248886 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.480074883 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.480156898 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.485460997 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.485521078 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.490848064 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.490899086 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.495707035 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.495779991 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.500559092 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.500612974 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.505923033 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.506196976 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.512130976 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.512198925 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.516990900 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.517045021 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.521869898 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.521960974 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.528285980 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.528361082 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.533898115 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.533984900 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.539630890 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.539697886 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.545665026 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.545768023 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.551368952 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.551465988 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.557033062 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.557097912 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.564590931 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.564673901 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.570310116 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.570383072 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.575862885 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.575944901 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.581648111 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.581724882 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.587310076 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.592220068 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.597820997 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.600331068 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.605742931 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.605878115 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.610754013 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.612148046 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.617026091 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.618144989 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.622970104 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.624351025 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.629230976 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.632270098 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.637135029 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.637296915 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.642157078 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.644510031 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.665122986 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.669900894 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.670106888 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.690778017 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.710328102 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.712146997 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.736125946 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.754760981 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.758337021 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.758896112 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.782176971 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.801088095 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.802321911 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.802849054 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.824501991 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.848165989 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.850833893 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.851478100 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.873658895 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.895823956 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.896011114 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.918849945 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.942420959 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.942586899 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.967494965 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:54.991385937 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:54.991535902 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.016134024 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.036076069 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.040132046 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.040401936 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.068135023 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.072966099 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.073168993 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.099953890 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.104903936 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.105068922 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.128766060 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.146415949 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.146579981 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.172137022 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.191662073 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.196158886 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.196283102 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.218480110 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.239569902 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.240133047 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.240341902 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.266094923 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.287833929 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.288043022 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.312153101 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.332137108 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.336138010 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.336359024 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.357867002 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.378335953 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.378495932 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.400711060 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.422254086 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.427073002 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.427225113 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.448307991 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.472134113 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.472155094 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.472239971 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.496898890 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.520143986 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.522701979 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.522838116 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.543903112 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.568135977 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.568485975 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.568631887 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.594602108 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.614433050 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.614557981 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.662364006 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.662446022 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.712187052 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.712260008 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.758621931 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.758696079 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.806652069 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.806751013 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.838154078 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.843215942 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.843354940 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.863778114 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.883256912 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.886327028 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:55.886434078 CET	50020	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:55.914820910 CET	31952	50020	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.922643900 CET	50021	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.923557043 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.927433014 CET	31952	50021	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.927489996 CET	50021	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.928332090 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.928445101 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.929357052 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.934153080 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.934585094 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.939389944 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.939452887 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.944233894 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.944396973 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.949280977 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.949353933 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.954253912 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.954392910 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.959383965 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.959476948 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.964334011 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.964412928 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.969263077 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.969549894 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.974350929 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.974402905 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.979213953 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.979270935 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.984023094 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.984071970 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.988867998 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.988917112 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.993695021 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.993752003 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:03:59.998533964 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:03:59.998579979 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.003390074 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.003513098 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.008271933 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.008407116 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.013360023 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.013438940 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.018261909 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.018348932 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.023154974 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.023246050 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.028022051 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.028081894 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.032896042 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.032951117 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.037727118 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.037798882 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.042589903 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.042654037 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.047451973 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.047715902 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.052799940 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.052856922 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.057646990 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.057701111 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.062474966 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.062541962 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.067440987 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.067526102 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.072324991 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.072401047 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.077270985 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.077330112 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.082257032 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.082344055 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.087126017 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.087182999 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.091979980 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.092096090 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.096883059 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.096946001 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.101715088 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.101764917 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.106585026 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.106640100 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.111442089 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.111505032 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.116317987 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.116496086 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.121284008 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.121362925 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.126982927 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.127046108 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.131825924 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.131907940 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.136742115 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.136801004 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.141731024 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.141789913 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.146663904 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.146730900 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.151559114 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.151611090 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.156409979 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.156476021 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.161288023 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.161339998 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.166960955 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.167041063 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.171910048 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.171977043 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.176822901 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.176919937 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.181790113 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.181859970 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.186671019 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.186738014 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.191523075 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.191991091 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.196894884 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.197099924 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.201914072 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.201977015 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.206779003 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.206873894 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.211699009 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.211750984 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.216641903 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.216711044 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.221524000 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.221581936 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.226411104 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.226463079 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.231411934 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.231470108 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.236368895 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.236531019 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.241427898 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.241482973 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.246402979 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.246467113 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.251322985 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.251497030 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.256342888 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.256490946 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.261342049 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.261447906 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.266526937 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.266622066 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.272496939 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.272555113 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.277425051 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.277489901 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.282398939 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.282588959 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.287404060 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.287467003 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.292283058 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.292363882 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.297211885 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.297286987 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.302649975 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.302733898 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.307549953 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.307614088 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.312488079 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.312546968 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.317363977 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.317457914 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.323033094 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.323103905 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.328007936 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.328093052 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.332922935 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.333014011 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.337804079 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.337920904 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.342742920 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.342806101 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.347693920 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.347779036 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.352617979 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.352682114 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.375459909 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.375540972 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.402587891 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.407457113 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.407552958 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.407582998 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.412411928 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.412473917 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.417337894 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.417409897 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.422274113 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.422406912 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.427248001 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.428185940 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.432976007 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.433038950 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.437886000 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.438030005 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.442867994 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.442962885 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.447799921 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.447895050 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.452727079 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.452804089 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.457667112 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.457726955 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.462538958 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.462594032 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.467508078 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.467586994 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.496948957 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.501808882 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.501903057 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.531768084 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.536700010 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.536823988 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.571569920 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.576461077 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.576556921 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.607866049 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.612705946 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.612883091 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.638947964 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.643852949 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.643970013 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.671011925 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.675834894 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.675997019 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.702575922 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.707472086 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.707611084 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.734564066 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.739480972 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.739645958 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.766258955 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.771100998 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.771708012 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.796147108 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.818397999 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.818556070 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.842977047 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.866379023 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.866589069 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.890711069 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.914400101 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.914447069 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.938726902 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.962543011 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.966379881 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.966530085 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.994631052 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:00.999469995 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:00.999598980 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.024144888 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.042397022 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.042675018 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.068140030 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.090876102 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.091053009 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.115140915 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.138330936 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.138530016 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.167159081 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.186378002 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.186537027 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.238369942 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.238645077 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.264062881 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.290433884 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.290700912 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.317491055 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.338486910 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.338653088 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.370342016 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.375252008 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.375657082 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.404138088 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.409013033 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.409126997 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.444519043 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.449367046 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.487804890 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.490395069 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.490586042 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.518351078 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.523206949 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:01.524224997 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.548321009 CET	50022	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:01.560053110 CET	31952	50022	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.938261032 CET	50023	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.938462973 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.943207979 CET	31952	50023	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.943305969 CET	50023	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.943324089 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.944188118 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.946950912 CET	50023	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.947341919 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.952158928 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.952332020 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.957751036 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.957855940 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.962647915 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.962739944 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.967559099 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.967725992 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.972856998 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.972924948 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.977737904 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.977798939 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.982563972 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.983418941 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.988230944 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.988280058 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.993050098 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.993174076 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:03.997936964 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:03.998006105 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.002757072 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.002847910 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.007615089 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.008172035 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.013012886 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.013102055 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.017978907 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.018090963 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.022845030 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.024175882 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.029025078 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.029102087 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.033936024 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.034040928 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.038846970 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.038986921 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.043791056 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.043875933 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.048648119 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.048718929 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.053524971 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.056202888 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.061275005 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.061356068 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.066201925 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.066271067 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.071069002 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.071132898 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.075939894 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.076000929 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.080818892 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.080893040 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.085777044 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.085849047 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.090619087 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.090693951 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.095524073 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.095585108 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.100378036 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.100435019 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.105232954 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.105304956 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.110126019 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.110197067 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.115004063 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.115067959 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.119847059 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.119901896 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.124727964 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.124788046 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.129589081 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.130320072 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.135190964 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.135250092 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.140069962 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.140137911 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.144927979 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.144978046 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.149765015 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.149817944 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.154592991 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.154649973 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.159440041 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.159518957 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.164299011 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.164385080 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.169147015 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.169337988 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.174185038 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.174242020 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.179188013 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.179244041 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.184087038 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.184148073 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.188952923 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.189003944 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.193798065 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.194061041 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.198857069 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.198911905 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.203721046 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.203775883 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.208539009 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.208596945 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.213382006 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.213455915 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.218252897 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.218323946 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.223067045 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.224184036 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.229002953 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.229737997 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.234533072 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.236177921 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.241022110 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.242501020 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.247334957 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.247380972 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.252156973 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.253559113 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.258382082 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.258461952 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.263444901 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.263525963 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.268316031 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.268388987 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.273526907 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.287648916 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.292582989 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.292670012 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.297513008 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.297610044 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.302462101 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.302542925 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.307343006 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.307426929 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.312398911 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.314762115 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.319617987 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.319710016 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.324486971 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.324753046 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.329579115 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.331557035 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.336338043 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.338927984 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.343837976 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.348185062 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.353058100 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.353123903 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.375735044 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.375858068 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.422359943 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.422482014 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.448383093 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.453336000 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.453398943 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.453533888 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.458401918 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.458497047 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.463407040 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.463481903 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.468292952 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.468461990 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.473366976 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.473464966 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.495625973 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.500587940 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.500675917 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.522767067 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.542408943 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.542526960 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.590460062 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.590564966 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.619820118 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.638376951 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.638490915 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.676126003 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.681121111 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.681337118 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.712958097 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.717914104 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.718000889 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.746906042 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.751774073 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.751902103 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.787797928 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.792674065 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.792749882 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.825221062 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.830060959 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.830141068 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.865658045 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.870382071 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.870440960 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.914382935 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.914473057 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.950885057 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.955746889 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.955841064 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.991750002 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:04.996701002 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:04.996778011 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.033308029 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.038244963 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.038325071 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.066881895 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.071753025 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.071846008 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.097611904 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.102411985 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.104211092 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.125973940 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.146411896 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.147870064 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.169415951 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.191215038 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.194407940 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.194520950 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.216542959 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.238394022 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.238511086 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.273720980 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.278585911 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.280220985 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.307858944 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.312760115 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.314732075 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.336771965 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.354392052 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.356226921 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.377377033 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.398015022 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.402427912 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.404227972 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.425350904 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.446474075 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.450366974 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.452258110 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.472979069 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.494430065 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.494584084 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.516272068 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.538706064 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.542399883 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.542525053 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.565546036 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.586384058 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.587371111 CET	50024	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:05.587506056 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:05.594657898 CET	31952	50024	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:09.594419003 CET	50025	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:09.594605923 CET	50026	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:09.599798918 CET	31952	50025	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:09.599869967 CET	50025	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:09.599944115 CET	31952	50026	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:09.599986076 CET	50026	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:09.765049934 CET	50025	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.609194994 CET	50027	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.611480951 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.613965988 CET	31952	50027	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.614031076 CET	50027	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.616501093 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.618515968 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.619174004 CET	50027	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.619174957 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.623956919 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.624061108 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.628858089 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.630326986 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.635082006 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.635247946 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.640117884 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.640460968 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.645245075 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.645725965 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.650485992 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.650567055 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.655301094 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.655414104 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.660196066 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.660259962 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.665049076 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.665122032 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.669846058 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.670562983 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.675307989 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.675373077 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.680159092 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.680242062 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.684992075 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.685106993 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.689850092 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.689980030 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.694734097 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.694922924 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.699686050 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.699744940 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.704493999 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.704576969 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.710417032 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.710530996 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.717622995 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.717696905 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.722562075 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.722954035 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.727735996 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.727801085 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.732585907 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.734210968 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.739088058 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.739166975 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.743933916 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.744798899 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.749604940 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.749695063 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.754539967 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.754677057 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.759428024 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.759592056 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.764347076 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.767855883 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.772648096 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.776251078 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.781074047 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.795257092 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.800103903 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.800194025 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.804941893 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.805022001 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.809783936 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.809907913 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.814676046 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.814810991 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.819621086 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.819747925 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.824534893 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.824618101 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.830213070 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.830288887 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.836081028 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.836157084 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.841803074 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.841886997 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.847419977 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.847527981 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.853461027 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.853547096 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.859121084 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.859278917 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.864792109 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.868221998 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.873725891 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.873867989 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.878645897 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.878747940 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.883672953 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.883780003 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.890676975 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.890763044 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.896334887 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.896439075 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.902086020 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.902156115 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.907737970 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.907860994 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.913400888 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.913480997 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.919009924 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.919127941 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.924905062 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.925852060 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.930633068 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.930737972 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.936337948 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.939620018 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.945342064 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.945411921 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.950969934 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.951194048 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.956820011 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.958802938 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.984601021 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.990315914 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.990410089 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.990544081 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:13.996067047 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:13.996159077 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.001840115 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.001938105 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.024142027 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.029696941 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.029827118 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.056180000 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.061856985 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.062000990 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.084141016 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.105890989 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.107125044 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.107270002 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.128453016 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.152165890 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.156259060 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.156385899 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.183449984 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.188982010 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.189121962 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.216417074 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.221295118 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.221421003 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.244151115 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.266295910 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.266330957 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.266417027 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.291878939 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.314347029 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.314516068 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.342152119 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.362351894 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.362510920 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.387974977 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.410315990 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.411298037 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.435173035 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.458564997 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.458751917 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.490794897 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.500233889 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.500427961 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.524580956 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.529576063 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.529901981 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.563527107 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.568708897 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.571285963 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.603243113 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.608194113 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.608303070 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.650386095 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.650466919 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.700387955 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.700474977 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.750363111 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.750437975 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.802401066 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.802480936 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.850404978 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.850475073 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.898660898 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.898744106 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.946671009 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.946743965 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:14.994509935 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:14.994574070 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.046359062 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:15.046436071 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.073457956 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.094383955 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:15.094530106 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.122878075 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.142375946 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:15.142672062 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.169787884 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.192050934 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.194355011 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:15.194470882 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.238425970 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:15.238580942 CET	50028	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:15.260194063 CET	31952	50028	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.265777111 CET	50029	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.268002987 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.276318073 CET	31952	50029	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.276374102 CET	50029	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.278448105 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.278521061 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.279253960 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.288850069 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.288913965 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.295928001 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.295995951 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.301119089 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.301186085 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.306210995 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.306278944 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.311928988 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.312002897 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.317157984 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.317246914 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.322446108 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.322597027 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.327805996 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.327868938 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.332840919 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.332901001 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.337749958 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.337807894 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.342824936 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.342888117 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.347961903 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.348020077 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.353045940 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.353387117 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.359868050 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.372545004 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.377532959 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.377603054 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.382436037 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.382491112 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.387347937 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.387399912 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.392924070 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.392990112 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.398148060 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.398221016 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.403079987 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.403143883 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.408224106 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.408292055 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.413275957 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.413332939 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.418370962 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.418433905 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.423449039 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.423505068 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.428301096 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.428359032 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.433280945 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.433341026 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.438242912 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.438302040 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.443106890 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.443164110 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.447915077 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.447969913 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.452792883 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.452893019 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.457690001 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.457766056 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.462591887 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.462670088 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.467477083 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.467567921 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.472480059 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.472538948 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.477386951 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.477489948 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.482450008 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.482516050 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.487416983 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.487490892 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.492327929 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.492392063 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.497212887 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.497273922 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.502098083 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.502188921 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.507005930 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.507071018 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.511904001 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.511960030 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.516747952 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.516803980 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.521572113 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.521666050 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.526413918 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.526479959 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.536144018 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.536221981 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.541050911 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.541121960 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.545967102 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.546037912 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.550894022 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.550959110 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.555798054 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.555859089 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.560679913 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.560734987 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.565527916 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.565582991 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.570575953 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.570636034 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.575484037 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.575551033 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.580377102 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.580508947 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.585388899 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.585489035 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.590316057 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.590408087 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.595288038 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.595388889 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.600263119 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.600339890 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.605165958 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.605405092 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.610280037 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.610357046 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.615211964 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.615287066 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.621196985 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.621283054 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.626190901 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.632173061 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.637063026 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.644193888 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.664174080 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.669138908 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.669212103 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.671051979 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.675880909 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.680166960 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.684945107 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.692183018 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.697056055 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.700326920 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.724173069 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.729043007 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.736176014 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.756167889 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.761025906 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.768163919 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.788192987 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.793102980 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.800180912 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.820175886 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.825297117 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.832165003 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.856188059 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.861066103 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.868171930 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.888156891 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.893176079 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.896301985 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.924190998 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.929050922 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.936181068 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.960166931 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.965131998 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:19.968338013 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.992444992 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:19.997467995 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.000315905 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.038383961 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.038573980 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.064165115 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.085212946 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.090202093 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.090527058 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.116780996 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.121737003 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.121849060 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.148184061 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.153134108 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.153412104 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.182590961 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.188070059 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.188235998 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.216175079 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.221793890 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.222022057 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.248709917 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.253899097 CET	31952	50030	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:20.254159927 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:20.265085936 CET	50030	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:23.282608032 CET	50031	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:23.287466049 CET	31952	50031	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:23.287509918 CET	50031	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:24.281514883 CET	50032	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:24.281626940 CET	50033	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:24.286557913 CET	31952	50032	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:24.286573887 CET	31952	50033	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:24.286637068 CET	50033	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:24.286699057 CET	50032	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:24.402190924 CET	50032	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.324043036 CET	50034	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.329591036 CET	31952	50034	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.329699039 CET	50034	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.332703114 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.333712101 CET	50034	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.337522984 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.337598085 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.338474035 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.343246937 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.343290091 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.348088026 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.363671064 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.368457079 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.436568975 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.441504002 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.441551924 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.446369886 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.563180923 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.567929029 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.645802975 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.652020931 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.680788994 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.687800884 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.692956924 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.702357054 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.703092098 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.708025932 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.708137035 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.712955952 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.713044882 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.717909098 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.718051910 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.722946882 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.723006010 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.727787018 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.728188992 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.732963085 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.733010054 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.737823963 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.737886906 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.742666006 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.742734909 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.747492075 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.747793913 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.752599955 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.752655983 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.757761955 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.757816076 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.762672901 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.762856007 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.767676115 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.767815113 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.772633076 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.772686005 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.777538061 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.777606964 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.782429934 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.782485962 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.787276983 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.787390947 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.792217970 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.792274952 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.797096014 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.797175884 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.802000046 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.802045107 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.806824923 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.806896925 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.811667919 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.811731100 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.817029953 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.817085028 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.821907043 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.821976900 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.826795101 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.826854944 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.831657887 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.831721067 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.836570024 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.836643934 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.841547012 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.841613054 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.846362114 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.846447945 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.851330042 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.851399899 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.856324911 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.856437922 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.861221075 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.861309052 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.866190910 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.866247892 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.871180058 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.871383905 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.877973080 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.878035069 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.884416103 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.884493113 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.889254093 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.889323950 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.894202948 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.894535065 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.899558067 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.899646044 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.904439926 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.904495955 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.909370899 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.909454107 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.917768955 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.917850971 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.924324036 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.924418926 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.931050062 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.931111097 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.935950041 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.936012030 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.940833092 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.940920115 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.945887089 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.945971012 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.950793982 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.950869083 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.955761909 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.955821991 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.960736036 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.960824966 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.965769053 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.965830088 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.970660925 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.970721960 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.975554943 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.975713015 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.980576038 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.980639935 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.985861063 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.985944033 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.990773916 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.990865946 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:27.995685101 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:27.995762110 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.000576019 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.000711918 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.005532026 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.005580902 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.010415077 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.010502100 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.015337944 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.015393019 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.020121098 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.020205021 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.024981976 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.025046110 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.029885054 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.029994965 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.034790993 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.034841061 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.039644957 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.039736032 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.044509888 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.044581890 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.049361944 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.049416065 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.054222107 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.054286003 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.059144020 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.059217930 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.063980103 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.064064026 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.068864107 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.068922997 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.073724985 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.073807955 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.078632116 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.078727961 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.083548069 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.083650112 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.088514090 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.088633060 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.093754053 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.093867064 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.098680973 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.098757982 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.103544950 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.103621006 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.108454943 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.108520031 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.113312960 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.113396883 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.118220091 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.120201111 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.125001907 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.128232956 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.133101940 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.136214018 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.141207933 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.144212008 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.149118900 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.152612925 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.157640934 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.158164978 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.162996054 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.164238930 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.169008017 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.169089079 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.173913956 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.174001932 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.178808928 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.178874016 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.183819056 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.183892965 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.189033985 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.189085960 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.193896055 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.193968058 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.198774099 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.198882103 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.203720093 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.203831911 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.208630085 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.208708048 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.213551044 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.213773966 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.218575001 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.218630075 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.223424911 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.223479033 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.228322029 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.228450060 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.233259916 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.233443022 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.238250017 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.238316059 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.243160963 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.243247032 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.248162031 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.248233080 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.253056049 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.253115892 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.257924080 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.258004904 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.262847900 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.262918949 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.267744064 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.268235922 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.273106098 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.273179054 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.278042078 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.278189898 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.283114910 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.283189058 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.288124084 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.288237095 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.293149948 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.293304920 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.298151970 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.298209906 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.303072929 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.311269999 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.316243887 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.316313028 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.321173906 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.321249962 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.326123953 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.326179981 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.331033945 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.331151962 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.336044073 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.336100101 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.340903997 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.340984106 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.345844984 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.345896006 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.350769997 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.351047039 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.355839968 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.355902910 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.431606054 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.489255905 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.541285038 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.555011034 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.555080891 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.557075024 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.557164907 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.557426929 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.557595968 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.606347084 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.606446981 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.654305935 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.654534101 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.704210043 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.706368923 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.706506968 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.754393101 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.755199909 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.801515102 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.806344032 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.807435989 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.853260040 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.854330063 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.860395908 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.902328014 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.903469086 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.946607113 CET	50035	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:28.947679996 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.951499939 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:28.951652050 CET	31952	50035	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:32.953471899 CET	50036	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:32.955723047 CET	50037	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:32.958334923 CET	31952	50036	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:32.958395004 CET	50036	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:32.960488081 CET	31952	50037	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:32.960531950 CET	50037	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.969077110 CET	50039	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.969235897 CET	50040	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.969921112 CET	50041	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.971724987 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.974143028 CET	31952	50039	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.974159956 CET	31952	50040	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.974230051 CET	50039	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.974248886 CET	50040	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.974756956 CET	31952	50041	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.974879980 CET	50041	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.976552010 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.976655960 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.978719950 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.978980064 CET	50040	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.979043961 CET	50041	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.979082108 CET	50039	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.983536005 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.983691931 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.988550901 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.988689899 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.993496895 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.993587017 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:36.998461962 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:36.998550892 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.003420115 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.003616095 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.008492947 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.008583069 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.013488054 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.013566017 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.018378973 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.023945093 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.028935909 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.029117107 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.033907890 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.033971071 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.038691998 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.038829088 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.043576956 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.043642998 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.048463106 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.048585892 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.053436041 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.053529978 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.058279991 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.058413029 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.063194036 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.063261032 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.068105936 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.068480968 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.073246002 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.073368073 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.078198910 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.079334021 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.085067987 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.085166931 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.089937925 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.090008974 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.094789982 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.094950914 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.099740982 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.099849939 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.104726076 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.104834080 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.111573935 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.111690044 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.118266106 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.118402958 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.123298883 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.123424053 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.128268957 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.128395081 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.151846886 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.173682928 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.196100950 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.219244957 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.250370026 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.273396015 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.297167063 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.321156025 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.345911980 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.369549036 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.393965006 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.414186001 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414227009 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414256096 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414283991 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414316893 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414376974 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414406061 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414433002 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414442062 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.414463043 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414489985 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414518118 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414546013 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414572954 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414599895 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414633036 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414661884 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.414689064 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.438807964 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.443773031 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.444057941 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.472131014 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.477247000 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.477344990 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.503990889 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.508891106 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.509103060 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.539163113 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.544148922 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.544272900 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.571897984 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.576899052 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.578282118 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.605416059 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.610344887 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.610611916 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.630542994 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.653321981 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.658276081 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.658966064 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.680372953 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.701711893 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.702313900 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.703198910 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.724390984 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.744874954 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.749718904 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.750668049 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.771547079 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.793006897 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.794338942 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.794553041 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.817418098 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.842412949 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.842721939 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.866871119 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.894367933 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.894635916 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.935631990 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.942086935 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.944298029 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.967550039 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.973517895 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:37.973700047 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:37.998791933 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.006066084 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.006172895 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.028796911 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.047454119 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.048274994 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.086519003 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.092506886 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.092933893 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.139556885 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.139854908 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.165927887 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.186427116 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.186774969 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.209081888 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.236785889 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.238320112 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.238507986 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.263051987 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.282363892 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.282577038 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.314938068 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.319770098 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.319947004 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.347172976 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.352005959 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.352180958 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.380809069 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.385616064 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.385818005 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.414068937 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.419048071 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.419178009 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.444444895 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.462399960 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.462570906 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.488024950 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.510432959 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.510629892 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.539844036 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.558613062 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.558948994 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.583786011 CET	50042	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:38.608964920 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:38.608984947 CET	31952	50042	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:42.625376940 CET	50043	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.625776052 CET	50044	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.626089096 CET	50045	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.632168055 CET	50046	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.632621050 CET	31952	50043	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:42.632793903 CET	50043	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.633327961 CET	31952	50044	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:42.633454084 CET	50044	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.633661985 CET	31952	50045	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:42.633796930 CET	50045	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.639564991 CET	31952	50046	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:42.639899015 CET	50046	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.700155973 CET	50043	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:42.700277090 CET	50044	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.642294884 CET	50047	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.642546892 CET	50048	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.644133091 CET	50050	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.644133091 CET	50049	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.645291090 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.647197962 CET	31952	50047	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.647341013 CET	50047	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.647360086 CET	31952	50048	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.647463083 CET	50048	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.649024010 CET	31952	50050	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.649070024 CET	31952	50049	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.649163961 CET	50049	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.649163961 CET	50050	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.650111914 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.652312040 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.653038979 CET	50050	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.653115988 CET	50049	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.653208017 CET	50047	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.653337955 CET	50048	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.653338909 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.658186913 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.658303022 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.663139105 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.663235903 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.668025017 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.668108940 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.672888041 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.672964096 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.677736998 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.677815914 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.682615042 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.682698965 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.687521935 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.687617064 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.692397118 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.692455053 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.697248936 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.697302103 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.702111959 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.702162027 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.706968069 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.707021952 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.711829901 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.711875916 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.716583014 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.716633081 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.721394062 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.721434116 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.726160049 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.730381012 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.735188961 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.737730980 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.742594004 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.747493029 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.752271891 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.752321005 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.757128000 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.757181883 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.761997938 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.765688896 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.770524979 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.770589113 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.775382996 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.775451899 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.780245066 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.780298948 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.785095930 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.785151958 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.789944887 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.789992094 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.794773102 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.794827938 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.799635887 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.799686909 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.804487944 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.804553032 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.809396029 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.809443951 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.814219952 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.814273119 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.819118023 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.819185019 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.823951006 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.824003935 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.828762054 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.828826904 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.833583117 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.833631992 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.838395119 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.838442087 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.843199015 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.843252897 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.847996950 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.848047972 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.852880001 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.852935076 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.857722044 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.857799053 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.862627983 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.862674952 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.867487907 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.867532015 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.872339010 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.872380018 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.877167940 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.877228975 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.882081985 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.885313034 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.890115023 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.890165091 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.894967079 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.895011902 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.899821997 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.899873018 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.904712915 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.904759884 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.909627914 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.911385059 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.916151047 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.916202068 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.921776056 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.921885014 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.926665068 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.926711082 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.931540012 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.931595087 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.936413050 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.936460972 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.941328049 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.941370964 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.946173906 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.946219921 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.951148033 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.951201916 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.956089020 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.956172943 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.960985899 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.961051941 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.965996981 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.966046095 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.970869064 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.970963955 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.975752115 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.975810051 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.980607986 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.980653048 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.985482931 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.985539913 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.990361929 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.990422010 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:46.995389938 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:46.995443106 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.000868082 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.000917912 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.005698919 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.005752087 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.010531902 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.010579109 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.016418934 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.016469002 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.021354914 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.021709919 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.027945042 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.027993917 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.032793045 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.032857895 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.037765980 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.037815094 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.042640924 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.042701006 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.047635078 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.047694921 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.052486897 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.066322088 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.071234941 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.076543093 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.081368923 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.081424952 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.086235046 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.086296082 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.091200113 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.091260910 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.096115112 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.096164942 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.100943089 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.101000071 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.105767965 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.105818987 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.110624075 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.110671997 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.115451097 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.115494013 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.120280027 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.120333910 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.125117064 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.125155926 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.129925013 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.129971981 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.134720087 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.134763002 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.139614105 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.139663935 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.144470930 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.144522905 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.149317980 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.149364948 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.154160023 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.154203892 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.158963919 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.159010887 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.163794994 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.163840055 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.168592930 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.168632030 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.173408985 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.173455000 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.178234100 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.178275108 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.183039904 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.183082104 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.187865973 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.190968990 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.195745945 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.195794106 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.200577974 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.200628042 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.205396891 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.205461979 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.210248947 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.210333109 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.215197086 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.215277910 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.220072031 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.220127106 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.224903107 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.225877047 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.230675936 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.230756044 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.235506058 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.235569000 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.240336895 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.244163990 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.249078035 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.249222040 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.254055023 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.254131079 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.258984089 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.259067059 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.263964891 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.264034986 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.268878937 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.268963099 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.273789883 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.273844957 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.278702974 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.278759003 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.302668095 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.307465076 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.307590008 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.332978964 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.354399920 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.354636908 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.379224062 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.402374983 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.402579069 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.428410053 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.450345039 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.450460911 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.474792957 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.498357058 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.498541117 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.523983955 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.550365925 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.550525904 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.588306904 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.593194962 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.593375921 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.620716095 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.625557899 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.625636101 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.654911041 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.659739017 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.659966946 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.685609102 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.690388918 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.690480947 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.712204933 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.734328032 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.734364986 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.734734058 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.754223108 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.774925947 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.779716015 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.784369946 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.808195114 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.813143015 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.814379930 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.835356951 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.858335972 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.859606028 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.906394005 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.907367945 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.928478956 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.952228069 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.954324961 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.954643011 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.975202084 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.995444059 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:47.998353004 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:47.998584986 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.019221067 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.039071083 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.042432070 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.044358969 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.068188906 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.086354971 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.086374044 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.092619896 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.116300106 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.133936882 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.134397984 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.158540010 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.182373047 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.182507992 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.204850912 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.230420113 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.230724096 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.272768974 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.277662992 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.277837992 CET	50051	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:48.280637026 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:48.282636881 CET	31952	50051	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.297425032 CET	50052	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.297499895 CET	50053	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.299031019 CET	50055	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.299030066 CET	50054	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.299915075 CET	50056	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.302385092 CET	31952	50052	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.302411079 CET	31952	50053	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.302505016 CET	50052	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.302505016 CET	50053	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.303836107 CET	31952	50055	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.303853989 CET	31952	50054	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.303927898 CET	50055	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.303926945 CET	50054	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.304723024 CET	31952	50056	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.304790974 CET	50056	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.411287069 CET	50057	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.415529966 CET	50052	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.415537119 CET	50053	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.415597916 CET	50055	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.415641069 CET	50054	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:52.416260958 CET	31952	50057	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:52.416357994 CET	50057	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.801218987 CET	50060	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.803154945 CET	50061	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.804240942 CET	50062	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.806328058 CET	31952	50060	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.806474924 CET	50060	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.807569027 CET	50063	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.807938099 CET	50064	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.807971954 CET	31952	50061	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.808026075 CET	50061	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.809133053 CET	31952	50062	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.809215069 CET	50062	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.809871912 CET	50065	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.812376976 CET	31952	50063	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.812439919 CET	50063	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.812761068 CET	31952	50064	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.812990904 CET	50064	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.814685106 CET	31952	50065	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.814769030 CET	50065	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.819875002 CET	50062	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.820122957 CET	50061	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.820235968 CET	50060	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.838632107 CET	50063	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.838740110 CET	50064	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.840620995 CET	50066	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.841613054 CET	50067	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.845454931 CET	31952	50066	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.845530987 CET	50066	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.846425056 CET	31952	50067	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.846482992 CET	50067	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.847728968 CET	50066	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.848448038 CET	50068	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.850507975 CET	50069	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.853230953 CET	31952	50068	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.853296041 CET	50068	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.855307102 CET	31952	50069	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.855359077 CET	50069	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.865214109 CET	50070	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.867571115 CET	50069	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:56.870068073 CET	31952	50070	87.120.120.15	192.168.2.6
Jan 10, 2025 22:04:56.870141029 CET	50070	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:57.443140030 CET	50065	31952	192.168.2.6	87.120.120.15
Jan 10, 2025 22:04:57.443362951 CET	50068	31952	192.168.2.6	87.120.120.15

Target ID:	0
Start time:	16:01:05
Start date:	10/01/2025
Path:	C:\Users\user\Desktop\2XnMqJW0u1.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\2XnMqJW0u1.exe"
Imagebase:	0x8c0000
File size:	970'240 bytes
MD5 hash:	C184DC2506BAF6DB751EB377ED956D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:01:09
Start date:	10/01/2025
Path:	C:\Users\user\AppData\Local\lustring\Esher.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\2XnMqJW0u1.exe"
Imagebase:	0x720000
File size:	970'240 bytes
MD5 hash:	C184DC2506BAF6DB751EB377ED956D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: 00000002.00000002.2247241001.00000000010E0000.00000004.00001000.00020000.00000000.sdmp, Author: Sekoia.io
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:01:12
Start date:	10/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\2XnMqJW0u1.exe"
Imagebase:	0x460000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	16:01:22
Start date:	10/01/2025
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs"
Imagebase:	0x7ff689390000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	16:01:23
Start date:	10/01/2025
Path:	C:\Users\user\AppData\Local\lustring\Esher.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\lustring\Esher.exe"
Imagebase:	0x720000
File size:	970'240 bytes
MD5 hash:	C184DC2506BAF6DB751EB377ED956D80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: rat_win_xworm_v2, Description: Finds XWorm v2 samples based on characteristic strings, Source: 00000008.00000002.2399874304.0000000002030000.00000004.00001000.00020000.00000000.sdmp, Author: Sekoia.io
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	16:01:27
Start date:	10/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\lustring\Esher.exe"
Imagebase:	0x7ff66e660000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000009.00000002.2409044630.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:01:30
Start date:	10/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegSvcs.exe"
Imagebase:	0xc50000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	16:01:31
Start date:	10/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	16:04:52
Start date:	10/01/2025
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 1964
Imagebase:	0xb50000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	3.3%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	6.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	61

Executed Functions

Function 008C3B3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 008C3B68
IsDebuggerPresent.KERNEL32 ref: 008C3B7A
GetFullPathNameW.KERNEL32(00007FFF,?,?,009852F8,009852E0,?,?), ref: 008C3BEB

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

Part of subcall function 008D092D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,008C3C14,009852F8,?,?,?), ref: 008D096E

SetCurrentDirectoryW.KERNEL32(?), ref: 008C3C6F
MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00977770,00000010), ref: 008FD281
SetCurrentDirectoryW.KERNEL32(?,009852F8,?,?,?), ref: 008FD2B9
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00974260,009852F8,?,?,?), ref: 008FD33F
ShellExecuteW.SHELL32(00000000,?,?), ref: 008FD346

Part of subcall function 008C3A46: GetSysColorBrush.USER32(0000000F), ref: 008C3A50
Part of subcall function 008C3A46: LoadCursorW.USER32(00000000,00007F00), ref: 008C3A5F
Part of subcall function 008C3A46: LoadIconW.USER32(00000063), ref: 008C3A76
Part of subcall function 008C3A46: LoadIconW.USER32(000000A4), ref: 008C3A88
Part of subcall function 008C3A46: LoadIconW.USER32(000000A2), ref: 008C3A9A
Part of subcall function 008C3A46: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 008C3AC0
Part of subcall function 008C3A46: RegisterClassExW.USER32(?), ref: 008C3B16

Part of subcall function 008C39D5: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008C3A03
Part of subcall function 008C39D5: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008C3A24
Part of subcall function 008C39D5: ShowWindow.USER32(00000000,?,?), ref: 008C3A38
Part of subcall function 008C39D5: ShowWindow.USER32(00000000,?,?), ref: 008C3A41

Part of subcall function 008C434A: _memset.LIBCMT ref: 008C4370
Part of subcall function 008C434A: Shell_NotifyIconW.SHELL32(00000000,?), ref: 008C4415

Strings

This is a third-party compiled AutoIt script., xrefs: 008FD279
runas, xrefs: 008FD33A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
String ID: This is a third-party compiled AutoIt script.$runas
API String ID: 529118366-3287110873
Opcode ID: 38d488c31ca3c7537272741dd0859426df1b38b2446ea91fbf9d9d0b621e4a6e
Instruction ID: 6c3907f3e9e7f801bba31af9bba0e41c93afe7ae3cb7fc0ae474dbd421087a9a
Opcode Fuzzy Hash: 38d488c31ca3c7537272741dd0859426df1b38b2446ea91fbf9d9d0b621e4a6e
Instruction Fuzzy Hash: 2C51D431908209AACB11EBB8DC16FFD7B79FB45754F008069F521E6262DA70D64ADB22

Function 008C49A0 Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 008C49CD

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

GetCurrentProcess.KERNEL32(?,0094FAEC,00000000,00000000,?), ref: 008C4A9A
IsWow64Process.KERNEL32(00000000), ref: 008C4AA1
GetNativeSystemInfo.KERNELBASE(00000000), ref: 008C4AE7
FreeLibrary.KERNEL32(00000000), ref: 008C4AF2
GetSystemInfo.KERNEL32(00000000), ref: 008C4B23
GetSystemInfo.KERNEL32(00000000), ref: 008C4B2F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
String ID:
API String ID: 1986165174-0
Opcode ID: 3685fd750ab84fcbfc883be423591d0692158874053bf63940bdd4ee95f16039
Instruction ID: be53a261d06ae13aafe899fa6ad7f01466fd445a2d1d6c82034b3332e5ef4d2f
Opcode Fuzzy Hash: 3685fd750ab84fcbfc883be423591d0692158874053bf63940bdd4ee95f16039
Instruction Fuzzy Hash: 2091B13198D7C9DAC721DB788460AAABFF5FF2A300B48496DD1C6D7A01D230E948D759

Function 008C4E89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008C4D8E,?,?,00000000,00000000), ref: 008C4E99
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008C4D8E,?,?,00000000,00000000), ref: 008C4EB0
LoadResource.KERNEL32(?,00000000,?,?,008C4D8E,?,?,00000000,00000000,?,?,?,?,?,?,008C4E2F), ref: 008FD937
SizeofResource.KERNEL32(?,00000000,?,?,008C4D8E,?,?,00000000,00000000,?,?,?,?,?,?,008C4E2F), ref: 008FD94C
LockResource.KERNEL32(008C4D8E,?,?,008C4D8E,?,?,00000000,00000000,?,?,?,?,?,?,008C4E2F,00000000), ref: 008FD95F

Strings

SCRIPT, xrefs: 008C4EA6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: acfd5bc7a1b0e6241d779f3296659d8f540eac273f136fc8c270ea495e6c5c89
Instruction ID: 8dadec03a004fb15f2d86e2127e6b55a2781d533094a2c3cdaa15c840294fda4
Opcode Fuzzy Hash: acfd5bc7a1b0e6241d779f3296659d8f540eac273f136fc8c270ea495e6c5c89
Instruction Fuzzy Hash: F0115A75240702BFD7218BA5EC58F677BBAFBC6B21F20426CF516C6250DBB1E8409A60

Function 008CFCE0 Relevance: 5.5, APIs: 3, Instructions: 1040COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharUpper
String ID:
API String ID: 3964851224-0
Opcode ID: 3879e991f30c5fa7239adb4be07d0e6253d4e7fc27a2ad6ac68fe049763652cb
Instruction ID: bae5f55c71ae3a6345b4979a93bdc43a38b2e59e68d9b7cf3965ea901ab32e5d
Opcode Fuzzy Hash: 3879e991f30c5fa7239adb4be07d0e6253d4e7fc27a2ad6ac68fe049763652cb
Instruction Fuzzy Hash: A79216706083419FD724DF18C480B2ABBE5FB85304F148A6EE99A9B392D775EC45CF92

Function 0092445A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,008FE398), ref: 0092446A
FindFirstFileW.KERNELBASE(?,?), ref: 0092447B
FindClose.KERNEL32(00000000), ref: 0092448B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FileFind$AttributesCloseFirst
String ID:
API String ID: 48322524-0
Opcode ID: a121a1b8f60da461c23f59ad337928d478e2031b384e72f6ec14d2d7d96f0314
Instruction ID: 70adf3811301647b53d88225525f0df034c2c0fb5fc811c2c47a07f4516d5a41
Opcode Fuzzy Hash: a121a1b8f60da461c23f59ad337928d478e2031b384e72f6ec14d2d7d96f0314
Instruction Fuzzy Hash: C4E0D8374249116B46107B38FC0D8EA779C9E06379F100716F935C10E0E7B45900A5D6

Function 008CE6A0 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON

Download Yara Rule

Strings

Variable must be of type 'Object'., xrefs: 00903E62

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID: Variable must be of type 'Object'.
API String ID: 0-109567571
Opcode ID: 347b4a9263d7c7203759e4b53c058857a3dc56b6b847046e230dd7c33dcf5ffb
Instruction ID: 15fa7879acdb7a53412519f45fc596b337529d2a2eb860b060bf28389f2a9fe3
Opcode Fuzzy Hash: 347b4a9263d7c7203759e4b53c058857a3dc56b6b847046e230dd7c33dcf5ffb
Instruction Fuzzy Hash: 2CA25575A00219CFCB24CF58C480FAAB7B6FB59314F24846DE916AB391D735ED82CB91

Function 008D09D0 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008D0A5B
timeGetTime.WINMM ref: 008D0D16
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008D0E53
Sleep.KERNEL32(0000000A), ref: 008D0E61
LockWindowUpdate.USER32(00000000,?,?), ref: 008D0EFA
DestroyWindow.USER32 ref: 008D0F06
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 008D0F20
Sleep.KERNEL32(0000000A,?,?), ref: 00904E83
TranslateMessage.USER32(?), ref: 00905C60
DispatchMessageW.USER32(?), ref: 00905C6E
GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00905C82

Strings

@GUI_CTRLID, xrefs: 00904F3A
@GUI_WINHANDLE, xrefs: 00904F8F
@COM_EVENTOBJ, xrefs: 009054F0
@TRAY_ID, xrefs: 0090578F
@GUI_CTRLHANDLE, xrefs: 00904FE4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Message$PeekSleepWindow$DestroyDispatchLockTimeTranslateUpdatetime
String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
API String ID: 4212290369-3242690629
Opcode ID: 5df4e5fe9f25873e09fe225fbbf507307fa857ed94b475cac6f906c3e2bbabde
Instruction ID: 6b7c016deaa2fc1cae50d3a4a1cd63cc1f24a6b5926f04141576f364d23663ce
Opcode Fuzzy Hash: 5df4e5fe9f25873e09fe225fbbf507307fa857ed94b475cac6f906c3e2bbabde
Instruction Fuzzy Hash: 38B2BC70608741DFD724DB28C884BAAB7E5FF85304F154A1EE59AD72A1CB75E884CF82

Function 00929155 Relevance: 19.8, APIs: 13, Instructions: 322
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00928F5F: __time64.LIBCMT ref: 00928F69

Part of subcall function 008C4EE5: _fseek.LIBCMT ref: 008C4EFD

__wsplitpath.LIBCMT ref: 00929234

Part of subcall function 008E40FB: __wsplitpath_helper.LIBCMT ref: 008E413B

_wcscpy.LIBCMT ref: 00929247
_wcscat.LIBCMT ref: 0092925A
__wsplitpath.LIBCMT ref: 0092927F
_wcscat.LIBCMT ref: 00929295
_wcscat.LIBCMT ref: 009292A8

Part of subcall function 00928FA5: _memmove.LIBCMT ref: 00928FDE
Part of subcall function 00928FA5: _memmove.LIBCMT ref: 00928FED

_wcscmp.LIBCMT ref: 009291EF

Part of subcall function 00929734: _wcscmp.LIBCMT ref: 00929824
Part of subcall function 00929734: _wcscmp.LIBCMT ref: 00929837

DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00929452
_wcsncpy.LIBCMT ref: 009294C5
DeleteFileW.KERNEL32(?,?), ref: 009294FB
CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00929511
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00929522
DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00929534

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
String ID:
API String ID: 1500180987-0
Opcode ID: 071e5b249f9894630f1baa8b3ac816ec677fa69a57f6cf47ed63d0c29f7096db
Instruction ID: 906e02649745e9e45f5e897d65055c545e5193af6d00bfba29d31d0495b57fc8
Opcode Fuzzy Hash: 071e5b249f9894630f1baa8b3ac816ec677fa69a57f6cf47ed63d0c29f7096db
Instruction Fuzzy Hash: 6EC14EB1E00229AADF11DF95DC85EDEBBBDEF85310F0040AAF609E7155DB309A848F65

Function 008C301C Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 71
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 008C3074
RegisterClassExW.USER32(00000030), ref: 008C309E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008C30AF
InitCommonControlsEx.COMCTL32(?), ref: 008C30CC
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008C30DC
LoadIconW.USER32(000000A9), ref: 008C30F2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008C3101

Strings

+, xrefs: 008C305D
0, xrefs: 008C3056
AutoIt v3 GUI, xrefs: 008C3090
TaskbarCreated, xrefs: 008C30A4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: 7ffb954276b80ac760b0bdcd841925e3a32abeda15333f607d4e06e81f5472e7
Instruction ID: 81f5da0cc2e528302081505ea4f3cb98f59b2ea0022b339eea4244ef4b8ba21b
Opcode Fuzzy Hash: 7ffb954276b80ac760b0bdcd841925e3a32abeda15333f607d4e06e81f5472e7
Instruction Fuzzy Hash: 633125B5865209EFDB10CFA4E889ADABBF4FB09310F10412AE590E62A0D7B90548DF91

Function 008C3041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 008C3074
RegisterClassExW.USER32(00000030), ref: 008C309E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008C30AF
InitCommonControlsEx.COMCTL32(?), ref: 008C30CC
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008C30DC
LoadIconW.USER32(000000A9), ref: 008C30F2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008C3101

Strings

+, xrefs: 008C305D
0, xrefs: 008C3056
AutoIt v3 GUI, xrefs: 008C3090
TaskbarCreated, xrefs: 008C30A4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: b6947663df727b2a16b79f6e3fe9fe926ae0bb3c4838dca1d44242a7c3a2fb25
Instruction ID: 064096f1567a24018727077896cd0fa9c009cddb0c0dc447b333d4e1cdc8d862
Opcode Fuzzy Hash: b6947663df727b2a16b79f6e3fe9fe926ae0bb3c4838dca1d44242a7c3a2fb25
Instruction Fuzzy Hash: BC21E5B5965209AFDB00DFA4E888B9DBBF4FB09700F01412AF510E63A0D7B54548AF91

Function 008C708B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008C4706: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,009852F8,?,008C37AE,?), ref: 008C4724

Part of subcall function 008E050B: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,008C7165), ref: 008E052D

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 008C71A8
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008FE8C8
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008FE909
RegCloseKey.ADVAPI32(?), ref: 008FE947
_wcscat.LIBCMT ref: 008FE9A0

Strings

\Include\, xrefs: 008C7165
Software\AutoIt v3\AutoIt, xrefs: 008C719E
Include, xrefs: 008FE8BF, 008FE900
\, xrefs: 008FE9C3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 2673923337-2727554177
Opcode ID: a1d858546de48a17f20f2172cb8df7d9a338a7da235e13b303fd42b6372990b2
Instruction ID: e29562012781e7f6d068ec08accbb74a350c2c96724ad2359bbb7afe6d6b5981
Opcode Fuzzy Hash: a1d858546de48a17f20f2172cb8df7d9a338a7da235e13b303fd42b6372990b2
Instruction Fuzzy Hash: D57169711183059AC310EF29E841E6BBBF8FF85350F40492EF595CA2A1DB71D948DB62

Function 008C3A46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 008C3A50
LoadCursorW.USER32(00000000,00007F00), ref: 008C3A5F
LoadIconW.USER32(00000063), ref: 008C3A76
LoadIconW.USER32(000000A4), ref: 008C3A88
LoadIconW.USER32(000000A2), ref: 008C3A9A
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 008C3AC0
RegisterClassExW.USER32(?), ref: 008C3B16

Part of subcall function 008C3041: GetSysColorBrush.USER32(0000000F), ref: 008C3074
Part of subcall function 008C3041: RegisterClassExW.USER32(00000030), ref: 008C309E
Part of subcall function 008C3041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008C30AF
Part of subcall function 008C3041: InitCommonControlsEx.COMCTL32(?), ref: 008C30CC
Part of subcall function 008C3041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 008C30DC
Part of subcall function 008C3041: LoadIconW.USER32(000000A9), ref: 008C30F2
Part of subcall function 008C3041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 008C3101

Strings

#, xrefs: 008C3AFB
0, xrefs: 008C3AF4
AutoIt v3, xrefs: 008C3B05

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: 469692dc4d99e52a5a18ef7179c0547a6a251f776c0ed8b4bcd78a454bf7bb69
Instruction ID: e83c50a075ef5d7721ab0875bbabef65f7dfb66578730853efde620063ce87e7
Opcode Fuzzy Hash: 469692dc4d99e52a5a18ef7179c0547a6a251f776c0ed8b4bcd78a454bf7bb69
Instruction Fuzzy Hash: 21214D75D28709AFEB10DFA4EC09B9D7BB0FB08711F014119E510A63B1DBB55A58AF84

Function 008C3633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 008C36D2
KillTimer.USER32(?,00000001), ref: 008C36FC
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008C371F
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 008C372A
CreatePopupMenu.USER32 ref: 008C373E
PostQuitMessage.USER32(00000000), ref: 008C374D

Strings

TaskbarCreated, xrefs: 008C3725

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: df8b0a269c9a32302d8b9f253efe68ee574f29f4e4368d9a8f0fc39cf0605686
Instruction ID: 812b1f83eb35fe8f7c79e81d1386f05802edda47837c6108cefb87cbf51c190f
Opcode Fuzzy Hash: df8b0a269c9a32302d8b9f253efe68ee574f29f4e4368d9a8f0fc39cf0605686
Instruction Fuzzy Hash: 374114B2218609BBDB256F78EC09F7937B5FB10304F10412DF602D63A1DA74DA46A7A2

Function 008C3766 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 267
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

/AutoIt3ExecuteLine, xrefs: 008C38A7
/AutoIt3ExecuteScript, xrefs: 008C38BC
>>>AUTOIT NO CMDEXECUTE<<<, xrefs: 008C37AE
/AutoIt3OutputDebug, xrefs: 008C3892
CMDLINE, xrefs: 008C3822
/ErrorStdOut, xrefs: 008C387D
CMDLINERAW, xrefs: 008C37FB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW
API String ID: 1825951767-3513169116
Opcode ID: cce2603f47e853b9e1915326d614a1fb93faaef2700364f7f0bfee48757d15d7
Instruction ID: 495cfed74e6841a295dd54c9d7898acb60bb712417d7d6872fb84f703df28f15
Opcode Fuzzy Hash: cce2603f47e853b9e1915326d614a1fb93faaef2700364f7f0bfee48757d15d7
Instruction Fuzzy Hash: 10A16C7291022D9ACB14EBA8DC55FEEB778FF15300F00442DE416E7191EF709A09CB62

Function 013E45E0 Relevance: 10.7, APIs: 7, Instructions: 151
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 013E4625

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
Instruction ID: fe5d640ab602167d636ac4b9aa5a70013d4d110386c8535d8b86bc1111707c7a
Opcode Fuzzy Hash: eb584f4a57c68eb24893e8662cdde2a6850f072ba7aa360e4ef334368506de38
Instruction Fuzzy Hash: D3511675A50348FBEB20DFA4CC49FDE77B8AF4C704F108514F61AEA2C0DA7496448B60

Function 008C39D5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 008C3A03
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 008C3A24
ShowWindow.USER32(00000000,?,?), ref: 008C3A38
ShowWindow.USER32(00000000,?,?), ref: 008C3A41

Strings

edit, xrefs: 008C3A1E
AutoIt v3, xrefs: 008C39FB, 008C3A00, 008C3A01

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: a5b650f4aa7b0365c7b11e6ff0821fa356392f78a6e91b9cd1bc73989209b840
Instruction ID: 96a2f78757f4b92a0557e77a5b88f575a1eebe5dcb94f0408dbd1cdb226fc5f2
Opcode Fuzzy Hash: a5b650f4aa7b0365c7b11e6ff0821fa356392f78a6e91b9cd1bc73989209b840
Instruction Fuzzy Hash: 42F05E705656907EEA3167236C1CE3B3E7DD7C7F50F02002EB910A2270CA750804EBB0

Function 008C407C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008FD3D7

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

_memset.LIBCMT ref: 008C40FC
_wcscpy.LIBCMT ref: 008C4150
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008C4160

Strings

Line: , xrefs: 008FD400

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
String ID: Line:
API String ID: 3942752672-1585850449
Opcode ID: c15561c291d024fd9d8ff9c83602bde27e69f8c0d12f5b5d81e6d488dc7b1c26
Instruction ID: 381c67fcc2889c0905ccf4c1d1883fb24b758b5a66529dca6cefe8bb913a7984
Opcode Fuzzy Hash: c15561c291d024fd9d8ff9c83602bde27e69f8c0d12f5b5d81e6d488dc7b1c26
Instruction Fuzzy Hash: 7831AC71008709AAD361EB68DC46FEB77E8FB44314F10451EB695D21A1EF70E688CB83

Function 008E541D Relevance: 7.7, APIs: 5, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 008E547B
_memcpy_s.LIBCMT ref: 008E54ED
__read_nolock.LIBCMT ref: 008E554B
__filbuf.LIBCMT ref: 008E556E
_memset.LIBCMT ref: 008E55B2

Part of subcall function 008E8B28: __getptd_noexit.LIBCMT ref: 008E8B28

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
String ID:
API String ID: 1559183368-0
Opcode ID: dfdd2df0ab245b9716d30a375d324e0946404ce6e082d96a71c3349c3dbc91e5
Instruction ID: 7c7d68807bb56bc810b881bf9b2743d6566589af342ce8f16627170cc506c666
Opcode Fuzzy Hash: dfdd2df0ab245b9716d30a375d324e0946404ce6e082d96a71c3349c3dbc91e5
Instruction Fuzzy Hash: 87519470A00B89DBDB248E6AD84056E77A6FF4232DF248729F835D62D1D770DD508B45

Function 008C686A Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008C4DDD: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,009852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 008C4E0F

_free.LIBCMT ref: 008FE263
_free.LIBCMT ref: 008FE2AA

Part of subcall function 008C6A8C: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 008C6BAD

Strings

>>>AUTOIT SCRIPT<<<, xrefs: 008FE039
Bad directive syntax error, xrefs: 008FE292

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _free$CurrentDirectoryLibraryLoad
String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
API String ID: 2861923089-1757145024
Opcode ID: 2cc4201d27fd4762a82c557f02249a91e34f160d46e97540b1511348a805822a
Instruction ID: f1572b9cc229f2f555b5594fe4e3be9f77d358178018fabbc04da5827284ea98
Opcode Fuzzy Hash: 2cc4201d27fd4762a82c557f02249a91e34f160d46e97540b1511348a805822a
Instruction Fuzzy Hash: 3E915E7190021DAFCF04EFA8DC91AEDB7B8FF45314B10442AF916EB2A1EB70A955CB51

Function 013E6070 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142fileCOMMON

Download Yara Rule

APIs

Part of subcall function 013E5F60: Sleep.KERNELBASE(000001F4), ref: 013E5F71

CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 013E616E

Strings

H1NZ0MUFTEXGSO, xrefs: 013E61EE, 013E61F1

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateFileSleep
String ID: H1NZ0MUFTEXGSO
API String ID: 2694422964-1280437547
Opcode ID: 2c407be3633c0551151e4f14ddba50ab304419d3189458e7be86c0a5a73f383f
Instruction ID: ed0d4c4843b7fe54f79ae5bd24fb3a1e99a621255f847f5631a0999ae46bcc27
Opcode Fuzzy Hash: 2c407be3633c0551151e4f14ddba50ab304419d3189458e7be86c0a5a73f383f
Instruction Fuzzy Hash: 7C519071D0425DDBEF11DBA4C819BEFBBB8AF14304F004198E608BB2C0DB795A49CBA5

Function 008C35B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,008C35A1,SwapMouseButtons,00000004,?), ref: 008C35D4
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,008C35A1,SwapMouseButtons,00000004,?,?,?,?,008C2754), ref: 008C35F5
RegCloseKey.KERNELBASE(00000000,?,?,008C35A1,SwapMouseButtons,00000004,?,?,?,?,008C2754), ref: 008C3617

Strings

Control Panel\Mouse, xrefs: 008C35D2

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: cfc0f997f4075ae519c686bdd3df8bd78157e4551f2a44bad1300e09d87a348a
Instruction ID: cc9cf4d5bed5ad9623a06a8c6f662e89926a96bea3868cc66d3c214861430719
Opcode Fuzzy Hash: cfc0f997f4075ae519c686bdd3df8bd78157e4551f2a44bad1300e09d87a348a
Instruction Fuzzy Hash: DD114575614208BFDB218FA4DC80EAEBBB8FF55740F018469E805E7210E272DE41ABA0

Function 0092955B Relevance: 6.2, APIs: 4, Instructions: 155COMMON

Download Yara Rule

APIs

Part of subcall function 008C4EE5: _fseek.LIBCMT ref: 008C4EFD

Part of subcall function 00929734: _wcscmp.LIBCMT ref: 00929824
Part of subcall function 00929734: _wcscmp.LIBCMT ref: 00929837

_free.LIBCMT ref: 009296A2
_free.LIBCMT ref: 009296A9
_free.LIBCMT ref: 00929714

Part of subcall function 008E2D55: RtlFreeHeap.NTDLL(00000000,00000000,?,008E9A24), ref: 008E2D69
Part of subcall function 008E2D55: GetLastError.KERNEL32(00000000,?,008E9A24), ref: 008E2D7B

_free.LIBCMT ref: 0092971C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
String ID:
API String ID: 1552873950-0
Opcode ID: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
Instruction ID: ca17734ed759dcdde80ae707d9516abd87bcab9e5cab3429cf9d9b6c0784d5f9
Opcode Fuzzy Hash: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
Instruction Fuzzy Hash: 4B514EB1D14268ABDF249F69DC81A9EBBB9FF48300F10049EF609A3241DB715A90CF59

Function 008E470A Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 008E47A0
__flush.LIBCMT ref: 008E47C0
__write.LIBCMT ref: 008E47F3
__flsbuf.LIBCMT ref: 008E4821

Part of subcall function 008E8B28: __getptd_noexit.LIBCMT ref: 008E8B28

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
Instruction ID: 711a93962c10390202bd131e6c218895d18f6d1a0d0fabfb46ebad1e02ea8426
Opcode Fuzzy Hash: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
Instruction Fuzzy Hash: EE418375A0079A9BDB188EABCC809AE77A6FF87364F24957DE81DC7640D770DD408B80

Function 008C44A0 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 008C44CF

Part of subcall function 008C407C: _memset.LIBCMT ref: 008C40FC
Part of subcall function 008C407C: _wcscpy.LIBCMT ref: 008C4150
Part of subcall function 008C407C: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008C4160

KillTimer.USER32(?,00000001,?,?), ref: 008C4524
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008C4533
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008FD4B9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
String ID:
API String ID: 1378193009-0
Opcode ID: 409ceb3d507143a30ba7439e1aaa5086db39d88cb9f57d01069ae7792c18df48
Instruction ID: e2ccc36f2d9d18b7615fe5e466758a3b83bbc2a9c3224e0f7f35a782fdd0002b
Opcode Fuzzy Hash: 409ceb3d507143a30ba7439e1aaa5086db39d88cb9f57d01069ae7792c18df48
Instruction Fuzzy Hash: BD21F5749087889FE7328B348865FF6BBECFB12308F04109DE79AD6241C7746984DB55

Function 008C7285 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 008FEA39
GetOpenFileNameW.COMDLG32(?), ref: 008FEA83

Part of subcall function 008C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008C4743,?,?,008C37AE,?), ref: 008C4770

Part of subcall function 008E0791: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008E07B0

Strings

X, xrefs: 008FEA51

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen_memset
String ID: X
API String ID: 3777226403-3081909835
Opcode ID: e35964a23c57a457a480528e9349698a422b9ce62571b9ad01d98b27e45f2034
Instruction ID: 5f6cb78fd26ac46fc6e1c87fed53f7c57577b906267523d1adb6ced1538e2793
Opcode Fuzzy Hash: e35964a23c57a457a480528e9349698a422b9ce62571b9ad01d98b27e45f2034
Instruction Fuzzy Hash: 99219F71A1425C9BCB119B98C845BEE7BF8FF49314F008019E508EB241DBB499898FA2

Function 00928D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00928DAC
__fread_nolock.LIBCMT ref: 00928DC1

Strings

EA06, xrefs: 00928DF3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __fread_nolock_memmove
String ID: EA06
API String ID: 1988441806-3962188686
Opcode ID: 7f15bf8b58056a9b84ffdb5c9d8cf02db063beed0e95740305dc9867b227820a
Instruction ID: 5b7a49c44ab7c21f182eb51288593665d0afc5c152318e70c00ee51c63c0b75d
Opcode Fuzzy Hash: 7f15bf8b58056a9b84ffdb5c9d8cf02db063beed0e95740305dc9867b227820a
Instruction Fuzzy Hash: C201F9729042587EDB18CAA9C816EFE7BFCDB11311F00459AF552D61C1E874A6088B60

Function 013E4CC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000), ref: 013E4D05
ExitProcess.KERNEL32(00000000), ref: 013E4D24

Strings

D, xrefs: 013E4CD1

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$CreateExit
String ID: D
API String ID: 126409537-2746444292
Opcode ID: 107eb1cf29a6b6651620623ade647468eaff304108e4c4019dc24045849d9433
Instruction ID: 8c85b18355b9398cf2abaa7dd7f1dff8de1c13149aa2cc2bbbad0a625a31f54d
Opcode Fuzzy Hash: 107eb1cf29a6b6651620623ade647468eaff304108e4c4019dc24045849d9433
Instruction Fuzzy Hash: 5DF0FFB154425CABDB60DFE4CD49FEE77BCBF08705F008508FB0ADA180DA7496088B61

Function 009298E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 009298F8
GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 0092990F

Strings

aut, xrefs: 00929909

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: 767e9fe891648119f206e90acbe06a96098d1820a64c2505ecfc88cd23492bdb
Instruction ID: bca97c704a8bbff17d798772ae7f57f6e7de4a9e6d320f3ad230c1534ea03368
Opcode Fuzzy Hash: 767e9fe891648119f206e90acbe06a96098d1820a64c2505ecfc88cd23492bdb
Instruction Fuzzy Hash: B3D05E7A58430EABDB60DBA0DC0EFDA773CE744704F0042B1BA64910A1EAB095989B91

Function 0093CADD Relevance: 4.9, APIs: 3, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c82d759a9c857774c40aa62a2cb0eac387ad101f74d9b09e425d6b25faac9c01
Instruction ID: 8a7b2297bff8753f0d4147e9faa550e8f057227ceada2da8e88c51e31a47ba82
Opcode Fuzzy Hash: c82d759a9c857774c40aa62a2cb0eac387ad101f74d9b09e425d6b25faac9c01
Instruction Fuzzy Hash: 4DF138B56087019FCB14DF28C484A6ABBE5FF89314F14896EF8A99B351D730E945CF82

Function 008CF76F Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON

Download Yara Rule

APIs

Part of subcall function 008E0162: MapVirtualKeyW.USER32(0000005B,00000000), ref: 008E0193
Part of subcall function 008E0162: MapVirtualKeyW.USER32(00000010,00000000), ref: 008E019B
Part of subcall function 008E0162: MapVirtualKeyW.USER32(000000A0,00000000), ref: 008E01A6
Part of subcall function 008E0162: MapVirtualKeyW.USER32(000000A1,00000000), ref: 008E01B1
Part of subcall function 008E0162: MapVirtualKeyW.USER32(00000011,00000000), ref: 008E01B9
Part of subcall function 008E0162: MapVirtualKeyW.USER32(00000012,00000000), ref: 008E01C1

Part of subcall function 008D60F9: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,008CF930), ref: 008D6154

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 008CF9CD
OleInitialize.OLE32(00000000), ref: 008CFA4A
CloseHandle.KERNEL32(00000000), ref: 009045C8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
String ID:
API String ID: 1986988660-0
Opcode ID: 9156d2bbf2673904ca59c53badf808ac208849523c8d56d22bc60e0fb09a4a6c
Instruction ID: b31459098614527f7887f1808827173f33eacc23dac237f539f8ff1c0a0cec16
Opcode Fuzzy Hash: 9156d2bbf2673904ca59c53badf808ac208849523c8d56d22bc60e0fb09a4a6c
Instruction Fuzzy Hash: 06819CB4929B40CFC394EF79A844A197BE5FB58306752812EE019CB372EB70448CAF11

Function 008C434A Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 008C4370
Shell_NotifyIconW.SHELL32(00000000,?), ref: 008C4415
Shell_NotifyIconW.SHELL32(00000001,?), ref: 008C4432

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: IconNotifyShell_$_memset
String ID:
API String ID: 1505330794-0
Opcode ID: f71cc86ab6bf6040a914ba58978301f611c8d571cb8d37d940c9c626ffdb2826
Instruction ID: 0c1205a7b9cf5d953a3c002965be78222743dab4985238298d223ac31349474f
Opcode Fuzzy Hash: f71cc86ab6bf6040a914ba58978301f611c8d571cb8d37d940c9c626ffdb2826
Instruction Fuzzy Hash: 323161705197019FD721DF34D894B9BBBF8FB59309F00092EE69AC2351D771A988CB52

Function 008E571C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 008E5733

Part of subcall function 008EA16B: __NMSG_WRITE.LIBCMT ref: 008EA192
Part of subcall function 008EA16B: __NMSG_WRITE.LIBCMT ref: 008EA19C

__NMSG_WRITE.LIBCMT ref: 008E573A

Part of subcall function 008EA1C8: GetModuleFileNameW.KERNEL32(00000000,009833BA,00000104,?,00000001,00000000), ref: 008EA25A
Part of subcall function 008EA1C8: ___crtMessageBoxW.LIBCMT ref: 008EA308

Part of subcall function 008E309F: ___crtCorExitProcess.LIBCMT ref: 008E30A5
Part of subcall function 008E309F: ExitProcess.KERNEL32 ref: 008E30AE

Part of subcall function 008E8B28: __getptd_noexit.LIBCMT ref: 008E8B28

RtlAllocateHeap.NTDLL(01170000,00000000,00000001,00000000,?,?,?,008E0DD3,?), ref: 008E575F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
String ID:
API String ID: 1372826849-0
Opcode ID: 162eaee51fba8bc12d9dc77cdd58fdb364cc7fa2fb92c4fee7d87d94fbf1555b
Instruction ID: e2dd075fed039ab89905f357eb46ccd55eb9d083d22088e007cbea35068b66e4
Opcode Fuzzy Hash: 162eaee51fba8bc12d9dc77cdd58fdb364cc7fa2fb92c4fee7d87d94fbf1555b
Instruction Fuzzy Hash: FF01F135204B92EAD614277FEC92A2E7788FF83B69F510425F419EB282DE70DC005762

Function 009298A2 Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00929548,?,?,?,?,?,00000004), ref: 009298BB
SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00929548,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 009298D1
CloseHandle.KERNEL32(00000000,?,00929548,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 009298D8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: File$CloseCreateHandleTime
String ID:
API String ID: 3397143404-0
Opcode ID: 0f5b34ff0b2dd156573da0cd545ced07901f1aa29ed539684c3807bf514f1999
Instruction ID: cfa66c071f14a28b988d19cc1abeacf82fea022da2d4edf353c2a77e07252085
Opcode Fuzzy Hash: 0f5b34ff0b2dd156573da0cd545ced07901f1aa29ed539684c3807bf514f1999
Instruction Fuzzy Hash: 8BE08636154225BBD7212F64EC09FCA7B59AB0BB60F144120FB14690E087B12511A798

Function 00928D0D Relevance: 4.5, APIs: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00928D1B

Part of subcall function 008E2D55: RtlFreeHeap.NTDLL(00000000,00000000,?,008E9A24), ref: 008E2D69
Part of subcall function 008E2D55: GetLastError.KERNEL32(00000000,?,008E9A24), ref: 008E2D7B

_free.LIBCMT ref: 00928D2C
_free.LIBCMT ref: 00928D3E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
Instruction ID: 6c8bb1ac8a37d9422b91dcf60abc7b40d0581d448899eee4a5c5e165ca4c10ef
Opcode Fuzzy Hash: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
Instruction Fuzzy Hash: 92E012A174365586CB24A57DBD40B9313DC9F59352714091DB50DD71CACE64F8468524

Function 008CA9C3 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

CALL, xrefs: 008FFC01

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID: CALL
API String ID: 0-4196123274
Opcode ID: dca248a56b2b3aff2b9b5df2f6644636454929b5c11197eeeea91f53e491d2d3
Instruction ID: 70949313f0ee6feeecac0fbde75552b8befaa8102807282cf5be56a88320cc9d
Opcode Fuzzy Hash: dca248a56b2b3aff2b9b5df2f6644636454929b5c11197eeeea91f53e491d2d3
Instruction Fuzzy Hash: C2222570508249DFC728DF24C495F6ABBF1FF85318F14896DE98A9B262D731E845CB82

Function 008C4C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 008C4CBA

Strings

EA06, xrefs: 008FD8CC

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove
String ID: EA06
API String ID: 4104443479-3962188686
Opcode ID: 17f9a0c0d5a08497188957c7a3d23856b0ccc3a88993cee8649515473c6ef93f
Instruction ID: 502f041088e34bd8d981c09f19dda0353f9b989431bb7f3d61c4423578b6ebb1
Opcode Fuzzy Hash: 17f9a0c0d5a08497188957c7a3d23856b0ccc3a88993cee8649515473c6ef93f
Instruction Fuzzy Hash: 5E412A21A0415C57DF216B689871FBE7BB2FB45314F28646DEE83DA282D634DDC483A2

Function 008C47D0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 008C4834

Part of subcall function 008E336C: __lock.LIBCMT ref: 008E3372
Part of subcall function 008E336C: DecodePointer.KERNEL32(00000001,?,008C4849,00917C74), ref: 008E337E
Part of subcall function 008E336C: EncodePointer.KERNEL32(?,?,008C4849,00917C74), ref: 008E3389

Part of subcall function 008C48FD: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 008C4915
Part of subcall function 008C48FD: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 008C492A

Part of subcall function 008C3B3A: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 008C3B68
Part of subcall function 008C3B3A: IsDebuggerPresent.KERNEL32 ref: 008C3B7A
Part of subcall function 008C3B3A: GetFullPathNameW.KERNEL32(00007FFF,?,?,009852F8,009852E0,?,?), ref: 008C3BEB
Part of subcall function 008C3B3A: SetCurrentDirectoryW.KERNEL32(?), ref: 008C3C6F

SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 008C4874

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
String ID:
API String ID: 1438897964-0
Opcode ID: ee0d056a8433242bdd5d5bb28bde37b3d9ebc1b655a4bcb61263e5cd0866956a
Instruction ID: 39a51b5106d6a2796276f791e6ddc2990aa30a31949a2881b85fabc5add1affe
Opcode Fuzzy Hash: ee0d056a8433242bdd5d5bb28bde37b3d9ebc1b655a4bcb61263e5cd0866956a
Instruction Fuzzy Hash: F21158719183459BC700DF29E809A0ABBE8FB95750F10452EF091973B1DB709A49DB92

Function 008E0DB6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008E571C: __FF_MSGBANNER.LIBCMT ref: 008E5733
Part of subcall function 008E571C: __NMSG_WRITE.LIBCMT ref: 008E573A
Part of subcall function 008E571C: RtlAllocateHeap.NTDLL(01170000,00000000,00000001,00000000,?,?,?,008E0DD3,?), ref: 008E575F

std::exception::exception.LIBCMT ref: 008E0DEC
__CxxThrowException@8.LIBCMT ref: 008E0E01

Part of subcall function 008E859B: RaiseException.KERNEL32(?,?,?,00979E78,00000000,?,?,?,?,008E0E06,?,00979E78,?,00000001), ref: 008E85F0

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
String ID:
API String ID: 3902256705-0
Opcode ID: b46238e3630274d1d26fb32a9929b280cfb2d76619b2fa3b46536675287d8d1d
Instruction ID: 619a4048c0f68ed3d8bb6df21352f0723dfa1e369910d1d58bb736f1f07f65e9
Opcode Fuzzy Hash: b46238e3630274d1d26fb32a9929b280cfb2d76619b2fa3b46536675287d8d1d
Instruction Fuzzy Hash: A7F0D13150435EA6CB20EB9AEC059DE77ACFF03315F100925FD08E6281DFB09A848A92

Function 008E55FD Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 008E562C
__lock_file.LIBCMT ref: 008E564D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __lock_file_memset
String ID:
API String ID: 26237723-0
Opcode ID: 897c14ac72aca8f399ef108c214db29b19a81d21d38146de968b1b9422f4ee84
Instruction ID: c210ac9499120daba25d61ffb2ffeda8ae25fb5038100f838afe0a4214ae1556
Opcode Fuzzy Hash: 897c14ac72aca8f399ef108c214db29b19a81d21d38146de968b1b9422f4ee84
Instruction Fuzzy Hash: A5018871C00688EBCF11AF6EDC0649E7B61FFA3365F544115B418D61A1DB318951DF52

Function 008E53A6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 008E8B28: __getptd_noexit.LIBCMT ref: 008E8B28

__lock_file.LIBCMT ref: 008E53EB

Part of subcall function 008E6C11: __lock.LIBCMT ref: 008E6C34

__fclose_nolock.LIBCMT ref: 008E53F6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: 334833575934e8353a8fc166e783c8d97df76a5e9c8da38ba08ad66144ce083b
Instruction ID: f51d9e779fd705e665a23ff2432e53842ce978b7ecd50c7ad177726e3faada4f
Opcode Fuzzy Hash: 334833575934e8353a8fc166e783c8d97df76a5e9c8da38ba08ad66144ce083b
Instruction Fuzzy Hash: A3F09671900A84DAD7107B6B98057AD7BA0FF4337DF208109A428EB2C1CFBC49415B53

Function 013E4D30 Relevance: 1.7, APIs: 1, Instructions: 157COMMON

Download Yara Rule

APIs

Part of subcall function 013E45A0: GetFileAttributesW.KERNELBASE(?), ref: 013E45AB

CreateDirectoryW.KERNELBASE(?,00000000), ref: 013E4E5F

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: AttributesCreateDirectoryFile
String ID:
API String ID: 3401506121-0
Opcode ID: a76c4a8ecd04250fb73fa75b22c06d965689f221495fff0bdab0eb0c2e5d9daa
Instruction ID: 61674ab33cce87bc26a2a46ebd517c4fd93ba172494b9515263ef49136f7db23
Opcode Fuzzy Hash: a76c4a8ecd04250fb73fa75b22c06d965689f221495fff0bdab0eb0c2e5d9daa
Instruction Fuzzy Hash: 9251B731A1021D96EF14EFB4D948BEF7379EF58700F0045A9A609E71C0EB79AB09CB55

Function 008E0C08 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 008E0CB7

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: 26772ac2aea0f3f4a21d86b305f4d56f170a1b1d02040a54fb4d6332494b3ac2
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: 3431D270A001499BC718DF5AC484A69F7A6FB5A300B748BA5E80ACB355D7B1EEC1DFC1

Function 008FFCAC Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 008FFCB7

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: dda82e11ecab57350e020622e0f71d9e0e6d1247ba562a6f7931b8a50269b95c
Instruction ID: 39a64dd3df410e8f420f6ef1cebc293cb90ab8a8a703a8f1cc6f8e44811e7a67
Opcode Fuzzy Hash: dda82e11ecab57350e020622e0f71d9e0e6d1247ba562a6f7931b8a50269b95c
Instruction Fuzzy Hash: A041E3745043458FDB24DF28C448F1ABBE0FF45318F0988ACE99A8B762C772E845CB52

Function 008C784B Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 008C7899

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: debd4a192cd98d234165f3013593147144481ea24bfc443804d127757904428b
Instruction ID: c2fd416d79958b645883049b5d2d4a654806d3a8f1b2d688853e2b1982d08eff
Opcode Fuzzy Hash: debd4a192cd98d234165f3013593147144481ea24bfc443804d127757904428b
Instruction Fuzzy Hash: 8211C031208209ABD714DF2CD885E6AB7B9FF45324724812EEA09CB290DB32EC01CB95

Function 008C4DDD Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 008C4BB5: FreeLibrary.KERNEL32(00000000,?), ref: 008C4BEF

Part of subcall function 008E525B: __wfsopen.LIBCMT ref: 008E5266

LoadLibraryExW.KERNEL32(?,00000000,00000002,?,009852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 008C4E0F

Part of subcall function 008C4B6A: FreeLibrary.KERNEL32(00000000), ref: 008C4BA4

Part of subcall function 008C4C70: _memmove.LIBCMT ref: 008C4CBA

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Library$Free$Load__wfsopen_memmove
String ID:
API String ID: 1396898556-0
Opcode ID: 12450fcd2a1191a1732378e8792a19067217cb71a5c9081808e3812a805d945e
Instruction ID: 1ca7ec57b748236eda559cf52306bb605160d29e424771b392dfe0db49b18818
Opcode Fuzzy Hash: 12450fcd2a1191a1732378e8792a19067217cb71a5c9081808e3812a805d945e
Instruction Fuzzy Hash: 5A11C431610209ABCF14AFB8C826FAD77B5FF44764F10982DFA41E7181DA71D9409752

Function 008FFD85 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 008FFD91

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 147f5f1a67a552a16e7819e5fb40531189a1f665e0c0b05b6a8fd9cf0d520f61
Instruction ID: ec6df2c522ad72d80b7e1dfab4dc54ddf24cd635cfce272c4ccebefa055259b2
Opcode Fuzzy Hash: 147f5f1a67a552a16e7819e5fb40531189a1f665e0c0b05b6a8fd9cf0d520f61
Instruction Fuzzy Hash: EF21EEB49083459FCB18DB24C444F1ABBE0FF89318F05896CE98A97662D731E805CB92

Function 008E4863 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 008E48A6

Part of subcall function 008E8B28: __getptd_noexit.LIBCMT ref: 008E8B28

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __getptd_noexit__lock_file
String ID:
API String ID: 2597487223-0
Opcode ID: 7487a56a62fc9cb7d931aa74256a0d83657d527ebc9c8693ee299abb24bc724b
Instruction ID: b0f1ec74031146f9281b49410e325f37b74c9d3ef1f15f56d90829f043f452ca
Opcode Fuzzy Hash: 7487a56a62fc9cb7d931aa74256a0d83657d527ebc9c8693ee299abb24bc724b
Instruction Fuzzy Hash: 96F0A431900699EBDF11AFAA8C0579E36A1FF03325F159424F41CD6192DB788951DB52

Function 008C4E4A Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,009852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 008C4E7E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 47c43574996959b277b136748a143ea4fd64ce6c6315dffe8c0351df0f0940df
Instruction ID: 3a3994966561110a1bac36a635331f7f0197bc774536ccff3400bbf1da8ebaa6
Opcode Fuzzy Hash: 47c43574996959b277b136748a143ea4fd64ce6c6315dffe8c0351df0f0940df
Instruction Fuzzy Hash: 5FF0F271505716CFCB349F64E8A4D52BBF1FB153393219A2EE19A82620C732E880DB40

Function 008E0791 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 008E07B0

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LongNamePath_memmove
String ID:
API String ID: 2514874351-0
Opcode ID: 148e3bd7a4c9d8ca1511ddab430751c03cc4b95576889f31f4b1bee5f43b1232
Instruction ID: eeaf20d0b61b18bd2106c481af2c72d02a786c50e496a3137135a0e2380dca8b
Opcode Fuzzy Hash: 148e3bd7a4c9d8ca1511ddab430751c03cc4b95576889f31f4b1bee5f43b1232
Instruction Fuzzy Hash: CBE08636A051285BC720966C9C05FEA77ADEB897A0F0441B5FD08D7204D9A1AC9086D1

Function 00928E9F Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00928EC1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 36e66934677415102e9643fee0822ecf6e22e0db5db5ed1a6e3653ba213ae753
Instruction ID: f9c3d126f0c15cb7bba92c67188adc6257916b57854368289d835588c29f1cfc
Opcode Fuzzy Hash: 36e66934677415102e9643fee0822ecf6e22e0db5db5ed1a6e3653ba213ae753
Instruction Fuzzy Hash: 81E092B0104B105BD7389A24D801BA373E5FB06304F00081DF2AAC3241EF6278418759

Function 013E45A0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?), ref: 013E45AB

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
Instruction ID: 3f0f8f2b396383cba72727b2b23564165e87da501527aa77f5c8450371fcae65
Opcode Fuzzy Hash: 195c23eedc4a89e51baf60bc3cc3d10d01908f8b29aed20e491e172ce03d4d2a
Instruction Fuzzy Hash: BFE08C30A0531CEBDB25CAE88C08AA977E8D708324F008B54E906C3AC0D5308A449A14

Function 013E4570 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?), ref: 013E457B

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
Instruction ID: a1fb60b9714f315da519cf604e0ae16b29949d81dba6c75655069e6b6cc57104
Opcode Fuzzy Hash: 63700976fb5b8646ca9f82f7877e0f33cef2a649cb81b4b88ad66ba6039b9afc
Instruction Fuzzy Hash: 96D05E3090530CEBCB10CAA898089DA73EC970C324F004B64F915C36C0D53199409650

Function 008E525B Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 008E5266

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction ID: 55efde0e6157d92c34e26b883d3877cf6363e8fc8f46e055f31ff3497b989278
Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction Fuzzy Hash: E0B0927644020C77CE012A86EC02A493B1AAB42B68F408020FF0C1C162A673A6649A8A

Function 013E5F5C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000001F4), ref: 013E5F71

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
Instruction ID: a5432b74875c7b8e6c5504ff20e9c23be353d72940693baa711b53612a474728
Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
Instruction Fuzzy Hash: 69E0BF7494420DEFDB00EFA4D54D6DE7BB4EF04301F1006A1FD05D7681DB309E648A62

Function 013E5F60 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000001F4), ref: 013E5F71

Memory Dump Source

Source File: 00000000.00000002.2212081241.00000000013E3000.00000040.00000020.00020000.00000000.sdmp, Offset: 013E3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_13e3000_2XnMqJW0u1.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction ID: b04d4034e0ec402a54dc8b093ddbf583f4cfd9357314aea1130fbbd6e6cc33d8
Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
Instruction Fuzzy Hash: 75E0BF7494420DDFDB00EFA4D54969E7BB4EF04301F100261FD0192281D63099608A62

Non-executed Functions

Function 0094CABC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 632windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0094CB37
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0094CB95
GetWindowLongW.USER32(?,000000F0), ref: 0094CBD6
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0094CC00
SendMessageW.USER32 ref: 0094CC29
_wcsncpy.LIBCMT ref: 0094CC95
GetKeyState.USER32(00000011), ref: 0094CCB6
GetKeyState.USER32(00000009), ref: 0094CCC3
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0094CCD9
GetKeyState.USER32(00000010), ref: 0094CCE3
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0094CD0C
SendMessageW.USER32 ref: 0094CD33
SendMessageW.USER32(?,00001030,?,0094B348), ref: 0094CE37
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0094CE4D
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0094CE60
SetCapture.USER32(?), ref: 0094CE69
ClientToScreen.USER32(?,?), ref: 0094CECE
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0094CEDB
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0094CEF5
ReleaseCapture.USER32 ref: 0094CF00
GetCursorPos.USER32(?), ref: 0094CF3A
ScreenToClient.USER32(?,?), ref: 0094CF47
SendMessageW.USER32(?,00001012,00000000,?), ref: 0094CFA3
SendMessageW.USER32 ref: 0094CFD1
SendMessageW.USER32(?,00001111,00000000,?), ref: 0094D00E
SendMessageW.USER32 ref: 0094D03D
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0094D05E
SendMessageW.USER32(?,0000110B,00000009,?), ref: 0094D06D
GetCursorPos.USER32(?), ref: 0094D08D
ScreenToClient.USER32(?,?), ref: 0094D09A
GetParent.USER32(?), ref: 0094D0BA
SendMessageW.USER32(?,00001012,00000000,?), ref: 0094D123
SendMessageW.USER32 ref: 0094D154
ClientToScreen.USER32(?,?), ref: 0094D1B2
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0094D1E2
SendMessageW.USER32(?,00001111,00000000,?), ref: 0094D20C
SendMessageW.USER32 ref: 0094D22F
ClientToScreen.USER32(?,?), ref: 0094D281
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0094D2B5

Part of subcall function 008C25DB: GetWindowLongW.USER32(?,000000EB), ref: 008C25EC

GetWindowLongW.USER32(?,000000F0), ref: 0094D351

Strings

F, xrefs: 0094D235
@GUI_DRAGID, xrefs: 0094CE9C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
String ID: @GUI_DRAGID$F
API String ID: 3977979337-4164748364
Opcode ID: a6026a77cc65425b81705adc568d6651c28e4871ab69329157352dadf7c886b9
Instruction ID: ae1f24c4d9a5c7b23d7f523fe7fbbd25be628a007a96ffabf954293f4b743865
Opcode Fuzzy Hash: a6026a77cc65425b81705adc568d6651c28e4871ab69329157352dadf7c886b9
Instruction Fuzzy Hash: 9A428CB820A241AFD724CF28D889EAABBE9FF49314F140919F595D72B0C731D854EB52

Function 00947DDB Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000400,00000000,00000000), ref: 009484D0

Strings

%d/%02d/%02d, xrefs: 00948209

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend
String ID: %d/%02d/%02d
API String ID: 3850602802-328681919
Opcode ID: 690e0c6929590392028d59c8315781705df5812fb50af554e4ae0a47f8644f59
Instruction ID: c5c16344f49c81a6a2c1247d8aa842686541a16a04b0a120fb4cd9b6c0a9e0f1
Opcode Fuzzy Hash: 690e0c6929590392028d59c8315781705df5812fb50af554e4ae0a47f8644f59
Instruction Fuzzy Hash: 0B12F17161420AABEB248F68CC49FAF7BF8FF46350F104569F915EA2E1DBB48941DB10

Function 008D6F9E Relevance: 48.8, APIs: 19, Strings: 6, Instructions: 5018COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 008D71C3
_memset.LIBCMT ref: 008D7539
_memmove.LIBCMT ref: 008D76AC

Strings

\b(?=\w), xrefs: 00913769
[:>:]], xrefs: 008D7492
\b(?<=\w), xrefs: 00913773
Q\E, xrefs: 008D7FCB
[:<:]], xrefs: 008D7479
DEFINE, xrefs: 00912103

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove$_memset
String ID: DEFINE$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
API String ID: 1357608183-1798697756
Opcode ID: 92a221016ae5fc49c1a26b924616927de7f080834aef9e1e674123442a08ee1e
Instruction ID: fd3a29b0d0bec2b31302e0340090b412b22ce20c5aed0a3ab2d94942bc7c7c00
Opcode Fuzzy Hash: 92a221016ae5fc49c1a26b924616927de7f080834aef9e1e674123442a08ee1e
Instruction Fuzzy Hash: EA937B75B042199BDB24CF98D881BEDB7B1FF48710F24856AE959EB380E7749E81CB40

Function 008C48D7 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?), ref: 008C48DF
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008FD665
IsIconic.USER32(?), ref: 008FD66E
ShowWindow.USER32(?,00000009), ref: 008FD67B
SetForegroundWindow.USER32(?), ref: 008FD685
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008FD69B
GetCurrentThreadId.KERNEL32 ref: 008FD6A2
GetWindowThreadProcessId.USER32(?,00000000), ref: 008FD6AE
AttachThreadInput.USER32(?,00000000,00000001), ref: 008FD6BF
AttachThreadInput.USER32(?,00000000,00000001), ref: 008FD6C7
AttachThreadInput.USER32(00000000,?,00000001), ref: 008FD6CF
SetForegroundWindow.USER32(?), ref: 008FD6D2
MapVirtualKeyW.USER32(00000012,00000000), ref: 008FD6E7
keybd_event.USER32(00000012,00000000), ref: 008FD6F2
MapVirtualKeyW.USER32(00000012,00000000), ref: 008FD6FC
keybd_event.USER32(00000012,00000000), ref: 008FD701
MapVirtualKeyW.USER32(00000012,00000000), ref: 008FD70A
keybd_event.USER32(00000012,00000000), ref: 008FD70F
MapVirtualKeyW.USER32(00000012,00000000), ref: 008FD719
keybd_event.USER32(00000012,00000000), ref: 008FD71E
SetForegroundWindow.USER32(?), ref: 008FD721
AttachThreadInput.USER32(?,?,00000000), ref: 008FD748

Strings

Shell_TrayWnd, xrefs: 008FD660

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: 50243b14e2f2ffedd2b00daa43714b360fdabfb7a66134f3f6db26a93f5c658b
Instruction ID: 45797376f62c2ed05053f74faeb844478b05e5bc4b63ca99617a14ad69273328
Opcode Fuzzy Hash: 50243b14e2f2ffedd2b00daa43714b360fdabfb7a66134f3f6db26a93f5c658b
Instruction Fuzzy Hash: 15317275A5431CBAEB206BB19C49F7F7E6DEB45B50F114025FB04EA1D1DAB05900BAA0

Function 00918310 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 009187E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0091882B
Part of subcall function 009187E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00918858
Part of subcall function 009187E1: GetLastError.KERNEL32 ref: 00918865

_memset.LIBCMT ref: 00918353
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 009183A5
CloseHandle.KERNEL32(?), ref: 009183B6
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 009183CD
GetProcessWindowStation.USER32 ref: 009183E6
SetProcessWindowStation.USER32(00000000), ref: 009183F0
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0091840A

Part of subcall function 009181CB: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00918309), ref: 009181E0
Part of subcall function 009181CB: CloseHandle.KERNEL32(?,?,00918309), ref: 009181F2

Strings

default, xrefs: 00918405
, xrefs: 00918362
winsta0, xrefs: 009183C8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
String ID: $default$winsta0
API String ID: 2063423040-1027155976
Opcode ID: 4391fc66b14f0aa9f6a63bc5ca099963a4eb2d896c6e98f9af039d09613b05a1
Instruction ID: 6212157d0d662fb336e3606f3c0334c70104ec19862d41108b670cb8cca1c298
Opcode Fuzzy Hash: 4391fc66b14f0aa9f6a63bc5ca099963a4eb2d896c6e98f9af039d09613b05a1
Instruction Fuzzy Hash: 57815975A0420EAFDF119FA4CC45AEFBBBDFF05304F1441A9F914A6161EB358A94EB20

Function 0092C75C Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 0092C78D
FindClose.KERNEL32(00000000), ref: 0092C7E1
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0092C806
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0092C81D
FileTimeToSystemTime.KERNEL32(?,?), ref: 0092C844
__swprintf.LIBCMT ref: 0092C890
__swprintf.LIBCMT ref: 0092C8D3

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

__swprintf.LIBCMT ref: 0092C927

Part of subcall function 008E3698: __woutput_l.LIBCMT ref: 008E36F1

__swprintf.LIBCMT ref: 0092C975

Part of subcall function 008E3698: __flsbuf.LIBCMT ref: 008E3713
Part of subcall function 008E3698: __flsbuf.LIBCMT ref: 008E372B

__swprintf.LIBCMT ref: 0092C9C4
__swprintf.LIBCMT ref: 0092CA13
__swprintf.LIBCMT ref: 0092CA62

Strings

%4d, xrefs: 0092C8CD
%02d, xrefs: 0092C91B, 0092C925, 0092C973, 0092C9C2, 0092CA11, 0092CA60
%4d%02d%02d%02d%02d%02d, xrefs: 0092C88A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
API String ID: 3953360268-2428617273
Opcode ID: d129fe210baf4b1f884ffdb7d6a02c9d6d44f8ead1ec3ca5bca1963ce6cef605
Instruction ID: 066ad1d63562e20d143323d7afc72530772be27387fec4f56eb6abe5a1a95ff6
Opcode Fuzzy Hash: d129fe210baf4b1f884ffdb7d6a02c9d6d44f8ead1ec3ca5bca1963ce6cef605
Instruction Fuzzy Hash: A3A11CB2408245ABC710EBA8D889EAFB7FCFF95704F40496DF595C6151EA34DA08CB63

Function 0092EF95 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0092EFB6
_wcscmp.LIBCMT ref: 0092EFCB
_wcscmp.LIBCMT ref: 0092EFE2
GetFileAttributesW.KERNEL32(?), ref: 0092EFF4
SetFileAttributesW.KERNEL32(?,?), ref: 0092F00E
FindNextFileW.KERNEL32(00000000,?), ref: 0092F026
FindClose.KERNEL32(00000000), ref: 0092F031
FindFirstFileW.KERNEL32(*.*,?), ref: 0092F04D
_wcscmp.LIBCMT ref: 0092F074
_wcscmp.LIBCMT ref: 0092F08B
SetCurrentDirectoryW.KERNEL32(?), ref: 0092F09D
SetCurrentDirectoryW.KERNEL32(00978920), ref: 0092F0BB
FindNextFileW.KERNEL32(00000000,00000010), ref: 0092F0C5
FindClose.KERNEL32(00000000), ref: 0092F0D2
FindClose.KERNEL32(00000000), ref: 0092F0E4

Strings

*.*, xrefs: 0092F048

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*
API String ID: 1803514871-438819550
Opcode ID: ce47b6e2ba6117c34d73a48097b92aceffcfd0b5c64440a9ab708b1f5be5acad
Instruction ID: 2dae1432dc04ff77899009721fc0062142c5110c737619213f82f84c0442b83a
Opcode Fuzzy Hash: ce47b6e2ba6117c34d73a48097b92aceffcfd0b5c64440a9ab708b1f5be5acad
Instruction Fuzzy Hash: E53102365402296BCB14AFA4EC68EEE77BCEF4A360F004175E804E30A1DB70DE40DA61

Function 00940857 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00940953
RegCreateKeyExW.ADVAPI32(?,?,00000000,0094F910,00000000,?,00000000,?,?), ref: 009409C1
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00940A09
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00940A92
RegCloseKey.ADVAPI32(?), ref: 00940DB2
RegCloseKey.ADVAPI32(00000000), ref: 00940DBF

Strings

REG_DWORD, xrefs: 00940C83
REG_MULTI_SZ, xrefs: 00940B7A
REG_SZ, xrefs: 00940AD0
REG_BINARY, xrefs: 00940D4D
REG_QWORD, xrefs: 00940D00
REG_EXPAND_SZ, xrefs: 00940A2F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Close$ConnectCreateRegistryValue
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 536824911-966354055
Opcode ID: 1480a1c04176310122f87fd4eaa6febd20b65979b7de4261bb7dad028b548551
Instruction ID: ab29d26cbcb81a9464c0940c7b3fe3aab30c3db3c5a9f32e17981e8e976c3dab
Opcode Fuzzy Hash: 1480a1c04176310122f87fd4eaa6febd20b65979b7de4261bb7dad028b548551
Instruction Fuzzy Hash: AE024B756046119FCB14DF18C855E2AB7E9FF89714F04896CF98A9B3A2CB34EC45CB82

Function 0092F0F2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,76228FB0,?,00000000), ref: 0092F113
_wcscmp.LIBCMT ref: 0092F128
_wcscmp.LIBCMT ref: 0092F13F

Part of subcall function 00924385: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 009243A0

FindNextFileW.KERNEL32(00000000,?), ref: 0092F16E
FindClose.KERNEL32(00000000), ref: 0092F179
FindFirstFileW.KERNEL32(*.*,?), ref: 0092F195
_wcscmp.LIBCMT ref: 0092F1BC
_wcscmp.LIBCMT ref: 0092F1D3
SetCurrentDirectoryW.KERNEL32(?), ref: 0092F1E5
SetCurrentDirectoryW.KERNEL32(00978920), ref: 0092F203
FindNextFileW.KERNEL32(00000000,00000010), ref: 0092F20D
FindClose.KERNEL32(00000000), ref: 0092F21A
FindClose.KERNEL32(00000000), ref: 0092F22C

Strings

*.*, xrefs: 0092F190

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
String ID: *.*
API String ID: 1824444939-438819550
Opcode ID: 2855b23f63c27990b92996179644812f7be0b62cfc7e4bbde64a350e25b75ebc
Instruction ID: 133ff91f3e4485277f8b7ac3c3a859b79b92155b692200a3104b08e22e901890
Opcode Fuzzy Hash: 2855b23f63c27990b92996179644812f7be0b62cfc7e4bbde64a350e25b75ebc
Instruction Fuzzy Hash: 1831053650422AAACF109FA4FC68EEE77BCAF86364F100175E814E31A1DB30DE45DE54

Function 0092A1EF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0092A20F
__swprintf.LIBCMT ref: 0092A231
CreateDirectoryW.KERNEL32(?,00000000), ref: 0092A26E
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0092A293
_memset.LIBCMT ref: 0092A2B2
_wcsncpy.LIBCMT ref: 0092A2EE
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0092A323
CloseHandle.KERNEL32(00000000), ref: 0092A32E
RemoveDirectoryW.KERNEL32(?), ref: 0092A337
CloseHandle.KERNEL32(00000000), ref: 0092A341

Strings

\??\%s, xrefs: 0092A22B
\, xrefs: 0092A247
:, xrefs: 0092A252

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
String ID: :$\$\??\%s
API String ID: 2733774712-3457252023
Opcode ID: d3edfa35300615a418d09d0f6c923f8d4ded60ade706e65a4d22ed4e5b12356f
Instruction ID: 77c95c5afd2ed1202b3bdaee87489e69307db2e2a547afe1f6abfd27b523d55a
Opcode Fuzzy Hash: d3edfa35300615a418d09d0f6c923f8d4ded60ade706e65a4d22ed4e5b12356f
Instruction Fuzzy Hash: 9E31E5B690411AABDB20DFA4DC49FEB37BCFF89740F1040B6F608D2160EB7096448B65

Function 00917CAF Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00918202: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0091821E
Part of subcall function 00918202: GetLastError.KERNEL32(?,00917CE2,?,?,?), ref: 00918228
Part of subcall function 00918202: GetProcessHeap.KERNEL32(00000008,?,?,00917CE2,?,?,?), ref: 00918237
Part of subcall function 00918202: HeapAlloc.KERNEL32(00000000,?,00917CE2,?,?,?), ref: 0091823E
Part of subcall function 00918202: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00918255

Part of subcall function 0091829F: GetProcessHeap.KERNEL32(00000008,00917CF8,00000000,00000000,?,00917CF8,?), ref: 009182AB
Part of subcall function 0091829F: HeapAlloc.KERNEL32(00000000,?,00917CF8,?), ref: 009182B2
Part of subcall function 0091829F: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00917CF8,?), ref: 009182C3

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00917D13
_memset.LIBCMT ref: 00917D28
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00917D47
GetLengthSid.ADVAPI32(?), ref: 00917D58
GetAce.ADVAPI32(?,00000000,?), ref: 00917D95
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00917DB1
GetLengthSid.ADVAPI32(?), ref: 00917DCE
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00917DDD
HeapAlloc.KERNEL32(00000000), ref: 00917DE4
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00917E05
CopySid.ADVAPI32(00000000), ref: 00917E0C
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00917E3D
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00917E63
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00917E77

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 26a4ea6254c4e9dc425a06a0d37c21641c237f10bdc5a3b89f56ac93d75e2dd0
Instruction ID: fba7d3dfd01497114cc683e4096da80f35d1576ef6fe5debab1b1307224c227c
Opcode Fuzzy Hash: 26a4ea6254c4e9dc425a06a0d37c21641c237f10bdc5a3b89f56ac93d75e2dd0
Instruction Fuzzy Hash: A2616C75A0420EAFDF00CFA4EC44EEEBBB9FF45300F148169E815A62A1DB319A45DB60

Function 008D66E1 Relevance: 18.4, Strings: 14, Instructions: 889COMMON

Download Yara Rule

Strings

UTF), xrefs: 009110FA
BSR_UNICODE), xrefs: 00911338
LIMIT_RECURSION=, xrefs: 009111FC
CRLF), xrefs: 009112C1
NO_START_OPT), xrefs: 0091114F
CR), xrefs: 00911287
NO_AUTO_POSSESS), xrefs: 0091112E
ANYCRLF), xrefs: 009112FB
BSR_ANYCRLF), xrefs: 0091131E
ANY), xrefs: 009112DE
LF), xrefs: 009112A4
UTF16), xrefs: 009110CF
UCP), xrefs: 0091110D
LIMIT_MATCH=, xrefs: 00911170

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
API String ID: 0-4052911093
Opcode ID: 912780ba5b7cd78150b4c6c5a01527b237ac2b19e5f76f3594a96adb270db056
Instruction ID: 970f32b8d98dab146a021035a0c22aaec64d8b04357b3956048b46f3aeed991d
Opcode Fuzzy Hash: 912780ba5b7cd78150b4c6c5a01527b237ac2b19e5f76f3594a96adb270db056
Instruction Fuzzy Hash: 3D725B75E0021DDBDB24CF59C8807EEB7B5FF48710F14816AE959EB290EB749A81CB90

Function 0092001C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00920097
SetKeyboardState.USER32(?), ref: 00920102
GetAsyncKeyState.USER32(000000A0), ref: 00920122
GetKeyState.USER32(000000A0), ref: 00920139
GetAsyncKeyState.USER32(000000A1), ref: 00920168
GetKeyState.USER32(000000A1), ref: 00920179
GetAsyncKeyState.USER32(00000011), ref: 009201A5
GetKeyState.USER32(00000011), ref: 009201B3
GetAsyncKeyState.USER32(00000012), ref: 009201DC
GetKeyState.USER32(00000012), ref: 009201EA
GetAsyncKeyState.USER32(0000005B), ref: 00920213
GetKeyState.USER32(0000005B), ref: 00920221

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 3b7c4cc66ba8fc24ce67f14a858237a8b80ea3e55d1b5b3226fd9fb390877af7
Instruction ID: 5cd981e523fcadfb796c82af6fc357c3ab0cb47e0f62eee2417fcc246d198ed2
Opcode Fuzzy Hash: 3b7c4cc66ba8fc24ce67f14a858237a8b80ea3e55d1b5b3226fd9fb390877af7
Instruction Fuzzy Hash: 44511E309087A819FB35DBB0A8547EABFB89F81380F08459ED5C1571C7DA649B8CC761

Function 009403DA Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00940E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093FDAD,?,?), ref: 00940E31

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 009404AC

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 0094054B
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 009405E3
RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00940822
RegCloseKey.ADVAPI32(00000000), ref: 0094082F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
String ID:
API String ID: 1240663315-0
Opcode ID: 38d483be2c66ca251d1aa198757294b1d19287b91bfead19247e61805f647e82
Instruction ID: e0eae1a57d5b08fd5c53c41079fb11ac2f59f6007ad84a265d94ec18494dd431
Opcode Fuzzy Hash: 38d483be2c66ca251d1aa198757294b1d19287b91bfead19247e61805f647e82
Instruction Fuzzy Hash: 18E15E31604214AFCB14DF28C995E2ABBF9FF89714F04896DF94ADB261D631ED01CB92

Function 00934164 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0093418B
EmptyClipboard.USER32 ref: 00934191
GlobalAlloc.KERNEL32(00000002,?), ref: 009341A6
CloseClipboard.USER32 ref: 00934245

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: b4ddf862d421b2331307b3b87c9978a62ca9852c61854c069bd537057382fe65
Instruction ID: 26819837ba890117b60425ba60bcdc4d632c540fcff6110d42a0e12a04bf083d
Opcode Fuzzy Hash: b4ddf862d421b2331307b3b87c9978a62ca9852c61854c069bd537057382fe65
Instruction Fuzzy Hash: D121BF392146159FDB00AF64DC29F6A7BA8FF16710F028029F946DB2A1CB70AC00DB85

Function 009237EF Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008C4743,?,?,008C37AE,?), ref: 008C4770

Part of subcall function 00924A31: GetFileAttributesW.KERNEL32(?,0092370B), ref: 00924A32

FindFirstFileW.KERNEL32(?,?), ref: 009238A3
DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 0092394B
MoveFileW.KERNEL32(?,?), ref: 0092395E
DeleteFileW.KERNEL32(?,?,?,?,?), ref: 0092397B
FindNextFileW.KERNEL32(00000000,00000010), ref: 0092399D
FindClose.KERNEL32(00000000,?,?,?,?), ref: 009239B9

Strings

\*.*, xrefs: 0092384E, 00923857, 0092386C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 4002782344-1173974218
Opcode ID: 0603bb6b926f3113e8959c6c3fb606d963c5d5fd754e42b2f90f8f53e11a1b29
Instruction ID: 7293185c5fefe2514cdbe28b00d690548ce287021bea4c2fd9de3c63dbd09bfa
Opcode Fuzzy Hash: 0603bb6b926f3113e8959c6c3fb606d963c5d5fd754e42b2f90f8f53e11a1b29
Instruction Fuzzy Hash: F551C03580415DAACF01EBA4E992EEDB779AF15300F608069E402B7195EF34AF4DCF61

Function 0092F3F3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0092F440
Sleep.KERNEL32(0000000A), ref: 0092F470
_wcscmp.LIBCMT ref: 0092F484
_wcscmp.LIBCMT ref: 0092F49F
FindNextFileW.KERNEL32(?,?), ref: 0092F53D
FindClose.KERNEL32(00000000), ref: 0092F553

Strings

*.*, xrefs: 0092F425

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
String ID: *.*
API String ID: 713712311-438819550
Opcode ID: 206478946898e739b3d0924068ff8f6a0e65e64e44cdbb0d5c0f072ec2e96266
Instruction ID: a187593360157d42311f818fb59c515593835c900106757b7837185f83ed424a
Opcode Fuzzy Hash: 206478946898e739b3d0924068ff8f6a0e65e64e44cdbb0d5c0f072ec2e96266
Instruction Fuzzy Hash: 98416C7190421A9BCF14EF68EC69EEEBBB8FF45310F10447AE815A2191DB309A88CF51

Function 008D5760 Relevance: 11.0, APIs: 7, Instructions: 532COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 008D58A5
_memmove.LIBCMT ref: 008D58F5
_memmove.LIBCMT ref: 008D595B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 9f3b19018088d87182f03e8fb0607ea238cd7fbe7f2e541861c0ffc5d7e895b9
Instruction ID: bcff41fc6d60099b61c09232a2233c677d3204f6e59339195bdc7e450e423955
Opcode Fuzzy Hash: 9f3b19018088d87182f03e8fb0607ea238cd7fbe7f2e541861c0ffc5d7e895b9
Instruction Fuzzy Hash: 7A127C70A00609EFDF04DFA9D981AEEB7B5FF48300F10466AE446E7250EB76AD90CB51

Function 00923B12 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008C4743,?,?,008C37AE,?), ref: 008C4770

Part of subcall function 00924A31: GetFileAttributesW.KERNEL32(?,0092370B), ref: 00924A32

FindFirstFileW.KERNEL32(?,?), ref: 00923B89
DeleteFileW.KERNEL32(?,?,?,?), ref: 00923BD9
FindNextFileW.KERNEL32(00000000,00000010), ref: 00923BEA
FindClose.KERNEL32(00000000), ref: 00923C01
FindClose.KERNEL32(00000000), ref: 00923C0A

Strings

\*.*, xrefs: 00923B5B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: adc5e9a0318a834a7587de4c730b7c325c03873b2bbea22e10797c62881e13d7
Instruction ID: 8671b213ad3232609125286ef33f8c178344fcbc0bc0ddbd2a0c0fe4971ddba5
Opcode Fuzzy Hash: adc5e9a0318a834a7587de4c730b7c325c03873b2bbea22e10797c62881e13d7
Instruction Fuzzy Hash: EC317E31009395ABC601EF28E891DAFBBB8BEA5314F404D2DF4D592191EB34DA08CB53

Function 009251BD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 009187E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0091882B
Part of subcall function 009187E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00918858
Part of subcall function 009187E1: GetLastError.KERNEL32 ref: 00918865

ExitWindowsEx.USER32(?,00000000), ref: 009251F9

Strings

, xrefs: 009251E7
SeShutdownPrivilege, xrefs: 009251C9
@, xrefs: 009251EC

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $@$SeShutdownPrivilege
API String ID: 2234035333-194228
Opcode ID: 92dc959520b1350ab2aba95c94e200abdcd8d61cf72db942591219ae02238dda
Instruction ID: 3361cf2f368ad89f4c7dfc91e1c15ce6dd2d0a831b643afc206dbcbb5f1e08ae
Opcode Fuzzy Hash: 92dc959520b1350ab2aba95c94e200abdcd8d61cf72db942591219ae02238dda
Instruction Fuzzy Hash: 48012B357A5636ABF7286268BC9AFBB725CEB45350F220821F937E20D6DA715C009690

Function 00936283 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 009362DC
WSAGetLastError.WSOCK32(00000000), ref: 009362EB
bind.WSOCK32(00000000,?,00000010), ref: 00936307
listen.WSOCK32(00000000,00000005), ref: 00936316
WSAGetLastError.WSOCK32(00000000), ref: 00936330
closesocket.WSOCK32(00000000,00000000), ref: 00936344

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorLast$bindclosesocketlistensocket
String ID:
API String ID: 1279440585-0
Opcode ID: ec2cbb2187e7cdf70bf7d3435f2183b8015c576fe9b6aad53b3b82868f3e0891
Instruction ID: a5c335647b744fdfc4cca27e6fd4fdecaddd7ffe8c64b9082e327074fabadefb
Opcode Fuzzy Hash: ec2cbb2187e7cdf70bf7d3435f2183b8015c576fe9b6aad53b3b82868f3e0891
Instruction Fuzzy Hash: E821BB35600205AFCB10AF68C849F6EB7B9EF49720F1481A8E856E7391CB70AC01DB51

Function 008D5520 Relevance: 8.0, APIs: 5, Instructions: 516COMMON

Download Yara Rule

APIs

Part of subcall function 008E0DB6: std::exception::exception.LIBCMT ref: 008E0DEC
Part of subcall function 008E0DB6: __CxxThrowException@8.LIBCMT ref: 008E0E01

_memmove.LIBCMT ref: 00910258
_memmove.LIBCMT ref: 0091036D
_memmove.LIBCMT ref: 00910414

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove$Exception@8Throwstd::exception::exception
String ID:
API String ID: 1300846289-0
Opcode ID: 84c844ab44ebf4e8c92b42ddbefd18340044b685646733719524cdb13d2686b8
Instruction ID: 81ee86f0592671d981dd1312289f6a180dfcb8718515fb48dcb2e0c5aef71505
Opcode Fuzzy Hash: 84c844ab44ebf4e8c92b42ddbefd18340044b685646733719524cdb13d2686b8
Instruction Fuzzy Hash: 4F02B070B00609DBCF04DF69D981AAEBBB5FF84300F14846AE80ADB355EB75D994CB91

Function 008C1287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

DefDlgProcW.USER32(?,?,?,?,?), ref: 008C19FA
GetSysColor.USER32(0000000F), ref: 008C1A4E
SetBkColor.GDI32(?,00000000), ref: 008C1A61

Part of subcall function 008C1290: DefDlgProcW.USER32(?,00000020,?), ref: 008C12D8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ColorProc$LongWindow
String ID:
API String ID: 3744519093-0
Opcode ID: ed7b905723a36771c27940bd912db1c486a906be113bc33ca0784456ac407f3f
Instruction ID: a49b1a322cc01ae9ac0f0ebf7a15515051bc85ebca83690826c697a924457492
Opcode Fuzzy Hash: ed7b905723a36771c27940bd912db1c486a906be113bc33ca0784456ac407f3f
Instruction Fuzzy Hash: 26A127B021656CBAEE28AA399CCCF7B297DFB83745B14011EF503D5293DA30DD019672

Function 0092BCBC Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 0092BCE6
_wcscmp.LIBCMT ref: 0092BD16
_wcscmp.LIBCMT ref: 0092BD2B
FindNextFileW.KERNEL32(00000000,?), ref: 0092BD3C
FindClose.KERNEL32(00000000,00000001,00000000), ref: 0092BD6C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstNext
String ID:
API String ID: 2387731787-0
Opcode ID: 7d03c919afae80c3afb0cb40fbe59fc7e4763a8c3d5d200a987ad8e17be1a555
Instruction ID: 0ddd314f255cae46b72b572be85cd1027743642ee6bdd0e6ba6d12b299c92c42
Opcode Fuzzy Hash: 7d03c919afae80c3afb0cb40fbe59fc7e4763a8c3d5d200a987ad8e17be1a555
Instruction Fuzzy Hash: 03515A756046129FC714DF68D490EAAB3E8FF4A324F104A6DE95AC73A1DB30ED04CB92

Function 00936747 Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00937D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00937DB6

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0093679E
WSAGetLastError.WSOCK32(00000000), ref: 009367C7
bind.WSOCK32(00000000,?,00000010), ref: 00936800
WSAGetLastError.WSOCK32(00000000), ref: 0093680D
closesocket.WSOCK32(00000000,00000000), ref: 00936821

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorLast$bindclosesocketinet_addrsocket
String ID:
API String ID: 99427753-0
Opcode ID: 239f7dee809ae58f4f67d60138e6d877a52ae19fddece23a91e767b226b4d7f1
Instruction ID: c83f1696a7d09685cedbfdcf5769f3a19ec15ce8d3ec10168c54dd049269ff68
Opcode Fuzzy Hash: 239f7dee809ae58f4f67d60138e6d877a52ae19fddece23a91e767b226b4d7f1
Instruction Fuzzy Hash: A741B875640210AFDB50AF688C86F6E77F8EB45714F44846CF95AEB3D2CA74DD008B92

Function 00945376 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 009453C5
IsWindowEnabled.USER32 ref: 009453D3
GetForegroundWindow.USER32(?,?,00000001), ref: 009453E0
IsIconic.USER32 ref: 009453EE
IsZoomed.USER32 ref: 009453FC

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 9fc64ee7139c18074e5941ec40e3b71c415114677d3dc015d6dad67bef8bda1c
Instruction ID: d27f53ad7b5829e802c94ee48f7270430637fe2ebbdf916806a0e43f8c802320
Opcode Fuzzy Hash: 9fc64ee7139c18074e5941ec40e3b71c415114677d3dc015d6dad67bef8bda1c
Instruction Fuzzy Hash: 7411E232310915AFEB206F669C58F6E7BACFF457A0B024438F845D7242CB70DC018AA1

Function 009180A9 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 009180C0
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 009180CA
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 009180D9
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 009180E0
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 009180F6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 1c2c3cc59c03a545672596fa1d295b16b3945ffaf8c8c9a1ed4331be2f3a6d86
Instruction ID: 9c98471589bf6b256ab9cefc38e62ad9e57bd59494b9bf767f308a04386cfd32
Opcode Fuzzy Hash: 1c2c3cc59c03a545672596fa1d295b16b3945ffaf8c8c9a1ed4331be2f3a6d86
Instruction Fuzzy Hash: 86F0623536C209BFEB200FA5EC9DEA73BACEF8A755B000025F945C6150CB619C41EA60

Function 0092C397 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0092C432
CoCreateInstance.OLE32(00952D6C,00000000,00000001,00952BDC,?), ref: 0092C44A

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

CoUninitialize.OLE32 ref: 0092C6B7

Strings

.lnk, xrefs: 0092C3C6, 0092C3EE, 0092C3F8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_memmove
String ID: .lnk
API String ID: 2683427295-24824748
Opcode ID: 17bf5ae4a68f41344c7d1a72a34373698466fceb5b36386e838b00e4291f7c76
Instruction ID: a271e7d92931c8888567a533ce153bf8c2471f84b8c7db725b5779e5ce3141c5
Opcode Fuzzy Hash: 17bf5ae4a68f41344c7d1a72a34373698466fceb5b36386e838b00e4291f7c76
Instruction Fuzzy Hash: E0A12A71104205AFD700EF58C885EABB7B8FF89354F00496CF596D7192DB71E949CB62

Function 008C4B37 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,008C4AD0), ref: 008C4B45
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 008C4B57

Strings

kernel32.dll, xrefs: 008C4B40
GetNativeSystemInfo, xrefs: 008C4B51

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 2574300362-192647395
Opcode ID: 19418989b65533bc8361a8397166d4bc5ad7dea83ccda63e7ee15e382097f0c1
Instruction ID: cc5741964405f955d578aed3b7acfa7cab1ff85d9d22fb720f5f38d9dd2ac2db
Opcode Fuzzy Hash: 19418989b65533bc8361a8397166d4bc5ad7dea83ccda63e7ee15e382097f0c1
Instruction Fuzzy Hash: 85D01275A14713CFD7209F72D838F4676F4EF46395B11883D9485D6150E670D8C0C654

Function 008D3030 Relevance: 6.6, APIs: 4, Instructions: 587COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __itow__swprintf
String ID:
API String ID: 674341424-0
Opcode ID: 3a25a71f3523d0ecc41e66f2e464291f8ff5f1dd7897e531bf15b363d81f61c2
Instruction ID: 004f697de47ab56b95fb37749650f272b788e8848bada8f168eefa1e9445a2fe
Opcode Fuzzy Hash: 3a25a71f3523d0ecc41e66f2e464291f8ff5f1dd7897e531bf15b363d81f61c2
Instruction Fuzzy Hash: 182256716083019FD724DF28C881B6AB7E5FB84714F004A2EF99A97391DB75EA44CB93

Function 0093EE0D Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 0093EE3D
Process32FirstW.KERNEL32(00000000,?), ref: 0093EE4B

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Process32NextW.KERNEL32(00000000,?), ref: 0093EF0B
CloseHandle.KERNEL32(00000000,?,?,?), ref: 0093EF1A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
String ID:
API String ID: 2576544623-0
Opcode ID: dd58778be4bc2f319772dac1a22a5a4230973e2be7023d5c414b280492f52ba1
Instruction ID: 1e452efc170e29569ec48d8cb152dd920e070f119a6ce32e097ac064562c511c
Opcode Fuzzy Hash: dd58778be4bc2f319772dac1a22a5a4230973e2be7023d5c414b280492f52ba1
Instruction Fuzzy Hash: 9D515A71508711ABD320EF24D885F6BBBE8FF98710F50482DF595D62A1EA70E908CB92

Function 0091E616 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,?,?,00000000), ref: 0091E628

Strings

(, xrefs: 0091E66E
|, xrefs: 0091E658

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: lstrlen
String ID: ($|
API String ID: 1659193697-1631851259
Opcode ID: 5bbf6f198e9df76c7f4215e5fbd4359a5813a3e99ea772553a31d48689687d25
Instruction ID: c44dbb0cfe1fe3b70d3521d992e3eb0d7344bc5f9aed8c762d31297519e7f50f
Opcode Fuzzy Hash: 5bbf6f198e9df76c7f4215e5fbd4359a5813a3e99ea772553a31d48689687d25
Instruction Fuzzy Hash: A6322775A007059FDB28CF19C4819AAB7F1FF48320B55C56EE89ADB3A1E770E981CB44

Function 009322EE Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0093180A,00000000), ref: 009323E1
InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00932418

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Internet$AvailableDataFileQueryRead
String ID:
API String ID: 599397726-0
Opcode ID: 958353eb9e5e84e4d7dabc97fe55d6e119554c4ea0512718e3392fa5ea487c03
Instruction ID: bc31b1fd2171d599d0c13df71b8aac4ab64ee4f6f8e263dea3392cf096a14935
Opcode Fuzzy Hash: 958353eb9e5e84e4d7dabc97fe55d6e119554c4ea0512718e3392fa5ea487c03
Instruction Fuzzy Hash: 8F410571A04309BFEB10DF95DC85FBBB7BCEB40724F10442AF605A6150EA79AE419E61

Function 0092B3FB Relevance: 4.6, APIs: 3, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0092B40B
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0092B465
SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0092B4B2

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 14fcc9b0c01ebb62f3899e0c2be9dc3a0284eeddb5585bd5b791361ae3826015
Instruction ID: e05b68ab301b58f99523ac38ecc171f5044a5b2f263c9d7b98f1f561db8ac753
Opcode Fuzzy Hash: 14fcc9b0c01ebb62f3899e0c2be9dc3a0284eeddb5585bd5b791361ae3826015
Instruction Fuzzy Hash: E2215E35A10518EFCB00EFA5E894EEEBBB8FF49310F1480A9E905EB361CB319955CB51

Function 009187E1 Relevance: 4.6, APIs: 3, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 008E0DB6: std::exception::exception.LIBCMT ref: 008E0DEC
Part of subcall function 008E0DB6: __CxxThrowException@8.LIBCMT ref: 008E0E01

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0091882B
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00918858
GetLastError.KERNEL32 ref: 00918865

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
String ID:
API String ID: 1922334811-0
Opcode ID: bad215f72f4389c418f65930c62c8a0e7f11b86c76de023f4317e15721230497
Instruction ID: 7c4ae3b13f5e83c67797636afc1fa097acb4d8ed419dbc1baa78d452c88378ab
Opcode Fuzzy Hash: bad215f72f4389c418f65930c62c8a0e7f11b86c76de023f4317e15721230497
Instruction Fuzzy Hash: D9116DB2514209AFE718DFA4DC85D6BB7BCFB45710B20856EF45697241EA70AC809B60

Function 0091874B Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00918774
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0091878B
FreeSid.ADVAPI32(?), ref: 0091879B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: cbb1dbbdbc8e3b76b88f720910b438f678fe6b1955ae30f2f587b838f15bfd0f
Instruction ID: 4aaed882f712ab98e666a7780e646def07da8e8f1f9d435fc67c888c6bd891fc
Opcode Fuzzy Hash: cbb1dbbdbc8e3b76b88f720910b438f678fe6b1955ae30f2f587b838f15bfd0f
Instruction Fuzzy Hash: 53F04979A1130DBFDF04DFF4DC99EAEBBBCEF08301F1044A9A901E2181E6716A449B50

Function 0092C6D1 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 0092C6FB
FindClose.KERNEL32(00000000), ref: 0092C72B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: a01b7db2659387237af46db09cd7e0d301c85f6cd37f1d0b5bb22e08bf99e57f
Instruction ID: 4a31ee935463f25056abf3cd716091b4fc2a616e782cd4aeab2df5ddc3f95d13
Opcode Fuzzy Hash: a01b7db2659387237af46db09cd7e0d301c85f6cd37f1d0b5bb22e08bf99e57f
Instruction Fuzzy Hash: 6F118E766006049FDB10DF29D849E2AF7E9FF85324F00856DF9A9C7291DB30E801CB81

Function 0092A06A Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00939468,?,0094FB84,?), ref: 0092A097
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00939468,?,0094FB84,?), ref: 0092A0A9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: cc763676fc08ac467325d50fc9c88633aa28f4013d3b9f341ff9d481f1198514
Instruction ID: d415dcd8c7dfa701645b071feea253347e9060b732ea8f619a42a2982c97619d
Opcode Fuzzy Hash: cc763676fc08ac467325d50fc9c88633aa28f4013d3b9f341ff9d481f1198514
Instruction Fuzzy Hash: A4F0273515422DBBDB209FA4DC48FEA776CFF09361F008265FA09D3181C6709900CBE2

Function 009181CB Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00918309), ref: 009181E0
CloseHandle.KERNEL32(?,?,00918309), ref: 009181F2

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: f4606170f1e2d9c049f7abbefa51fb0fcbef9a0217d877d7ebea89f1c5d302bd
Instruction ID: 4aa71c94ba289876d3f44b099618a4ce864471f334dfb93a259dd5e7a6623dde
Opcode Fuzzy Hash: f4606170f1e2d9c049f7abbefa51fb0fcbef9a0217d877d7ebea89f1c5d302bd
Instruction Fuzzy Hash: 71E0B676014612AEE7262B65EC09D777BEAEB053507148829B8A6C4470DB62AC91EB10

Function 008EA155 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,008E8D57,?,?,?,00000001), ref: 008EA15A
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 008EA163

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: abf52d9028111d7b8cccdd5e397889f7a9d3fefe5d2c45adbc77bb7d8d89672f
Instruction ID: 7d2af928cad619a3736012360fb4e1b8e2eadbc7b9779ba09eea58abc818d81d
Opcode Fuzzy Hash: abf52d9028111d7b8cccdd5e397889f7a9d3fefe5d2c45adbc77bb7d8d89672f
Instruction Fuzzy Hash: 36B0923506820AABCA002F91EC19F883F68EB46BE2F404020F60D84060EB625450AA91

Function 008EF1D9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46d7c388e050639e5fbd088edbd6f2bac4bee328e7143e040d40f48713a8da87
Instruction ID: 46fb027d672724cd5c5884e658896a3a58cb6e3cf711d7efefe0c401c8c7e169
Opcode Fuzzy Hash: 46d7c388e050639e5fbd088edbd6f2bac4bee328e7143e040d40f48713a8da87
Instruction Fuzzy Hash: CE322222D2DF414DD7239636D832335A689EFB73C5F15C737E82AB59A6EB28C5835200

Function 008F242E Relevance: 1.8, APIs: 1, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c01a586fe6e29dac05d1c1df5325382ff0adea63ef66f9e60d10e471fb05ec
Instruction ID: 469b0d9c8b9b7b09c3729a8c944818ae160c07d1721cbd86dca6e8f55f83b873
Opcode Fuzzy Hash: b1c01a586fe6e29dac05d1c1df5325382ff0adea63ef66f9e60d10e471fb05ec
Instruction Fuzzy Hash: B3B1E220D3AF414DD7239A3A8831336BA5CAFBB2DAF51D71BFC1674D22EB2185835245

Function 00928889 Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

__time64.LIBCMT ref: 0092889B

Part of subcall function 008E520A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00928F6E,00000000,?,?,?,?,0092911F,00000000,?), ref: 008E5213
Part of subcall function 008E520A: __aulldiv.LIBCMT ref: 008E5233

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Time$FileSystem__aulldiv__time64
String ID:
API String ID: 2893107130-0
Opcode ID: 2f3c56af0d966ecc839d8a3f3eb96c5f1166f10d28cf3758c865697ef0a3f7b3
Instruction ID: db1794c8a01ce816255c32ce58f4387420dcddfe0e776dce057404576015fd28
Opcode Fuzzy Hash: 2f3c56af0d966ecc839d8a3f3eb96c5f1166f10d28cf3758c865697ef0a3f7b3
Instruction Fuzzy Hash: E521A2326356208BC729CF29D841A52B3E5EBA5311F688E6CE1F5CF2C0CA34B905DB94

Function 00924C27 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00924C4A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: a741e418e4e0c2848eb8f86e69acb32d7c0f36f4f63124b52413972f64c9081b
Instruction ID: e40d74a807dce88f0cef368cfb40e1edbf6ace1e7cc11d180df8f8be8c3fd700
Opcode Fuzzy Hash: a741e418e4e0c2848eb8f86e69acb32d7c0f36f4f63124b52413972f64c9081b
Instruction Fuzzy Hash: 6CD05EA516923A38EC1C8728BE1FFFA010CE340792FD0854971818E0C9EC849C486830

Function 009187B1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00918389), ref: 009187D1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LogonUser
String ID:
API String ID: 1244722697-0
Opcode ID: acfecae9b7432c4f3b8d719f499e2685f7f04cd178c20d4c4a37472e158430eb
Instruction ID: f62f4138f040be1b6d49515fe261ad62f8747538fd604965d4fd294cdfc54207
Opcode Fuzzy Hash: acfecae9b7432c4f3b8d719f499e2685f7f04cd178c20d4c4a37472e158430eb
Instruction Fuzzy Hash: CBD05E3226450EABEF018EA4DC01EAF3B69EB04B01F408111FE15C50A1C775D835AB60

Function 008EA124 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 008EA12A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8ca264d0a2114c0be4088b1835b5c2eab0c5f3088a3db25316b0bd801d4c1992
Instruction ID: 585bebca15423cf8e87296ccecb7687b8b9a00e48532996dd272c80f0bd7b976
Opcode Fuzzy Hash: 8ca264d0a2114c0be4088b1835b5c2eab0c5f3088a3db25316b0bd801d4c1992
Instruction Fuzzy Hash: 8EA0123001410DA78A001F41EC04C447F5CD6016D07004020F40C40021973254105580

Function 008D8808 Relevance: .6, Instructions: 590COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73c0c658e9f5e3fcb9004ce8a98a77ef38db891cedeee9b60e4bf7bfb8fd9fe4
Instruction ID: 854230242e00ae2a47d7c025f5099fffecb3b3ed71edb133998a2a90be190af4
Opcode Fuzzy Hash: 73c0c658e9f5e3fcb9004ce8a98a77ef38db891cedeee9b60e4bf7bfb8fd9fe4
Instruction Fuzzy Hash: 2722583160811ADBCF388B64C4A47BC7BA1FB81304F6A866BD496CB692DB74DDD1C742

Function 008E21C5 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction ID: 0cc89eb21dc177868edf47c91443f9ead1519c251656e70625e554174a699617
Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
Instruction Fuzzy Hash: B9C15E322051D30ADF6D463B887403EFAA5BEA37B131A076DD8B2CB1D4EE20D965D620

Function 008E25FA Relevance: .3, Instructions: 341COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction ID: d8c58e7e222e713915d28c8f8c6a0d5500efb5bc6c88801d484d9b02511650e0
Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
Instruction Fuzzy Hash: 4AC161322051E30ADF2D463B883453EBAA5BEA37B131A176DD4B2DB1D5EE20C975D720

Function 008E1D90 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
Instruction ID: 2eab05ee6ef46d5892cf909c72c019535cae2e6b490a95e7e2d43e9fbb787869
Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
Instruction Fuzzy Hash: CEC152322051D30ADF1D463B887853EBAA1BEA37B131A076DD8B2DB1D4EE20D975D760

Function 008E1978 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction ID: 1ef57a40970345f5a47fce8ab2cd59d74cba08ba9f59bc75a5d4e0eb03f064c3
Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
Instruction Fuzzy Hash: 11C13F323091D309DF6D463B887813EBAA1AEA37B131A176DD4B2DB1D5EE30C9659720

Function 00937806 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 0093785B
DeleteObject.GDI32(00000000), ref: 0093786D
DestroyWindow.USER32 ref: 0093787B
GetDesktopWindow.USER32 ref: 00937895
GetWindowRect.USER32(00000000), ref: 0093789C
SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 009379DD
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 009379ED
CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937A35
GetClientRect.USER32(00000000,?), ref: 00937A41
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00937A7B
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937A9D
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937AB0
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937ABB
GlobalLock.KERNEL32(00000000), ref: 00937AC4
ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937AD3
GlobalUnlock.KERNEL32(00000000), ref: 00937ADC
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937AE3
GlobalFree.KERNEL32(00000000), ref: 00937AEE
CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937B00
OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00952CAC,00000000), ref: 00937B16
GlobalFree.KERNEL32(00000000), ref: 00937B26
CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00937B4C
SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00937B6B
SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937B8D
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00937D7A

Strings

AutoIt v3, xrefs: 00937A2D
DISPLAY, xrefs: 00937BDD
static, xrefs: 00937A75, 00937BCC
, xrefs: 00937D00

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: 3d33043824fce4a4014659a78a1d94d6de8286d3079bd0d0fa572905f8048675
Instruction ID: 837ffa719aa595449399b22bfce51b3769916b07bcff9249a140c30c9740cc45
Opcode Fuzzy Hash: 3d33043824fce4a4014659a78a1d94d6de8286d3079bd0d0fa572905f8048675
Instruction Fuzzy Hash: C0026A75914119EFDB14DFA8DC99EAEBBB9FB49310F008158F915AB2A1CB30AD01DF60

Function 0094356B Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,0094F910), ref: 00943627
IsWindowVisible.USER32(?), ref: 0094364B

Strings

EDITPASTE, xrefs: 0094395F
CURRENTTAB, xrefs: 009436BD
FINDSTRING, xrefs: 00943776
SHOWDROPDOWN, xrefs: 009436E0
GETCURRENTSELECTION, xrefs: 009437E3
SENDCOMMANDID, xrefs: 009439DA
ISENABLED, xrefs: 0094366B
HIDEDROPDOWN, xrefs: 00943700
ISCHECKED, xrefs: 00943839
GETSELECTED, xrefs: 009438A3
GETCURRENTCOL, xrefs: 00943928
TABLEFT, xrefs: 00943687
GETCURRENTLINE, xrefs: 009438ED
UNCHECK, xrefs: 00943883
GETLINE, xrefs: 0094399B
GETLINECOUNT, xrefs: 009438C6
TABRIGHT, xrefs: 0094369D
SETCURRENTSELECTION, xrefs: 009437B6
SELECTSTRING, xrefs: 00943806
ISVISIBLE, xrefs: 00943637
ADDSTRING, xrefs: 00943716
DELSTRING, xrefs: 00943749
CHECK, xrefs: 0094386D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharUpperVisibleWindow
String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
API String ID: 4105515805-45149045
Opcode ID: 6796fd3369a13a205981cfe0ef0f123a5a4e6501b0f3a2c45ba93e9fe3c078f5
Instruction ID: c2b35bbf05b5ef9f9a4d879e51229fd4187050911e2b857e94ddf78d992ff1bc
Opcode Fuzzy Hash: 6796fd3369a13a205981cfe0ef0f123a5a4e6501b0f3a2c45ba93e9fe3c078f5
Instruction Fuzzy Hash: 8FD180312043059BCB14EF24C456E6E77E5FF95354F158868F8869B3A2DB31EE8ACB42

Function 0094A5DA Relevance: 49.8, APIs: 33, Instructions: 260COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 0094A630
GetSysColorBrush.USER32(0000000F), ref: 0094A661
GetSysColor.USER32(0000000F), ref: 0094A66D
SetBkColor.GDI32(?,000000FF), ref: 0094A687
SelectObject.GDI32(?,00000000), ref: 0094A696
InflateRect.USER32(?,000000FF,000000FF), ref: 0094A6C1
GetSysColor.USER32(00000010), ref: 0094A6C9
CreateSolidBrush.GDI32(00000000), ref: 0094A6D0
FrameRect.USER32(?,?,00000000), ref: 0094A6DF
DeleteObject.GDI32(00000000), ref: 0094A6E6
InflateRect.USER32(?,000000FE,000000FE), ref: 0094A731
FillRect.USER32(?,?,00000000), ref: 0094A763
GetWindowLongW.USER32(?,000000F0), ref: 0094A78E

Part of subcall function 0094A8CA: GetSysColor.USER32(00000012), ref: 0094A903
Part of subcall function 0094A8CA: SetTextColor.GDI32(?,?), ref: 0094A907
Part of subcall function 0094A8CA: GetSysColorBrush.USER32(0000000F), ref: 0094A91D
Part of subcall function 0094A8CA: GetSysColor.USER32(0000000F), ref: 0094A928
Part of subcall function 0094A8CA: GetSysColor.USER32(00000011), ref: 0094A945
Part of subcall function 0094A8CA: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0094A953
Part of subcall function 0094A8CA: SelectObject.GDI32(?,00000000), ref: 0094A964
Part of subcall function 0094A8CA: SetBkColor.GDI32(?,00000000), ref: 0094A96D
Part of subcall function 0094A8CA: SelectObject.GDI32(?,?), ref: 0094A97A
Part of subcall function 0094A8CA: InflateRect.USER32(?,000000FF,000000FF), ref: 0094A999
Part of subcall function 0094A8CA: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0094A9B0
Part of subcall function 0094A8CA: GetWindowLongW.USER32(00000000,000000F0), ref: 0094A9C5
Part of subcall function 0094A8CA: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0094A9ED

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
String ID:
API String ID: 3521893082-0
Opcode ID: ef63f8cff532627f9eaadd3fbe01c26844c4b8dcb54e89454bc396b902e80253
Instruction ID: 6662c8d74b6c42d7f138e2628ae18919b68b12ef393fe488e3eb80d03cca8288
Opcode Fuzzy Hash: ef63f8cff532627f9eaadd3fbe01c26844c4b8dcb54e89454bc396b902e80253
Instruction Fuzzy Hash: AA918B76418302EFDB109F64DC08E6BBBA9FF8A321F100B29F962961A1D774D944DB52

Function 009374AB Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 009374DE
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0093759D
SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 009375DB
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 009375ED
CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00937633
GetClientRect.USER32(00000000,?), ref: 0093763F
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00937683
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00937692
GetStockObject.GDI32(00000011), ref: 009376A2
SelectObject.GDI32(00000000,00000000), ref: 009376A6
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 009376B6
GetDeviceCaps.GDI32(00000000,0000005A), ref: 009376BF
DeleteDC.GDI32(00000000), ref: 009376C8
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 009376F4
SendMessageW.USER32(00000030,00000000,00000001), ref: 0093770B
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00937746
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0093775A
SendMessageW.USER32(00000404,00000001,00000000), ref: 0093776B
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0093779B
GetStockObject.GDI32(00000011), ref: 009377A6
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 009377B1
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 009377BB

Strings

AutoIt v3, xrefs: 0093762B
DISPLAY, xrefs: 00937688
msctls_progress32, xrefs: 0093773C
static, xrefs: 0093767D, 00937795

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 3a2918dd3c5e23edf81807162732332b443b12932b60c8d0ccea6d16165f99dc
Instruction ID: 16af3074ea69fecdeb2145f64e53e226907cd3756447998622297afd96f592f1
Opcode Fuzzy Hash: 3a2918dd3c5e23edf81807162732332b443b12932b60c8d0ccea6d16165f99dc
Instruction Fuzzy Hash: 66A171B5A54615BFEB14DBA4DC4AFAEBBB9EB09710F004114FA15E72E0CA70AD00DB60

Function 0092AD10 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0092AD1E
GetDriveTypeW.KERNEL32(?,0094FAC0,?,\\.\,0094F910), ref: 0092ADFB
SetErrorMode.KERNEL32(00000000,0094FAC0,?,\\.\,0094F910), ref: 0092AF59

Strings

SAS, xrefs: 0092AF05
Removable, xrefs: 0092AE4D
SATA, xrefs: 0092AF0C
ATAPI, xrefs: 0092AECD
RAMDisk, xrefs: 0092AE25
iSCSI, xrefs: 0092AEFE
SSD, xrefs: 0092AE86
Fibre, xrefs: 0092AEE9
MMC, xrefs: 0092AF1A
Virtual, xrefs: 0092AF21
CDROM, xrefs: 0092AE2F
PhysicalDrive, xrefs: 0092ADA7
Unknown, xrefs: 0092AE1B, 0092AEBF
SSA, xrefs: 0092AEE2
SCSI, xrefs: 0092AEC6
\\.\, xrefs: 0092AD70
RAID, xrefs: 0092AEF7
Network, xrefs: 0092AE39
FileBackedVirtual, xrefs: 0092AF28
1394, xrefs: 0092AEDB
ATA, xrefs: 0092AED4
USB, xrefs: 0092AEF0
Fixed, xrefs: 0092AE43

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 29a0e8d36c23adce0ee83887d0085c7348ddc0fc1d7d961d5f0421e1dfca6a51
Instruction ID: f996f4cd5f64c85d705b246790c1e4544cb1d83848dc9282ab72cf5ae286b3db
Opcode Fuzzy Hash: 29a0e8d36c23adce0ee83887d0085c7348ddc0fc1d7d961d5f0421e1dfca6a51
Instruction Fuzzy Hash: E951C4B3688215EB8B04DB14EA56DFE73B5FB88714B60845BE40BE7294DA38DD01DB43

Function 008C68DC Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 008C6931
__wcsnicmp.LIBCMT ref: 008C6949
__wcsnicmp.LIBCMT ref: 008C6961
__wcsnicmp.LIBCMT ref: 008C6979
__wcsnicmp.LIBCMT ref: 008C6991
__wcsnicmp.LIBCMT ref: 008C69A9
__wcsnicmp.LIBCMT ref: 008C69C1
__wcsnicmp.LIBCMT ref: 008C69D5
__wcsnicmp.LIBCMT ref: 008C6A16
__wcsnicmp.LIBCMT ref: 008C6A2A
__wcsnicmp.LIBCMT ref: 008C6A3E
__wcsnicmp.LIBCMT ref: 008C6A52

Strings

#requireadmin, xrefs: 008C695B
Unterminated group of comments, xrefs: 008FE403
#OnAutoItStartRegister, xrefs: 008C6973
Bad directive syntax error, xrefs: 008FE31A
Cannot parse #include, xrefs: 008FE3F0
#comments-start, xrefs: 008C69BB, 008C6A10
#include-once, xrefs: 008C698B
#pragma compile, xrefs: 008C692B
#ce, xrefs: 008C6A4C
#notrayicon, xrefs: 008C6943
#include, xrefs: 008C69A3
#cs, xrefs: 008C69CF, 008C6A24
#comments-end, xrefs: 008C6A38

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 1038674560-86951937
Opcode ID: 8153b756f95d8ac50da3720b6cb31bfa7f098f535cfa55f6dc0d54f0d91ac1e2
Instruction ID: 6297d2604761c2e4b5aae9dfa248dca6e252d30f8182ef14691633bbec0b3955
Opcode Fuzzy Hash: 8153b756f95d8ac50da3720b6cb31bfa7f098f535cfa55f6dc0d54f0d91ac1e2
Instruction Fuzzy Hash: 9D81F6B16002197ACB10AA65EC46FBA3B78FF1A714F144039F905EB192FB70DE65C662

Function 00949A1C Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000103,?,?,?), ref: 00949AD2
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00949B8B
SendMessageW.USER32(?,00001102,00000002,?), ref: 00949BA7

Strings

0, xrefs: 00949BE4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$Window
String ID: 0
API String ID: 2326795674-4108050209
Opcode ID: 47fdafc090f6c9811fa1674840b98d5b7711cb3637f0faef8a4d937eb2de09d4
Instruction ID: 04ca28dceb064fb309aedba4a3c2090afe8a8a8e49b99d7fdcad80b394176730
Opcode Fuzzy Hash: 47fdafc090f6c9811fa1674840b98d5b7711cb3637f0faef8a4d937eb2de09d4
Instruction Fuzzy Hash: A302CD30108201AFD725CF25C899FABBBE9FF8A314F04892DF999D62A1C734D944DB52

Function 0094A8CA Relevance: 39.2, APIs: 26, Instructions: 187windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 0094A903
SetTextColor.GDI32(?,?), ref: 0094A907
GetSysColorBrush.USER32(0000000F), ref: 0094A91D
GetSysColor.USER32(0000000F), ref: 0094A928
CreateSolidBrush.GDI32(?), ref: 0094A92D
GetSysColor.USER32(00000011), ref: 0094A945
CreatePen.GDI32(00000000,00000001,00743C00), ref: 0094A953
SelectObject.GDI32(?,00000000), ref: 0094A964
SetBkColor.GDI32(?,00000000), ref: 0094A96D
SelectObject.GDI32(?,?), ref: 0094A97A
InflateRect.USER32(?,000000FF,000000FF), ref: 0094A999
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0094A9B0
GetWindowLongW.USER32(00000000,000000F0), ref: 0094A9C5
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0094A9ED
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0094AA14
InflateRect.USER32(?,000000FD,000000FD), ref: 0094AA32
DrawFocusRect.USER32(?,?), ref: 0094AA3D
GetSysColor.USER32(00000011), ref: 0094AA4B
SetTextColor.GDI32(?,00000000), ref: 0094AA53
DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0094AA67
SelectObject.GDI32(?,0094A5FA), ref: 0094AA7E
DeleteObject.GDI32(?), ref: 0094AA89
SelectObject.GDI32(?,?), ref: 0094AA8F
DeleteObject.GDI32(?), ref: 0094AA94
SetTextColor.GDI32(?,?), ref: 0094AA9A
SetBkColor.GDI32(?,?), ref: 0094AAA4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 9032fbfde34aeefde0ee21c58c20e57808551a1671b05449637aa2254753bb16
Instruction ID: 50406f9ead7fe708fa270d77aac306eb742c3df358919a0990fdaf52b5434305
Opcode Fuzzy Hash: 9032fbfde34aeefde0ee21c58c20e57808551a1671b05449637aa2254753bb16
Instruction Fuzzy Hash: 78515975904209FFDF109FA4DC48EAEBBB9EF09320F214625F911AB2A1D7759940EF90

Function 009489D5 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00948AC1
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00948AD2
CharNextW.USER32(0000014E), ref: 00948B01
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00948B42
SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00948B58
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00948B69
SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00948B86
SetWindowTextW.USER32(?,0000014E), ref: 00948BD8
SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00948BEE
SendMessageW.USER32(?,00001002,00000000,?), ref: 00948C1F
_memset.LIBCMT ref: 00948C44
SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00948C8D
_memset.LIBCMT ref: 00948CEC
SendMessageW.USER32(?,00001053,000000FF,?), ref: 00948D16
SendMessageW.USER32(?,00001074,?,00000001), ref: 00948D6E
SendMessageW.USER32(?,0000133D,?,?), ref: 00948E1B
InvalidateRect.USER32(?,00000000,00000001), ref: 00948E3D
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00948E87
SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00948EB4
DrawMenuBar.USER32(?), ref: 00948EC3
SetWindowTextW.USER32(?,0000014E), ref: 00948EEB

Strings

0, xrefs: 00948E55

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
String ID: 0
API String ID: 1073566785-4108050209
Opcode ID: 9e8e9fb4bd60f44e99009074b3cd860b75d1d5e981357c73183e0cb3646325a5
Instruction ID: 6d44ae9ca0a3478ce1e31307f4f77beaa749b52f4afb510ce0c5fca0b869de25
Opcode Fuzzy Hash: 9e8e9fb4bd60f44e99009074b3cd860b75d1d5e981357c73183e0cb3646325a5
Instruction Fuzzy Hash: 03E1AE74905209AFDB209F64CC84EEF7BB9FF06714F108156F919AA290DBB49A84DF60

Function 0094488F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 009449CA
GetDesktopWindow.USER32 ref: 009449DF
GetWindowRect.USER32(00000000), ref: 009449E6
GetWindowLongW.USER32(?,000000F0), ref: 00944A48
DestroyWindow.USER32(?), ref: 00944A74
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00944A9D
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00944ABB
SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00944AE1
SendMessageW.USER32(?,00000421,?,?), ref: 00944AF6
SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00944B09
IsWindowVisible.USER32(?), ref: 00944B29
SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00944B44
SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00944B58
GetWindowRect.USER32(?,?), ref: 00944B70
MonitorFromPoint.USER32(?,?,00000002), ref: 00944B96
GetMonitorInfoW.USER32(00000000,?), ref: 00944BB0
CopyRect.USER32(?,?), ref: 00944BC7
SendMessageW.USER32(?,00000412,00000000), ref: 00944C32

Strings

tooltips_class32, xrefs: 00944A96
0, xrefs: 00944975
(, xrefs: 00944BA3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 162441f6fac15ecb6b72cceabccc87cfb9a4c87e69050c96882cb1f7a2ea3ed0
Instruction ID: fe6bf7f3b16e3ee73b7e6b351b7cdec81de4c74716ec72b1f04c3a221c25272d
Opcode Fuzzy Hash: 162441f6fac15ecb6b72cceabccc87cfb9a4c87e69050c96882cb1f7a2ea3ed0
Instruction Fuzzy Hash: BCB15971608341AFDB04DF68C849F6ABBE4FB89714F00891CF9999B2A1DB71E805CB56

Function 0092449A Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 009244AC
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 009244D2
_wcscpy.LIBCMT ref: 00924500
_wcscmp.LIBCMT ref: 0092450B
_wcscat.LIBCMT ref: 00924521
_wcsstr.LIBCMT ref: 0092452C
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00924548
_wcscat.LIBCMT ref: 00924591
_wcscat.LIBCMT ref: 00924598
_wcsncpy.LIBCMT ref: 009245C3

Strings

\VarFileInfo\Translation, xrefs: 00924540
%u.%u.%u.%u, xrefs: 00924626
DefaultLangCodepage, xrefs: 009245AB
StringFileInfo\, xrefs: 0092451B
04090000, xrefs: 0092457E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 699586101-1459072770
Opcode ID: edc3fa6681ab0bfa5da50281e63a2b1939f3f9f4409a24ffaeb6cfc8d33e6de5
Instruction ID: 0a43f4c47f3f334a555a5ab220a6f5c54e82afef0f2730fa3629bdf545526d5e
Opcode Fuzzy Hash: edc3fa6681ab0bfa5da50281e63a2b1939f3f9f4409a24ffaeb6cfc8d33e6de5
Instruction Fuzzy Hash: C0411B326402557BDB10BB79DC07EBF77ACFF43710F000566F905E6182EB749A0196A6

Function 008C27D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008C28BC
GetSystemMetrics.USER32(00000007), ref: 008C28C4
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 008C28EF
GetSystemMetrics.USER32(00000008), ref: 008C28F7
GetSystemMetrics.USER32(00000004), ref: 008C291C
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008C2939
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008C2949
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 008C297C
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 008C2990
GetClientRect.USER32(00000000,000000FF), ref: 008C29AE
GetStockObject.GDI32(00000011), ref: 008C29CA
SendMessageW.USER32(00000000,00000030,00000000), ref: 008C29D5

Part of subcall function 008C2344: GetCursorPos.USER32(?), ref: 008C2357
Part of subcall function 008C2344: ScreenToClient.USER32(009857B0,?), ref: 008C2374
Part of subcall function 008C2344: GetAsyncKeyState.USER32(00000001), ref: 008C2399
Part of subcall function 008C2344: GetAsyncKeyState.USER32(00000002), ref: 008C23A7

SetTimer.USER32(00000000,00000000,00000028,008C1256), ref: 008C29FC

Strings

AutoIt v3 GUI, xrefs: 008C2974

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI
API String ID: 1458621304-248962490
Opcode ID: 0638632e305e07d171bd9dbab9bf002267497543d6be061787a0fc95a8d77c6c
Instruction ID: 65c4b03a56e369d4cf9ea041f4bab21e6e0f0b89f7246e825481b84c5308dfc5
Opcode Fuzzy Hash: 0638632e305e07d171bd9dbab9bf002267497543d6be061787a0fc95a8d77c6c
Instruction Fuzzy Hash: 31B17534A0020AEFDB14DFA8CD55FAA7BB4FB08314F118229FA15E62E0DB74E840DB50

Function 00943DE2 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00943E6F
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00943F2F

Strings

ISSELECTED, xrefs: 00943F3A
SELECTINVERT, xrefs: 00943FFF
SELECTCLEAR, xrefs: 00943FAE
DESELECT, xrefs: 0094401D
FINDITEM, xrefs: 009440A2
GETSELECTEDCOUNT, xrefs: 00943F12
GETITEMCOUNT, xrefs: 00943EA1
GETTEXT, xrefs: 00943ED8
GETSELECTED, xrefs: 0094405D
VIEWCHANGE, xrefs: 009440EE
GETSUBITEMCOUNT, xrefs: 00943EBA
SELECT, xrefs: 00943FC9
SELECTALL, xrefs: 00943F96

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 3974292440-719923060
Opcode ID: 89ed1f33e0591d766654701d1efca324594e3fc8d774c3cc968153742b0249f8
Instruction ID: 874847105c0d6424b11305dc6a6e702b86d17873a826de57de3ceef8a0c6d072
Opcode Fuzzy Hash: 89ed1f33e0591d766654701d1efca324594e3fc8d774c3cc968153742b0249f8
Instruction Fuzzy Hash: 9CA17E312143419BDB14EF24C856F6AB3E5FF95314F10886CF8A69B292DB30ED49CB42

Function 0091A439 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 0091A47A
__swprintf.LIBCMT ref: 0091A51B
_wcscmp.LIBCMT ref: 0091A52E
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0091A583
_wcscmp.LIBCMT ref: 0091A5BF
GetClassNameW.USER32(?,?,00000400), ref: 0091A5F6
GetDlgCtrlID.USER32(?), ref: 0091A648
GetWindowRect.USER32(?,?), ref: 0091A67E
GetParent.USER32(?), ref: 0091A69C
ScreenToClient.USER32(00000000), ref: 0091A6A3
GetClassNameW.USER32(?,?,00000100), ref: 0091A71D
_wcscmp.LIBCMT ref: 0091A731
GetWindowTextW.USER32(?,?,00000400), ref: 0091A757
_wcscmp.LIBCMT ref: 0091A76B

Part of subcall function 008E362C: _iswctype.LIBCMT ref: 008E3634

Strings

%s%u, xrefs: 0091A515

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
String ID: %s%u
API String ID: 3744389584-679674701
Opcode ID: 1b4159619154fce0e799340b4707ba1e03376b5c813989eb6ebf4a482014937b
Instruction ID: 1c491cf57d88740be8a97813be7a5288515cc2774f99e9cb820e0e7c001bfd8c
Opcode Fuzzy Hash: 1b4159619154fce0e799340b4707ba1e03376b5c813989eb6ebf4a482014937b
Instruction Fuzzy Hash: 71A1AC3170520AABDB15DE64C884FEAB7ECFF44354F048529F999C2190DB34EE95CB92

Function 0091AED4 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(00000008,?,00000400), ref: 0091AF18
_wcscmp.LIBCMT ref: 0091AF29
GetWindowTextW.USER32(00000001,?,00000400), ref: 0091AF51
CharUpperBuffW.USER32(?,00000000), ref: 0091AF6E
_wcscmp.LIBCMT ref: 0091AF8C
_wcsstr.LIBCMT ref: 0091AF9D
GetClassNameW.USER32(00000018,?,00000400), ref: 0091AFD5
_wcscmp.LIBCMT ref: 0091AFE5
GetWindowTextW.USER32(00000002,?,00000400), ref: 0091B00C
GetClassNameW.USER32(00000018,?,00000400), ref: 0091B055
_wcscmp.LIBCMT ref: 0091B065
GetClassNameW.USER32(00000010,?,00000400), ref: 0091B08D
GetWindowRect.USER32(00000004,?), ref: 0091B0F6

Strings

ThumbnailClass, xrefs: 0091AFE0, 0091B060
@, xrefs: 0091AEF9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
String ID: @$ThumbnailClass
API String ID: 1788623398-1539354611
Opcode ID: 8af47c2bbf61999ca52f23f5faee17a674c43293e3f4e6b1509efac0f7686cc8
Instruction ID: b006dfe4da159d8d505ca206a6cea72ce2db7e213fb3a525cb96a8cf27e6cd5f
Opcode Fuzzy Hash: 8af47c2bbf61999ca52f23f5faee17a674c43293e3f4e6b1509efac0f7686cc8
Instruction Fuzzy Hash: A881C371208209AFDB00DF14C885FAA7BEDFF44314F04846AFD958A195DB34DD8ACB62

Function 0091ABD4 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 0091AC33

Strings

[REGEXPTITLE:, xrefs: 0091AC5B
ACTIVE, xrefs: 0091AC0E
ALL, xrefs: 0091ACC7
[LAST, xrefs: 0091ACE0
[CLASS:, xrefs: 0091AC83
[HANDLE:, xrefs: 0091AC3F
LAST, xrefs: 0091ABF8
HANDLE=, xrefs: 0091AC2C
[ALL, xrefs: 0091ACD9
REGEXP=, xrefs: 0091AC48
CLASSNAME=, xrefs: 0091AC70
[ACTIVE, xrefs: 0091AC20

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __wcsnicmp
String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
API String ID: 1038674560-1810252412
Opcode ID: 57dcf07a200f7678e8e4b15021a7be44bbc4d3edef44c81c8193711deaa3bb65
Instruction ID: c4622459e546fb1607f33e811b5cf6864290fae79738367d60b7c05135d22b71
Opcode Fuzzy Hash: 57dcf07a200f7678e8e4b15021a7be44bbc4d3edef44c81c8193711deaa3bb65
Instruction Fuzzy Hash: 72318631648209AAEA14EAA8DE03FEEB778FF60714F604429F445B10D1EF71AF44C993

Function 00934FFD Relevance: 25.6, APIs: 17, Instructions: 110COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F8A), ref: 00935013
LoadCursorW.USER32(00000000,00007F00), ref: 0093501E
LoadCursorW.USER32(00000000,00007F03), ref: 00935029
LoadCursorW.USER32(00000000,00007F8B), ref: 00935034
LoadCursorW.USER32(00000000,00007F01), ref: 0093503F
LoadCursorW.USER32(00000000,00007F81), ref: 0093504A
LoadCursorW.USER32(00000000,00007F88), ref: 00935055
LoadCursorW.USER32(00000000,00007F80), ref: 00935060
LoadCursorW.USER32(00000000,00007F86), ref: 0093506B
LoadCursorW.USER32(00000000,00007F83), ref: 00935076
LoadCursorW.USER32(00000000,00007F85), ref: 00935081
LoadCursorW.USER32(00000000,00007F82), ref: 0093508C
LoadCursorW.USER32(00000000,00007F84), ref: 00935097
LoadCursorW.USER32(00000000,00007F04), ref: 009350A2
LoadCursorW.USER32(00000000,00007F02), ref: 009350AD
LoadCursorW.USER32(00000000,00007F89), ref: 009350B8
GetCursorInfo.USER32(?), ref: 009350C8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Cursor$Load$Info
String ID:
API String ID: 2577412497-0
Opcode ID: 54da6a6447e1c6bf10b671e04d6be928b7b0449e18737adefd94ff7055a71dff
Instruction ID: 722270940691f3d41bc07a1e34f158cf34233de266a920f613b396ea591b73ac
Opcode Fuzzy Hash: 54da6a6447e1c6bf10b671e04d6be928b7b0449e18737adefd94ff7055a71dff
Instruction Fuzzy Hash: A231F4B1D4831A6ADF109FB68C8996EBFE8FF08750F51453AE50DE7280DA79A5008F91

Function 0094A1B9 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0094A259
DestroyWindow.USER32(?,?), ref: 0094A2D3

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0094A34D
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0094A36F
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0094A382
DestroyWindow.USER32(00000000), ref: 0094A3A4
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,008C0000,00000000), ref: 0094A3DB
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0094A3F4
GetDesktopWindow.USER32 ref: 0094A40D
GetWindowRect.USER32(00000000), ref: 0094A414
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0094A42C
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0094A444

Part of subcall function 008C25DB: GetWindowLongW.USER32(?,000000EB), ref: 008C25EC

Strings

tooltips_class32, xrefs: 0094A346, 0094A3D4
0, xrefs: 0094A26F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
String ID: 0$tooltips_class32
API String ID: 1297703922-3619404913
Opcode ID: 86a8d12da89c644013b094e8c2dccf9f2a705fbcde859ce37a167da3c4a4c8c7
Instruction ID: b13f4dc1818f34b93f6e763a12555bf8572dec47ae943b50a967eb6135a11f3f
Opcode Fuzzy Hash: 86a8d12da89c644013b094e8c2dccf9f2a705fbcde859ce37a167da3c4a4c8c7
Instruction Fuzzy Hash: 9871CC74194205AFD725CF28CC48F6A7BEAFB89304F05492DF9858B2B0D7B4E906DB52

Function 0094C5FE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

DragQueryPoint.SHELL32(?,?), ref: 0094C627

Part of subcall function 0094AB37: ClientToScreen.USER32(?,?), ref: 0094AB60
Part of subcall function 0094AB37: GetWindowRect.USER32(?,?), ref: 0094ABD6
Part of subcall function 0094AB37: PtInRect.USER32(?,?,0094C014), ref: 0094ABE6

SendMessageW.USER32(?,000000B0,?,?), ref: 0094C690
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0094C69B
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0094C6BE
_wcscat.LIBCMT ref: 0094C6EE
SendMessageW.USER32(?,000000C2,00000001,?), ref: 0094C705
SendMessageW.USER32(?,000000B0,?,?), ref: 0094C71E
SendMessageW.USER32(?,000000B1,?,?), ref: 0094C735
SendMessageW.USER32(?,000000B1,?,?), ref: 0094C757
DragFinish.SHELL32(?), ref: 0094C75E
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0094C851

Strings

@GUI_DROPID, xrefs: 0094C77E
@GUI_DRAGID, xrefs: 0094C7C9
@GUI_DRAGFILE, xrefs: 0094C800

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 169749273-3440237614
Opcode ID: c34518bdaa8060e735ed19e14275a191afd1342abd7e28ff9a568ceb8a1f2652
Instruction ID: 47f11a34078eb712744abcac744cf3fecdf858d52e1149bc73777525322785b8
Opcode Fuzzy Hash: c34518bdaa8060e735ed19e14275a191afd1342abd7e28ff9a568ceb8a1f2652
Instruction Fuzzy Hash: 46615971108301AFC701EF64DC85EABBBF8FF89750F00492EF595962A1DB30A949CB52

Function 00944392 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00944424
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0094446F

Strings

UNCHECK, xrefs: 0094464B
EXPAND, xrefs: 00944521
COLLAPSE, xrefs: 009444B5
SELECT, xrefs: 00944620
GETTOTALCOUNT, xrefs: 00944456
EXISTS, xrefs: 009444D8
ISCHECKED, xrefs: 009445F2
CHECK, xrefs: 0094448F
GETITEMCOUNT, xrefs: 00944551
GETSELECTED, xrefs: 0094457F
GETTEXT, xrefs: 009445C2

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 3974292440-4258414348
Opcode ID: 0898a946c92d00e5a6000aa2fa8699c65383ab0ad7314997346ce6fe1daeec1a
Instruction ID: 5ec1fa89e8ae665cb40db53a8534d2f37f2a79ce7df68db52147f6bf75bd3a68
Opcode Fuzzy Hash: 0898a946c92d00e5a6000aa2fa8699c65383ab0ad7314997346ce6fe1daeec1a
Instruction Fuzzy Hash: D89138312047119BCA14EF14C451F6EB7E5FF95754F0588ACE89A9B2A2CB34ED4ACB82

Function 0094B7FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0094B8B4
LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,009491C2), ref: 0094B910
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0094B949
LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 0094B98C
LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0094B9C3
FreeLibrary.KERNEL32(?), ref: 0094B9CF
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0094B9DF
DestroyIcon.USER32(?,?,?,?,?,009491C2), ref: 0094B9EE
SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0094BA0B
SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0094BA17

Part of subcall function 008E2EFD: __wcsicmp_l.LIBCMT ref: 008E2F86

Strings

.icl, xrefs: 0094B82A
.dll, xrefs: 0094B86D
.exe, xrefs: 0094B84A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
String ID: .dll$.exe$.icl
API String ID: 1212759294-1154884017
Opcode ID: a91cdf2c8b9e5445053183b9b337f7c5911179bb9115eb6a674ff5081f374387
Instruction ID: b74b03bd63e8feb13e7ffaf2823623e64d0a52396e17236a2f6e7c75405e5b64
Opcode Fuzzy Hash: a91cdf2c8b9e5445053183b9b337f7c5911179bb9115eb6a674ff5081f374387
Instruction Fuzzy Hash: 96610E71904219BAEB14DF68CC45FBE7BACFB09724F104519FA15D61C0DB74E980EBA0

Function 0092DC1A Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 0092DCDC
SystemTimeToFileTime.KERNEL32(?,?), ref: 0092DCEC
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0092DCF8
__wsplitpath.LIBCMT ref: 0092DD56
_wcscat.LIBCMT ref: 0092DD6E
_wcscat.LIBCMT ref: 0092DD80
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0092DD95
SetCurrentDirectoryW.KERNEL32(?), ref: 0092DDA9
SetCurrentDirectoryW.KERNEL32(?), ref: 0092DDDB
SetCurrentDirectoryW.KERNEL32(?), ref: 0092DDFC
_wcscpy.LIBCMT ref: 0092DE08
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0092DE47

Strings

*.*, xrefs: 0092DE02

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
String ID: *.*
API String ID: 3566783562-438819550
Opcode ID: 43f361916bc8cb9f0e1879fe15bb7c5e683509413a56d294217bb41b94d85739
Instruction ID: 9681a847aede51fb95f9c6a143dcebacf7db2043af6c08e6d220fda9e551ebc9
Opcode Fuzzy Hash: 43f361916bc8cb9f0e1879fe15bb7c5e683509413a56d294217bb41b94d85739
Instruction Fuzzy Hash: 066179725042559FCB10EF24D844EAEB3E8FF89310F04896DF989C7251DB31EA45CB92

Function 00929C38 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00929C7F

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00929CA0
__swprintf.LIBCMT ref: 00929CF9
__swprintf.LIBCMT ref: 00929D12
_wprintf.LIBCMT ref: 00929DB9
_wprintf.LIBCMT ref: 00929DD7

Strings

^ ERROR , xrefs: 00929D4E
Incorrect parameters to object property !, xrefs: 00929D5B
Error: , xrefs: 00929D81
"%s" (%d) : ==> %s:, xrefs: 00929DD2
Line %d (File "%s"):, xrefs: 00929CF3, 00929D0C
"%s" (%d) : ==> %s:%s%s, xrefs: 00929DB4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LoadString__swprintf_wprintf$_memmove
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 311963372-3080491070
Opcode ID: e255de4970dc8150516c31e9e9145b765f9d98e9e69dca082b78df33f5adc3d7
Instruction ID: 60db3f22c9383b72998ce03983bc4fff566dd214d31908cd0cd975d1a1dfc5a0
Opcode Fuzzy Hash: e255de4970dc8150516c31e9e9145b765f9d98e9e69dca082b78df33f5adc3d7
Instruction Fuzzy Hash: 96518F3290051AAACF14EBE4DD46EEEBB78FF14300F504069F519B21A1EB316E58DF62

Function 0092A352 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

CharLowerBuffW.USER32(?,?), ref: 0092A3CB
GetDriveTypeW.KERNEL32 ref: 0092A418
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0092A460
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0092A497
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0092A4C5

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

Strings

open, xrefs: 0092A3F2
open , xrefs: 0092A427
closed, xrefs: 0092A3DF, 0092A3E8
type cdaudio alias cd wait, xrefs: 0092A443
wait, xrefs: 0092A482
set cd door , xrefs: 0092A466
close cd wait, xrefs: 0092A4B0
close, xrefs: 0092A3D1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 2698844021-4113822522
Opcode ID: e68dc981ff122b4d6133f824fd96b996bdbefd30027569a583506f43ee29fda4
Instruction ID: d8a1071c1d316820c1704894c4a30e7cd30f68ca2df43fcf972f4c138b878f3d
Opcode Fuzzy Hash: e68dc981ff122b4d6133f824fd96b996bdbefd30027569a583506f43ee29fda4
Instruction Fuzzy Hash: D05139721082059FC700EF18D895D6AB7F8FF98718F00886DF89A97261DB71ED0ACB52

Function 0091F8AA Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,00000000,?,008FE029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000), ref: 0091F8DF
LoadStringW.USER32(00000000,?,008FE029,00000001), ref: 0091F8E8

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

GetModuleHandleW.KERNEL32(00000000,00985310,?,00000FFF,?,?,008FE029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000,00000001), ref: 0091F90A
LoadStringW.USER32(00000000,?,008FE029,00000001), ref: 0091F90D
__swprintf.LIBCMT ref: 0091F95D
__swprintf.LIBCMT ref: 0091F96E
_wprintf.LIBCMT ref: 0091FA17
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0091FA2E

Strings

Line %d:, xrefs: 0091F968
^ ERROR, xrefs: 0091F9C3
Error: , xrefs: 0091F9E5
%s (%d) : ==> %s: %s %s, xrefs: 0091FA12
Line %d (File "%s"):, xrefs: 0091F957

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 984253442-2268648507
Opcode ID: ff05b1521efb6b556fdf701a8e7090447385eafeca67e9539ec14e62f4e06df4
Instruction ID: 11a5ed96c5ecdba44fe0fdf558ebb31819b45f51f4f6a332433a04f2ef82dc7b
Opcode Fuzzy Hash: ff05b1521efb6b556fdf701a8e7090447385eafeca67e9539ec14e62f4e06df4
Instruction Fuzzy Hash: 42411E7290410DAACF04FBE4DD56EEEB778FF58310F500069B505B60A2EA35AF49CB62

Function 0094BA33 Relevance: 22.6, APIs: 15, Instructions: 130filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00949207,?,?), ref: 0094BA56
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00949207,?,?,00000000,?), ref: 0094BA6D
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00949207,?,?,00000000,?), ref: 0094BA78
CloseHandle.KERNEL32(00000000,?,?,?,?,00949207,?,?,00000000,?), ref: 0094BA85
GlobalLock.KERNEL32(00000000), ref: 0094BA8E
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00949207,?,?,00000000,?), ref: 0094BA9D
GlobalUnlock.KERNEL32(00000000), ref: 0094BAA6
CloseHandle.KERNEL32(00000000,?,?,?,?,00949207,?,?,00000000,?), ref: 0094BAAD
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00949207,?,?,00000000,?), ref: 0094BABE
OleLoadPicture.OLEAUT32(?,00000000,00000000,00952CAC,?), ref: 0094BAD7
GlobalFree.KERNEL32(00000000), ref: 0094BAE7
GetObjectW.GDI32(00000000,00000018,?), ref: 0094BB0B
CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 0094BB36
DeleteObject.GDI32(00000000), ref: 0094BB5E
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0094BB74

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 32411134c1352a8293e983b8e72724ae9b91fa8e8ab80242b1d7d6656438fdfd
Instruction ID: eb17ada00953f939b5d7f48f24114bc669faba9eda52f083e51d5ebe1d9cffdc
Opcode Fuzzy Hash: 32411134c1352a8293e983b8e72724ae9b91fa8e8ab80242b1d7d6656438fdfd
Instruction Fuzzy Hash: 7E412779614209EFDB119F65DC98EABBBBCFB8A711F104068F909D7260D7709E01EB60

Function 0092D899 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

__wsplitpath.LIBCMT ref: 0092DA10
_wcscat.LIBCMT ref: 0092DA28
_wcscat.LIBCMT ref: 0092DA3A
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0092DA4F
SetCurrentDirectoryW.KERNEL32(?), ref: 0092DA63
GetFileAttributesW.KERNEL32(?), ref: 0092DA7B
SetFileAttributesW.KERNEL32(?,00000000), ref: 0092DA95
SetCurrentDirectoryW.KERNEL32(?), ref: 0092DAA7

Strings

*.*, xrefs: 0092DAE6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
String ID: *.*
API String ID: 34673085-438819550
Opcode ID: 60579d8e9dd3bdc2f8b82645ec2130191c8d3d0e781ec1f4303e7ae71cee95ca
Instruction ID: c49f00a10b9f1a778b7772d80efc6bc43b16ffeea8084cdd47d67f143181beda
Opcode Fuzzy Hash: 60579d8e9dd3bdc2f8b82645ec2130191c8d3d0e781ec1f4303e7ae71cee95ca
Instruction Fuzzy Hash: DD81A37550A3519FCB24DF68D844AAAB7E8FF89310F144C2EF889C7255E634DD84CB52

Function 0094C1AC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0094C1FC
GetFocus.USER32 ref: 0094C20C
GetDlgCtrlID.USER32(00000000), ref: 0094C217
_memset.LIBCMT ref: 0094C342
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 0094C36D
GetMenuItemCount.USER32(?), ref: 0094C38D
GetMenuItemID.USER32(?,00000000), ref: 0094C3A0
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 0094C3D4
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0094C41C
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0094C454
DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0094C489

Strings

0, xrefs: 0094C33A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
String ID: 0
API String ID: 1296962147-4108050209
Opcode ID: 8f2505c34b0ae29765899a171b6921eb0d304caa29b6a42cd3c1856d8a47fa59
Instruction ID: 0e81aa65df94dcaedc48507e280d918d430aed47bdc160a1fb0d8cae1aa2afbd
Opcode Fuzzy Hash: 8f2505c34b0ae29765899a171b6921eb0d304caa29b6a42cd3c1856d8a47fa59
Instruction Fuzzy Hash: 9181BCB020A301AFD750CF24C994E7BBBE8FB89314F00492EF995972A1D770D904CBA2

Function 0093731A Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 0093738F
CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0093739B
CreateCompatibleDC.GDI32(?), ref: 009373A7
SelectObject.GDI32(00000000,?), ref: 009373B4
StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00937408
GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00937444
GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00937468
SelectObject.GDI32(00000006,?), ref: 00937470
DeleteObject.GDI32(?), ref: 00937479
DeleteDC.GDI32(00000006), ref: 00937480
ReleaseDC.USER32(00000000,?), ref: 0093748B

Strings

(, xrefs: 00937410

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: c74f7c68006c2a47dfaf0ff0987e59d25f70f37f023296489a41b42632f1c434
Instruction ID: 90cdbce81e923dd3c6af54e2a5a927558887e3faf1a5cb40db76338f049ac49f
Opcode Fuzzy Hash: c74f7c68006c2a47dfaf0ff0987e59d25f70f37f023296489a41b42632f1c434
Instruction Fuzzy Hash: 925149B5904209EFCB24CFA9DC85EAEBBB9EF49310F14842DF95997210C771A940DF50

Function 008C6A8C Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 008E0957: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,008C6B0C,?,00008000), ref: 008E0973

Part of subcall function 008C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008C4743,?,?,008C37AE,?), ref: 008C4770

SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 008C6BAD
SetCurrentDirectoryW.KERNEL32(?), ref: 008C6CFA

Part of subcall function 008C586D: _wcscpy.LIBCMT ref: 008C58A5

Part of subcall function 008E363D: _iswctype.LIBCMT ref: 008E3645

Strings

AU3!, xrefs: 008C6B61
#include depth exceeded. Make sure there are no recursive includes, xrefs: 008FE421
EA06, xrefs: 008FE452
Unterminated string, xrefs: 008FE7E4
>>>AUTOIT SCRIPT<<<, xrefs: 008FE496
Bad directive syntax error, xrefs: 008FE79D
Error opening the file, xrefs: 008FE43D, 008FE4B8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
API String ID: 537147316-1018226102
Opcode ID: 5220962f936a400381c2344b5345bc01795071b04ed47bf343c2e569b3740eb6
Instruction ID: e84fd0867363c8853e9a63b853fb7234ca3dbf19cf9eccdf91e5b9d27df0ffa5
Opcode Fuzzy Hash: 5220962f936a400381c2344b5345bc01795071b04ed47bf343c2e569b3740eb6
Instruction Fuzzy Hash: 280258311083459BC724EF28C891EAEBBF5FF99314F14492DF586D72A1DA30E989CB52

Function 00922D36 Relevance: 19.7, APIs: 13, Instructions: 214windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00922D50
GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00922DDD
GetMenuItemCount.USER32(00985890), ref: 00922E66
DeleteMenu.USER32(00985890,00000005,00000000,000000F5,?,?), ref: 00922EF6
DeleteMenu.USER32(00985890,00000004,00000000), ref: 00922EFE
DeleteMenu.USER32(00985890,00000006,00000000), ref: 00922F06
DeleteMenu.USER32(00985890,00000003,00000000), ref: 00922F0E
GetMenuItemCount.USER32(00985890), ref: 00922F16
SetMenuItemInfoW.USER32(00985890,00000004,00000000,00000030), ref: 00922F4C
GetCursorPos.USER32(?), ref: 00922F56
SetForegroundWindow.USER32(00000000), ref: 00922F5F
TrackPopupMenuEx.USER32(00985890,00000000,?,00000000,00000000,00000000), ref: 00922F72
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00922F7E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
String ID:
API String ID: 3993528054-0
Opcode ID: fbd76732a20a9098d8080d3ae34f27a7745b5bd5052cf28a8bbda7eef460e4fd
Instruction ID: 29e3b30258b5b398d11f65b7e4cd479298c2d39c13bd8f1ade69548f636af744
Opcode Fuzzy Hash: fbd76732a20a9098d8080d3ae34f27a7745b5bd5052cf28a8bbda7eef460e4fd
Instruction Fuzzy Hash: B9712770604226BFEB218F54EC85FEABF68FF45324F100216F625AA1E5C7B55C20EB91

Function 009177DC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

_memset.LIBCMT ref: 0091786B
WNetAddConnection2W.MPR(?,?,?,00000000), ref: 009178A0
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 009178BC
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 009178D8
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00917902
CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 0091792A
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00917935
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0091793A

Strings

SOFTWARE\Classes\, xrefs: 0091780C
\IPC$, xrefs: 00917882
\CLSID, xrefs: 00917822

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 1411258926-22481851
Opcode ID: 071c7e9213541185f41224ffce3000db00d26026579ef8c8598f819b7adee092
Instruction ID: 2887ad1eefc2a2002c329569f9f34230afb9f479b0f253dd1295baa318261344
Opcode Fuzzy Hash: 071c7e9213541185f41224ffce3000db00d26026579ef8c8598f819b7adee092
Instruction Fuzzy Hash: BC410876D1422EABCF11EBA8DC95EEEB778FF54310F004069E905A3161DA319D48CF91

Function 00940E1A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093FDAD,?,?), ref: 00940E31

Strings

HKCR, xrefs: 00940ED9
HKCC, xrefs: 00940EFF
HKLM, xrefs: 00940EAF
HKEY_CURRENT_USER, xrefs: 00940F10
HKEY_LOCAL_MACHINE, xrefs: 00940E9A
HKCU, xrefs: 00940F21
HKU, xrefs: 00940F43
HKEY_CLASSES_ROOT, xrefs: 00940EC4
HKEY_USERS, xrefs: 00940F32
HKEY_CURRENT_CONFIG, xrefs: 00940EEE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 3964851224-909552448
Opcode ID: 6f8d1d425eb93c1608e661a432ea4af6d3cac1f1e4e6174df9d2a6107bf23873
Instruction ID: fceedf92d710108ad6d419edad81e6b9230a9dddcdd29f961a2f74594dfa04c6
Opcode Fuzzy Hash: 6f8d1d425eb93c1608e661a432ea4af6d3cac1f1e4e6174df9d2a6107bf23873
Instruction Fuzzy Hash: 6E417B3210035A8BCF20EF14D956EEF37A4FF92300F1448A4FD555B2A2DB74999ACBA1

Function 0091F7A1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008FE2A0,00000010,?,Bad directive syntax error,0094F910,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 0091F7C2
LoadStringW.USER32(00000000,?,008FE2A0,00000010), ref: 0091F7C9

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

_wprintf.LIBCMT ref: 0091F7FC
__swprintf.LIBCMT ref: 0091F81E
MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0091F88D

Strings

Line %d:, xrefs: 0091F818
., xrefs: 0091F873
Error: , xrefs: 0091F85B
Line %d (File "%s"):, xrefs: 0091F833
%s (%d) : ==> %s.: %s %s, xrefs: 0091F7F7

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
API String ID: 1506413516-4153970271
Opcode ID: 4f995f2a7b7f0d6f70c151b6fcc077d4e9b5dda2bd1c843dd04e087225f9e63d
Instruction ID: eddc1b7347551d7caf7b0c4a9ac80077d0d8af702a37aca6c98dbd539a8c5fee
Opcode Fuzzy Hash: 4f995f2a7b7f0d6f70c151b6fcc077d4e9b5dda2bd1c843dd04e087225f9e63d
Instruction Fuzzy Hash: A8218F3294421EEBCF11EF94CC1AFEE7738FF18314F044469F515A60A2DA31A658DB52

Function 009252C7 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON

Download Yara Rule

APIs

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

Part of subcall function 008C7924: _memmove.LIBCMT ref: 008C79AD

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00925330
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00925346
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00925357
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00925369
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0092537A

Strings

open , xrefs: 009252DF
status PlayMe mode, xrefs: 0092532B
alias PlayMe, xrefs: 00925309
play PlayMe, xrefs: 00925375
close PlayMe, xrefs: 00925341, 0092536E
play PlayMe wait, xrefs: 00925364

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: SendString$_memmove
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2279737902-1007645807
Opcode ID: 252725cd87b9a885e5c44ed1d58fa28f11e8586424bc8a8124cf5c244f45c114
Instruction ID: df3a49ac546f77c065e9bbddc75ef228d5f76e2d00d72dac8d650a64703c4c24
Opcode Fuzzy Hash: 252725cd87b9a885e5c44ed1d58fa28f11e8586424bc8a8124cf5c244f45c114
Instruction Fuzzy Hash: 1011B232A90169B9D724F665DC4AEFFBB7CFBD1B54F004429B416E20E1EEB05D04C9A1

Function 009246B7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 009246D2
gethostname.WSOCK32(?,00000100), ref: 009246EC
gethostbyname.WSOCK32(?), ref: 009246F9
_wcscpy.LIBCMT ref: 00924721
_memmove.LIBCMT ref: 00924734
inet_ntoa.WSOCK32(?), ref: 0092473F
_strcat.LIBCMT ref: 0092474D
_wcscpy.LIBCMT ref: 00924764
WSACleanup.WSOCK32 ref: 00924772
_wcscpy.LIBCMT ref: 00924780

Strings

0.0.0.0, xrefs: 0092471B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 208665112-3771769585
Opcode ID: f2fb5511ae7f28e52eaa6f37a5506088817119580b44cac262922daa7d3647f7
Instruction ID: 3d6f8fdfd96bd3c64e0ac53924e703f9567ed6f6789b8e4e7292d1bc04d2eed8
Opcode Fuzzy Hash: f2fb5511ae7f28e52eaa6f37a5506088817119580b44cac262922daa7d3647f7
Instruction Fuzzy Hash: C1112435504129AFDB20AB34AC4AEEA77BCEF43311F0001B6F559D61A1EF748E819A51

Function 00924F75 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00924F7A

Part of subcall function 008E049F: timeGetTime.WINMM(?,7694B400,008D0E7B), ref: 008E04A3

Sleep.KERNEL32(0000000A), ref: 00924FA6
EnumThreadWindows.USER32(?,Function_00064F28,00000000), ref: 00924FCA
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00924FEC
SetActiveWindow.USER32 ref: 0092500B
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00925019
SendMessageW.USER32(00000010,00000000,00000000), ref: 00925038
Sleep.KERNEL32(000000FA), ref: 00925043
IsWindow.USER32 ref: 0092504F
EndDialog.USER32(00000000), ref: 00925060

Strings

BUTTON, xrefs: 00924FDE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 6b4d28c0c0447aad12d3f00c453927103f058412c2881234a5832b9bf4b25dd1
Instruction ID: effdd4e282adfe1d258bcc77ac4b04b2ebb7e768b2ef6295cc9f02f119898f7a
Opcode Fuzzy Hash: 6b4d28c0c0447aad12d3f00c453927103f058412c2881234a5832b9bf4b25dd1
Instruction Fuzzy Hash: EB21C07826C606EFE7105F60FD99F263B6DEB8A749F051024F109862B9CB758D40FB62

Function 0092D58D Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON

Download Yara Rule

APIs

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

CoInitialize.OLE32(00000000), ref: 0092D5EA
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0092D67D
SHGetDesktopFolder.SHELL32(?), ref: 0092D691
CoCreateInstance.OLE32(00952D7C,00000000,00000001,00978C1C,?), ref: 0092D6DD
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0092D74C
CoTaskMemFree.OLE32(?,?), ref: 0092D7A4
_memset.LIBCMT ref: 0092D7E1
SHBrowseForFolderW.SHELL32(?), ref: 0092D81D
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0092D840
CoTaskMemFree.OLE32(00000000), ref: 0092D847
CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 0092D87E
CoUninitialize.OLE32(00000001,00000000), ref: 0092D880

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
String ID:
API String ID: 1246142700-0
Opcode ID: a2165cc894071cc8c8f4c9b79295983493439288c04f82ea98a51587ed694a4e
Instruction ID: 389e4bc9c209c77d9260663df827af73b6b997b212dde449f2dabad33eebd8e7
Opcode Fuzzy Hash: a2165cc894071cc8c8f4c9b79295983493439288c04f82ea98a51587ed694a4e
Instruction Fuzzy Hash: 05B1FD75A00119AFDB04DF68D888EAEBBB9FF49314B1484A9F909DB261DB30ED41CB51

Function 0091C267 Relevance: 18.2, APIs: 12, Instructions: 174COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 0091C283
GetWindowRect.USER32(00000000,?), ref: 0091C295
MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0091C2F3
GetDlgItem.USER32(?,00000002), ref: 0091C2FE
GetWindowRect.USER32(00000000,?), ref: 0091C310
MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0091C364
GetDlgItem.USER32(?,000003E9), ref: 0091C372
GetWindowRect.USER32(00000000,?), ref: 0091C383
MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0091C3C6
GetDlgItem.USER32(?,000003EA), ref: 0091C3D4
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0091C3F1
InvalidateRect.USER32(?,00000000,00000001), ref: 0091C3FE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: e3019f3b186bb785c4586086d021a08643492936e6c4caeeb2bd1261e3cb361a
Instruction ID: 6a442e5d48a4363e3dbd5dc2fc0a193e8967c3fd9cd05172b273414809e93fe7
Opcode Fuzzy Hash: e3019f3b186bb785c4586086d021a08643492936e6c4caeeb2bd1261e3cb361a
Instruction Fuzzy Hash: 34516FB5B10209AFDF18CFA9DD99EAEBBBAEB88310F14812DF515D7290D7709D408B10

Function 008C201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON

Download Yara Rule

APIs

Part of subcall function 008C1B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,008C2036,?,00000000,?,?,?,?,008C16CB,00000000,?), ref: 008C1B9A

DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 008C20D3
KillTimer.USER32(-00000001,?,?,?,?,008C16CB,00000000,?,?,008C1AE2,?,?), ref: 008C216E
DestroyAcceleratorTable.USER32(00000000), ref: 008FBCA6
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,008C16CB,00000000,?,?,008C1AE2,?,?), ref: 008FBCD7
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,008C16CB,00000000,?,?,008C1AE2,?,?), ref: 008FBCEE
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,008C16CB,00000000,?,?,008C1AE2,?,?), ref: 008FBD0A
DeleteObject.GDI32(00000000), ref: 008FBD1C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID:
API String ID: 641708696-0
Opcode ID: b605c0f2c493ed43eeba72d73b0dbbe2b8f4c88e7505f90deb62e28028675362
Instruction ID: d71ad13c4ac61595b844ca867efb980c895d8807d9b2a6050b352f1f6765becb
Opcode Fuzzy Hash: b605c0f2c493ed43eeba72d73b0dbbe2b8f4c88e7505f90deb62e28028675362
Instruction Fuzzy Hash: 5A619C34124A05DFCB35AF28D958F2A77F1FB41316F14842EE142CAAB0C774E894EB51

Function 008C21A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON

Download Yara Rule

APIs

Part of subcall function 008C25DB: GetWindowLongW.USER32(?,000000EB), ref: 008C25EC

GetSysColor.USER32(0000000F), ref: 008C21D3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: 6e8aac6e77bfc021bc05f41f32c9a481ac9140660323a605109d221834075b1d
Instruction ID: 76bc7e03bfb67cbbd9269d033f76fc101c81777c0d939df2fae4db775586f77d
Opcode Fuzzy Hash: 6e8aac6e77bfc021bc05f41f32c9a481ac9140660323a605109d221834075b1d
Instruction Fuzzy Hash: 27417E351081449ADB259F28EC98FB97B65FB06331F194269FE65CA1E5C7318C42EB21

Function 0092A8A7 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,0094F910), ref: 0092A90B
GetDriveTypeW.KERNEL32(00000061,009789A0,00000061), ref: 0092A9D5
_wcscpy.LIBCMT ref: 0092A9FF

Strings

fixed, xrefs: 0092A953
network, xrefs: 0092A969
removable, xrefs: 0092A93D
unknown, xrefs: 0092A996
cdrom, xrefs: 0092A927
ramdisk, xrefs: 0092A97F
all, xrefs: 0092A911

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharDriveLowerType_wcscpy
String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2820617543-1000479233
Opcode ID: 5904b50cce1eae7a1595b30f4e5731e0f8a5efaca91885d6fccafa6486b2c77d
Instruction ID: 549bf5849e67eb0bb288275114150c450478d927add9b648ad5cb639d2b8b4c6
Opcode Fuzzy Hash: 5904b50cce1eae7a1595b30f4e5731e0f8a5efaca91885d6fccafa6486b2c77d
Instruction Fuzzy Hash: 8951BB361083119BC310EF19E892AAFB7A9FF85300F104C2DF596972A2DB70D989CA53

Function 008C9837 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 008C9862
__swprintf.LIBCMT ref: 008C98AC
__i64tow.LIBCMT ref: 008FF5E6

Strings

0x%p, xrefs: 008FF5C8
%.15g, xrefs: 008C98A6
False, xrefs: 008FF5AE
True, xrefs: 008FF5A7

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __i64tow__itow__swprintf
String ID: %.15g$0x%p$False$True
API String ID: 421087845-2263619337
Opcode ID: 8bdccd80d3b681326c24fe29632a9227e5c6e64da305be4f2b4abd6a0fbc8bd7
Instruction ID: 1a9d957f8f5d8cae6cedfe23fe08b31ab0f287696ac701b780e3e3de23c97bca
Opcode Fuzzy Hash: 8bdccd80d3b681326c24fe29632a9227e5c6e64da305be4f2b4abd6a0fbc8bd7
Instruction Fuzzy Hash: 5841B7716002099BDB24DF39D845F7673F8FF4A304F2044BEE649D7292EA71D9418B11

Function 00947152 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0094716A
CreateMenu.USER32 ref: 00947185
SetMenu.USER32(?,00000000), ref: 00947194
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00947221
IsMenu.USER32(?), ref: 00947237
CreatePopupMenu.USER32 ref: 00947241
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0094726E
DrawMenuBar.USER32 ref: 00947276

Strings

0, xrefs: 00947160
F, xrefs: 00947262

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
String ID: 0$F
API String ID: 176399719-3044882817
Opcode ID: 174b1b038367ae8ebab761710ba1d89f89d77a9e20547c2541b7a47725ed5526
Instruction ID: bb0035c0f632f4d56d76c73a5700e14c116225faab4c3a660ea14989b4d3226f
Opcode Fuzzy Hash: 174b1b038367ae8ebab761710ba1d89f89d77a9e20547c2541b7a47725ed5526
Instruction Fuzzy Hash: 0A419878A15209EFDB20DFA4D884EAABBF9FF09310F150529F915A7360D771A910DFA0

Function 009474BB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 0094755E
CreateCompatibleDC.GDI32(00000000), ref: 00947565
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00947578
SelectObject.GDI32(00000000,00000000), ref: 00947580
GetPixel.GDI32(00000000,00000000,00000000), ref: 0094758B
DeleteDC.GDI32(00000000), ref: 00947594
GetWindowLongW.USER32(?,000000EC), ref: 0094759E
SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 009475B2
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 009475BE

Strings

static, xrefs: 009474F6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 814fa5a03aca5dc5cfb914af95ea49f13237a1a9ec2e68f10521ebf0fd7a7573
Instruction ID: 9717302f77883875a633372b5b44860bf3b200ba675e37f1c441b46f41047fac
Opcode Fuzzy Hash: 814fa5a03aca5dc5cfb914af95ea49f13237a1a9ec2e68f10521ebf0fd7a7573
Instruction Fuzzy Hash: 23316D36119219BFDF119FA4DC18FEB7B69FF0A364F110224FA15961A0C735D811EBA4

Function 008E6E03 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 008E6E3E

Part of subcall function 008E8B28: __getptd_noexit.LIBCMT ref: 008E8B28

__gmtime64_s.LIBCMT ref: 008E6ED7
__gmtime64_s.LIBCMT ref: 008E6F0D
__gmtime64_s.LIBCMT ref: 008E6F2A
__allrem.LIBCMT ref: 008E6F80
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6F9C
__allrem.LIBCMT ref: 008E6FB3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E6FD1
__allrem.LIBCMT ref: 008E6FE8
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008E7006
__invoke_watson.LIBCMT ref: 008E7077

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
Instruction ID: 208f79dacb2546220207e8be6be73333bf434094ed5d737390bb1ef34853d72e
Opcode Fuzzy Hash: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
Instruction Fuzzy Hash: 3D711672A00B5BABD714AE7EDC41B6AB3A8FF16364F10422AF514E72C1F770DA108791

Function 00922527 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00922542
GetMenuItemInfoW.USER32(00985890,000000FF,00000000,00000030), ref: 009225A3
SetMenuItemInfoW.USER32(00985890,00000004,00000000,00000030), ref: 009225D9
Sleep.KERNEL32(000001F4), ref: 009225EB
GetMenuItemCount.USER32(?), ref: 0092262F
GetMenuItemID.USER32(?,00000000), ref: 0092264B
GetMenuItemID.USER32(?,-00000001), ref: 00922675
GetMenuItemID.USER32(?,?), ref: 009226BA
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00922700
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00922714
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00922735

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep_memset
String ID:
API String ID: 4176008265-0
Opcode ID: 7faa2266495f2dca3511490c2c6aa7c8353e119626e5ca7709349054a6706c77
Instruction ID: 4c07a180385452c00795f79d94b83e621a4f01ff45dbaf7786528629163b0495
Opcode Fuzzy Hash: 7faa2266495f2dca3511490c2c6aa7c8353e119626e5ca7709349054a6706c77
Instruction Fuzzy Hash: 4561DE70914269BFDB21CF64EC98EBE7BBCEB41304F14445AF801A7254D731AD09DB20

Function 00946F23 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00946FA5
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00946FA8
GetWindowLongW.USER32(?,000000F0), ref: 00946FCC
_memset.LIBCMT ref: 00946FDD
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00946FEF
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00947067

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$LongWindow_memset
String ID:
API String ID: 830647256-0
Opcode ID: 3bbf37ab7c3979bc930e0cc468fff31dcb53a703aaf98a50ea5a4e25aa9b5378
Instruction ID: 19967fb8365e88f3dc5e1025749904b513c8b26cc31cc5f646eeb00c81dd33da
Opcode Fuzzy Hash: 3bbf37ab7c3979bc930e0cc468fff31dcb53a703aaf98a50ea5a4e25aa9b5378
Instruction Fuzzy Hash: BB617B75904208AFDB10DFA4CC81EEEB7F8EB09714F10419AFA14EB2A1C771AD45DBA0

Function 00916B98 Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00916BBF
SafeArrayAllocData.OLEAUT32(?), ref: 00916C18
VariantInit.OLEAUT32(?), ref: 00916C2A
SafeArrayAccessData.OLEAUT32(?,?), ref: 00916C4A
VariantCopy.OLEAUT32(?,?), ref: 00916C9D
SafeArrayUnaccessData.OLEAUT32(?), ref: 00916CB1
VariantClear.OLEAUT32(?), ref: 00916CC6
SafeArrayDestroyData.OLEAUT32(?), ref: 00916CD3
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00916CDC
VariantClear.OLEAUT32(?), ref: 00916CEE
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00916CF9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: d3e410e3fe5f5f0d747a701d6f3db8ded214595dd82eedb9e8fc370b2fb12aa0
Instruction ID: fe5fbb46f30738376d9731d6caa58a3d93c9c5491244bb343e6511df81e48f73
Opcode Fuzzy Hash: d3e410e3fe5f5f0d747a701d6f3db8ded214595dd82eedb9e8fc370b2fb12aa0
Instruction Fuzzy Hash: 1F414D35E0421E9FDF009F68D858DEEBBB9FF48350F008069EA55E7261CB30A945DB90

Function 009383BB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON

Download Yara Rule

APIs

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

CoInitialize.OLE32 ref: 00938403
CoUninitialize.OLE32 ref: 0093840E
CoCreateInstance.OLE32(?,00000000,00000017,00952BEC,?), ref: 0093846E
IIDFromString.OLE32(?,?), ref: 009384E1
VariantInit.OLEAUT32(?), ref: 0093857B
VariantClear.OLEAUT32(?), ref: 009385DC

Strings

NULL Pointer assignment, xrefs: 009384B3
Failed to create object, xrefs: 00938479, 0093852F
Invalid parameter, xrefs: 009384FA

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 834269672-1287834457
Opcode ID: 61bd993b9bf63ba321d7bea3e1532904e90b73d6873aaad8ecd8fc71a4487b9f
Instruction ID: 80c1f72e4e41728f30072c162fbb12d67778e2c6a59be9218d543c430fcfa89b
Opcode Fuzzy Hash: 61bd993b9bf63ba321d7bea3e1532904e90b73d6873aaad8ecd8fc71a4487b9f
Instruction Fuzzy Hash: D4617B71608312AFC710DF64C848F6BB7E8AF89754F004959F9869B2A1DB74ED48CF92

Function 00935732 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00935793
inet_addr.WSOCK32(?,?,?), ref: 009357D8
gethostbyname.WSOCK32(?), ref: 009357E4
IcmpCreateFile.IPHLPAPI ref: 009357F2
IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00935862
IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00935878
IcmpCloseHandle.IPHLPAPI(00000000), ref: 009358ED
WSACleanup.WSOCK32 ref: 009358F3

Strings

Ping, xrefs: 00935816

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
String ID: Ping
API String ID: 1028309954-2246546115
Opcode ID: 05a665addad48561eff32996464d1c9cbd05bac379f8e2eb3c6ba34f724cd29d
Instruction ID: ead26cc197e25c06729e7b039cc47754cc108850a39bd4edd52443b8d6ae2340
Opcode Fuzzy Hash: 05a665addad48561eff32996464d1c9cbd05bac379f8e2eb3c6ba34f724cd29d
Instruction Fuzzy Hash: 6E517C356046019FDB10AF29DC49F2AB7E4EF49720F054969F996DB2A1DB34EC40DF42

Function 0092B4C3 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0092B4D0
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0092B546
GetLastError.KERNEL32 ref: 0092B550
SetErrorMode.KERNEL32(00000000,READY), ref: 0092B5BD

Strings

READY, xrefs: 0092B596
UNKNOWN, xrefs: 0092B575
INVALID, xrefs: 0092B58F
READONLY, xrefs: 0092B588
NOTREADY, xrefs: 0092B57C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 8b357bb932b0eea645ed9ecf0e475fdcc84e8b8831282b5bd2a48ca8634b7885
Instruction ID: 8b0e9f4b6d6f5f5555d219db419c92204f1b767f21c79034b40d9734db828638
Opcode Fuzzy Hash: 8b357bb932b0eea645ed9ecf0e475fdcc84e8b8831282b5bd2a48ca8634b7885
Instruction Fuzzy Hash: 1731A035A00219DFCB00DB68E859FAE7BF8FF49304F148169F505DB295DB709A46CB81

Function 00918F8F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 0091AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0091AABC

SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00919014
GetDlgCtrlID.USER32 ref: 0091901F
GetParent.USER32 ref: 0091903B
SendMessageW.USER32(00000000,?,00000111,?), ref: 0091903E
GetDlgCtrlID.USER32(?), ref: 00919047
GetParent.USER32(?), ref: 00919063
SendMessageW.USER32(00000000,?,?,00000111), ref: 00919066

Strings

ListBox, xrefs: 00918FD1
ComboBox, xrefs: 00918F9C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: ComboBox$ListBox
API String ID: 1536045017-1403004172
Opcode ID: 1d7694227a0f9df14d046205d105b8ec184ef59c581c625ccf11137e20a52244
Instruction ID: 30438b2d75d4d14fda82b544a004cf60ed25b547bbfe834d3dc35af67e040877
Opcode Fuzzy Hash: 1d7694227a0f9df14d046205d105b8ec184ef59c581c625ccf11137e20a52244
Instruction Fuzzy Hash: 17212574A0010DBBDF04EBA4CC95EFEBB79EF89310F000119F961972A1DB759859EB21

Function 0091907A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 0091AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0091AABC

SendMessageW.USER32(?,00000186,00000002,00000000), ref: 009190FD
GetDlgCtrlID.USER32 ref: 00919108
GetParent.USER32 ref: 00919124
SendMessageW.USER32(00000000,?,00000111,?), ref: 00919127
GetDlgCtrlID.USER32(?), ref: 00919130
GetParent.USER32(?), ref: 0091914C
SendMessageW.USER32(00000000,?,?,00000111), ref: 0091914F

Strings

ListBox, xrefs: 009190BC
ComboBox, xrefs: 00919087

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: ComboBox$ListBox
API String ID: 1536045017-1403004172
Opcode ID: cfd58aa204344b4693ae4d5edc1df89696d4589493d9ad6d6a8166f91f9392a6
Instruction ID: c443b35f1e8b963d86a52791f84b1111b4db9c02759ede2e70e7d07d6889702e
Opcode Fuzzy Hash: cfd58aa204344b4693ae4d5edc1df89696d4589493d9ad6d6a8166f91f9392a6
Instruction Fuzzy Hash: AE21F574A0110DBBDF00ABA4CC95FFEBB79EF49300F004019F911972A1DB759899DB21

Function 00919163 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 0091916F
GetClassNameW.USER32(00000000,?,00000100), ref: 00919184
_wcscmp.LIBCMT ref: 00919196
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00919211

Strings

largeicons, xrefs: 009191A5
smallicons, xrefs: 009191D9
list, xrefs: 009191F3
details, xrefs: 009191BF
SHELLDLL_DefView, xrefs: 00919190

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClassMessageNameParentSend_wcscmp
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1704125052-3381328864
Opcode ID: 8410205d5f95ea1fc11815b7cae8b1ea31e7531a9e365627b744d36e78d8bd20
Instruction ID: a4b4e2b3e45cb6a25a9e24a69ff4243395936071c9ce56cf5def783fa58ceda1
Opcode Fuzzy Hash: 8410205d5f95ea1fc11815b7cae8b1ea31e7531a9e365627b744d36e78d8bd20
Instruction Fuzzy Hash: 9E11593B34C35BBAFA102628DC2ADE7779CEB02324B200826FA15E10D2FE7168915990

Function 009388AB Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 009388D7
CoInitialize.OLE32(00000000), ref: 00938904
CoUninitialize.OLE32 ref: 0093890E
GetRunningObjectTable.OLE32(00000000,?), ref: 00938A0E
SetErrorMode.KERNEL32(00000001,00000029), ref: 00938B3B
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00952C0C), ref: 00938B6F
CoGetObject.OLE32(?,00000000,00952C0C,?), ref: 00938B92
SetErrorMode.KERNEL32(00000000), ref: 00938BA5
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00938C25
VariantClear.OLEAUT32(?), ref: 00938C35

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
String ID:
API String ID: 2395222682-0
Opcode ID: a8df2d5ddc323d8612778e8e981c392d3257ccc1a13277531b4805fd6ecaa7a6
Instruction ID: 5dfc4bbb86a9309c92105018d9ba99a193961c870067964a4cecce1e3930f4b5
Opcode Fuzzy Hash: a8df2d5ddc323d8612778e8e981c392d3257ccc1a13277531b4805fd6ecaa7a6
Instruction Fuzzy Hash: A7C1E2B1608306AFD700DF68C884A2BB7E9FF89748F00495DF98A9B251DB71ED05CB52

Function 00927990 Relevance: 15.3, APIs: 10, Instructions: 292COMMON

Download Yara Rule

APIs

SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00927A6C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ArraySafeVartype
String ID:
API String ID: 1725837607-0
Opcode ID: c29e77c8b0ae20ddb23f4649a1c9ffea789f6cf1782aeb8ace75c0f00b246045
Instruction ID: 16b6e1c0459091930a822f76092f4fffb99d9a7c4bcf89c434d4d6b6bf951f69
Opcode Fuzzy Hash: c29e77c8b0ae20ddb23f4649a1c9ffea789f6cf1782aeb8ace75c0f00b246045
Instruction Fuzzy Hash: 2FB17A7590822A9FDB00DFE8E885BBEB7B8FF49321F204469E541E7351D734A941CBA1

Function 008FBDA2 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 008C2231
SetTextColor.GDI32(?,000000FF), ref: 008C223B
SetBkMode.GDI32(?,00000001), ref: 008C2250
GetStockObject.GDI32(00000005), ref: 008C2258
GetClientRect.USER32(?), ref: 008FBDBB
SendMessageW.USER32(?,00001328,00000000,?), ref: 008FBDD2
GetWindowDC.USER32(?), ref: 008FBDDE
GetPixel.GDI32(00000000,?,?), ref: 008FBDED
ReleaseDC.USER32(?,00000000), ref: 008FBDFF
GetSysColor.USER32(00000005), ref: 008FBE1D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
String ID:
API String ID: 3430376129-0
Opcode ID: 04dfcbea492f90a95bdb54c0a71352a3b14d2ba3c42fa20a43b916ae78525bf1
Instruction ID: b5142da6e7bdd73be4d765c397b7fd8472ba8d1d1a6507d924aa48a7f237e972
Opcode Fuzzy Hash: 04dfcbea492f90a95bdb54c0a71352a3b14d2ba3c42fa20a43b916ae78525bf1
Instruction Fuzzy Hash: BC21263611820AEFDB216FA4EC18FAA7B71FB0A326F114265FA25950F1CB714951EF11

Function 008CFA5D Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 008CFAA6
OleUninitialize.OLE32(?,00000000), ref: 008CFB45
UnregisterHotKey.USER32(?), ref: 008CFC9C
DestroyWindow.USER32(?), ref: 009045D6
FreeLibrary.KERNEL32(?), ref: 0090463B
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00904668

Strings

close all, xrefs: 008CFAA1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: f6e75b736f7f9aebe8a2cc8c94f5c26484bb6f2d91717900b9bc3041c40b551f
Instruction ID: 207413c58bfcfd162f3c4ba6c24fa00534226c4511d6314058afee767fa99ff6
Opcode Fuzzy Hash: f6e75b736f7f9aebe8a2cc8c94f5c26484bb6f2d91717900b9bc3041c40b551f
Instruction Fuzzy Hash: 38A157703012268FDB28EF14C994F69B765FF05714F1042ADEA0AAB2A2DB31EC56CF51

Function 0091A068 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON

Download Yara Rule

APIs

EnumChildWindows.USER32(?,0091A439), ref: 0091A377

Strings

INSTANCE, xrefs: 0091A285
TEXT, xrefs: 0091A2AE
NAME, xrefs: 0091A1A9
CLASSNN, xrefs: 0091A119
CLASS, xrefs: 0091A0F6
REGEXPCLASS, xrefs: 0091A13C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ChildEnumWindows
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 3555792229-1603158881
Opcode ID: 45bd6300d53f8d5221ea86c220df6dfa36318dd079665be8335cdea61ab9292c
Instruction ID: 37a91fc5b51db453d1eff5d6dfeea3ae747dcf2765b2e50ca90d15a57d059905
Opcode Fuzzy Hash: 45bd6300d53f8d5221ea86c220df6dfa36318dd079665be8335cdea61ab9292c
Instruction Fuzzy Hash: C291A431705609AACB08DFA4C441BEDFBB8FF05300F548529E869E7251DB31ADDACB92

Function 008C2E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 008C2EAE

Part of subcall function 008C1DB3: GetClientRect.USER32(?,?), ref: 008C1DDC
Part of subcall function 008C1DB3: GetWindowRect.USER32(?,?), ref: 008C1E1D
Part of subcall function 008C1DB3: ScreenToClient.USER32(?,?), ref: 008C1E45

GetDC.USER32 ref: 008FCD32
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008FCD45
SelectObject.GDI32(00000000,00000000), ref: 008FCD53
SelectObject.GDI32(00000000,00000000), ref: 008FCD68
ReleaseDC.USER32(?,00000000), ref: 008FCD70
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008FCDFB

Strings

U, xrefs: 008FCCD0

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 3760e483baf396606ffa5a8e755fdb9bb6c9ac51d1da0a802084dc9c12466dee
Instruction ID: 61827b6dbf20d0623f492a4d5b324dc8c9791f6daddc5066cff8ad8efe90956e
Opcode Fuzzy Hash: 3760e483baf396606ffa5a8e755fdb9bb6c9ac51d1da0a802084dc9c12466dee
Instruction Fuzzy Hash: C371AB3550020DDFCF25AF74C984ABA7BB5FF49324F14426AEE55EA2A6C7308981DB60

Function 00931A15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00931A50
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00931A7C
InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00931ABE
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00931AD3
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00931AE0
HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00931B10
InternetCloseHandle.WININET(00000000), ref: 00931B57

Part of subcall function 00932483: GetLastError.KERNEL32(?,?,00931817,00000000,00000000,00000001), ref: 00932498
Part of subcall function 00932483: SetEvent.KERNEL32(?,?,00931817,00000000,00000000,00000001), ref: 009324AD

Strings

, xrefs: 00931B01

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
String ID:
API String ID: 2603140658-3916222277
Opcode ID: c905d20f72fba7b333163bfd407bfc33446255df7919fe19359d9c118aacda50
Instruction ID: 3311d63e0aaf7f0bcc4aa851f11c3c23197358717edce780543e6e39cac2eb21
Opcode Fuzzy Hash: c905d20f72fba7b333163bfd407bfc33446255df7919fe19359d9c118aacda50
Instruction Fuzzy Hash: 53419FB5501219BFEB118F50CC99FFBBBACEF09354F00412AFA059A161EB749E449FA4

Function 00938C46 Relevance: 13.9, APIs: 9, Instructions: 438COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,0094F910), ref: 00938D28
FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0094F910), ref: 00938D5C
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00938ED6
SysFreeString.OLEAUT32(?), ref: 00938F00

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Free$FileLibraryModuleNamePathQueryStringType
String ID:
API String ID: 560350794-0
Opcode ID: 8e3304c9b0b3994528704e20287b2245edaec2cdeb08b751752fa58d7bc49b95
Instruction ID: c2895c70d6dfa70600a48165f3ddbd6ef9e428829fc75949c6e3429d372d2283
Opcode Fuzzy Hash: 8e3304c9b0b3994528704e20287b2245edaec2cdeb08b751752fa58d7bc49b95
Instruction Fuzzy Hash: E3F12875A00209EFCB14EF94C888EAEB7B9FF49314F108498F905AB251DB71AE45CF90

Function 0093F694 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0093F6B5
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0093F848
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0093F86C
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0093F8AC
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0093F8CE
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0093FA4A
GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0093FA7C
CloseHandle.KERNEL32(?), ref: 0093FAAB
CloseHandle.KERNEL32(?), ref: 0093FB22

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
String ID:
API String ID: 4090791747-0
Opcode ID: 4b3a0e3bcbd85f93c831e4c39dd7dd73027e6f7e3126c70292cd5d2a78bfb9f0
Instruction ID: 4fd0dad95bce3da5debc09b45a0b0cf5671d4dda5e38c09fb6502fe1288a861a
Opcode Fuzzy Hash: 4b3a0e3bcbd85f93c831e4c39dd7dd73027e6f7e3126c70292cd5d2a78bfb9f0
Instruction Fuzzy Hash: AEE1B2316042519FCB14EF28C891B6ABBE5FF85354F14896DF89A9B2A2CB30DC45CF52

Function 00924CC1 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0092466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00923697,?), ref: 0092468B

Part of subcall function 0092466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00923697,?), ref: 009246A4

Part of subcall function 00924A31: GetFileAttributesW.KERNEL32(?,0092370B), ref: 00924A32

lstrcmpiW.KERNEL32(?,?), ref: 00924D40
_wcscmp.LIBCMT ref: 00924D5A
MoveFileW.KERNEL32(?,?), ref: 00924D75

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
String ID:
API String ID: 793581249-0
Opcode ID: e7c861ea619caa065efdc3abb05de6462371bc9773e1f485b0286f5c106a41f2
Instruction ID: 6bab369cdb8fe0ea49a63aea7e40dfe2cad213d333a57005fbb377f1165a4b04
Opcode Fuzzy Hash: e7c861ea619caa065efdc3abb05de6462371bc9773e1f485b0286f5c106a41f2
Instruction Fuzzy Hash: FF5152B21083959BC724DB64EC81EDB77ECEF85350F40092EF289D3155EE35A588CB56

Function 00948645 Relevance: 13.7, APIs: 9, Instructions: 168COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 009486FF

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: d89d02c9c3683e1c20d18c1528977a8820c46dafe859624a4360323934405cb8
Instruction ID: 76d0a9838271207ed3b47f152c9322cecac3de9626645d03038347175d8a2eee
Opcode Fuzzy Hash: d89d02c9c3683e1c20d18c1528977a8820c46dafe859624a4360323934405cb8
Instruction Fuzzy Hash: CD51C330510204BEEF209B28CC95FAE7BA8FB05724F614615F924E62E1CF76E980DB41

Function 008C2B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 008FC2F7
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 008FC319
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008FC331
ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 008FC34F
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008FC370
DestroyIcon.USER32(00000000), ref: 008FC37F
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 008FC39C
DestroyIcon.USER32(?), ref: 008FC3AB

Part of subcall function 0094A4AF: DeleteObject.GDI32(00000000), ref: 0094A4E8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
String ID:
API String ID: 2819616528-0
Opcode ID: 1deeb17dbb6724a79434a18e695e7a19aafb3d8fb0901b6fd1a209a50077d18a
Instruction ID: 22f61e220b24fea04a7af7f7fb3c61f6483200c6ba8f7fbb749f0cbde1e3003d
Opcode Fuzzy Hash: 1deeb17dbb6724a79434a18e695e7a19aafb3d8fb0901b6fd1a209a50077d18a
Instruction Fuzzy Hash: 76512374A10209AFDB24DF64D845FAA7BB5FB58364F104529F902E72E0DB70ED90EB60

Function 0091966E Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 0091A82C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0091A84C
Part of subcall function 0091A82C: GetCurrentThreadId.KERNEL32 ref: 0091A853
Part of subcall function 0091A82C: AttachThreadInput.USER32(00000000,?,00919683,?,00000001), ref: 0091A85A

MapVirtualKeyW.USER32(00000025,00000000), ref: 0091968E
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 009196AB
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 009196AE
MapVirtualKeyW.USER32(00000025,00000000), ref: 009196B7
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 009196D5
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 009196D8
MapVirtualKeyW.USER32(00000025,00000000), ref: 009196E1
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 009196F8
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 009196FB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: 59f54aae7d4a0623233280695229697cbb9f7804f8d123995c42c60211db2261
Instruction ID: 4b85dc48b09146c9cb7ea74374ef9df67b8be5b94070f6d04377feb570fbefab
Opcode Fuzzy Hash: 59f54aae7d4a0623233280695229697cbb9f7804f8d123995c42c60211db2261
Instruction Fuzzy Hash: 8F11E575A2421DBEF7106F60DC49FAA3B5DDB4D790F110425F244AB0A0C9F25C50EAA4

Function 00918921 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,0091853C,00000B00,?,?), ref: 0091892A
HeapAlloc.KERNEL32(00000000,?,0091853C,00000B00,?,?), ref: 00918931
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,0091853C,00000B00,?,?), ref: 00918946
GetCurrentProcess.KERNEL32(?,00000000,?,0091853C,00000B00,?,?), ref: 0091894E
DuplicateHandle.KERNEL32(00000000,?,0091853C,00000B00,?,?), ref: 00918951
GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,0091853C,00000B00,?,?), ref: 00918961
GetCurrentProcess.KERNEL32(0091853C,00000000,?,0091853C,00000B00,?,?), ref: 00918969
DuplicateHandle.KERNEL32(00000000,?,0091853C,00000B00,?,?), ref: 0091896C
CreateThread.KERNEL32(00000000,00000000,00918992,00000000,00000000,00000000), ref: 00918986

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 94b64f68d05d883d2b87ec7bef94acd0d7a7b360bf1e28b686434a921d764c04
Instruction ID: 2eae8853cc60dd3d02da2211bd642b043fe2fa5841c4585a1be4525699cf8584
Opcode Fuzzy Hash: 94b64f68d05d883d2b87ec7bef94acd0d7a7b360bf1e28b686434a921d764c04
Instruction Fuzzy Hash: 5A01BF79654309FFE710ABA5DC4DF673BACEB89711F404421FA05DB191CA709800DB20

Function 00939B23 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00939B7B
NULL Pointer assignment, xrefs: 00939BA4, 00939EC8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: 602bdae2723bd1fdfb96990f32760f2931f95ddc7762d1968aed20d6b5e675eb
Instruction ID: b68f7f303d927a04b1b86221b4b04afe64b92b63ca42163a0c1131523198e7c0
Opcode Fuzzy Hash: 602bdae2723bd1fdfb96990f32760f2931f95ddc7762d1968aed20d6b5e675eb
Instruction Fuzzy Hash: 5FC1A371A0021A9FDF10DF98D885BAEB7F9FF88314F148469E959A7280E7B09D45CF50

Function 00939113 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00939167
VariantInit.OLEAUT32(?), ref: 00939238
VariantInit.OLEAUT32(?), ref: 00939339
VariantClear.OLEAUT32(?), ref: 00939343
VariantClear.OLEAUT32(?), ref: 009393A0

Strings

Incorrect Object type in FOR..IN loop, xrefs: 0093931C
Null Object assignment in FOR..IN loop, xrefs: 009391C8, 009392F6, 009393AE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Variant$ClearInit$_memset
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2862541840-625585964
Opcode ID: bc2468e5e4fde2b9bfe10f13989b60c62586f4d67a68586b0bbe58cf71062705
Instruction ID: 9b0a886fa84c45a6d4b1d3f664a68135e5ca16fd960ee502c0b3a1160152b6b4
Opcode Fuzzy Hash: bc2468e5e4fde2b9bfe10f13989b60c62586f4d67a68586b0bbe58cf71062705
Instruction Fuzzy Hash: 2E91BD71A00219ABDF24DFA5CC48FAFBBB8EF85714F108559F915AB280D7B09900CFA0

Function 0093975D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 0091710A: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?,?,00917455), ref: 00917127
Part of subcall function 0091710A: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?), ref: 00917142
Part of subcall function 0091710A: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?), ref: 00917150
Part of subcall function 0091710A: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?), ref: 00917160

CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00939806
_memset.LIBCMT ref: 00939813
_memset.LIBCMT ref: 00939956
CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00939982
CoTaskMemFree.OLE32(?), ref: 0093998D

Strings

NULL Pointer assignment, xrefs: 009399DB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
String ID: NULL Pointer assignment
API String ID: 1300414916-2785691316
Opcode ID: 55f6c6f78c2f759c6e0be0f25eca055a35148352463c749a882fd0d79960d75f
Instruction ID: 1bcf2572552aaf9f70581e4d030fab0a479d93fbc9ac84546b4469d733934407
Opcode Fuzzy Hash: 55f6c6f78c2f759c6e0be0f25eca055a35148352463c749a882fd0d79960d75f
Instruction Fuzzy Hash: E4912471D00229ABDB10DFA5DC40FDEBBB9FF49310F20416AE419A7281DB71AA44CFA1

Function 00946D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00946E24
SendMessageW.USER32(?,00001036,00000000,?), ref: 00946E38
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00946E52
_wcscat.LIBCMT ref: 00946EAD
SendMessageW.USER32(?,00001057,00000000,?), ref: 00946EC4
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00946EF2

Strings

SysListView32, xrefs: 00946DF6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$Window_wcscat
String ID: SysListView32
API String ID: 307300125-78025650
Opcode ID: d831f4793de5b99333f92e9f46e8e0848fe55c53a483bed6180c042c8e60fa39
Instruction ID: a117da83e58fd87eaa0e3fe1391230394e13ebf4ca283d712c1541413123d496
Opcode Fuzzy Hash: d831f4793de5b99333f92e9f46e8e0848fe55c53a483bed6180c042c8e60fa39
Instruction Fuzzy Hash: 9341A0B5A00349EBEF219F64CC85FEA77F8EF09354F10442AF588E7291D6719D848B61

Function 0093E933 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00923C55: CreateToolhelp32Snapshot.KERNEL32 ref: 00923C7A
Part of subcall function 00923C55: Process32FirstW.KERNEL32(00000000,?), ref: 00923C88
Part of subcall function 00923C55: CloseHandle.KERNEL32(00000000), ref: 00923D52

OpenProcess.KERNEL32(00000001,00000000,?), ref: 0093E9A4
GetLastError.KERNEL32 ref: 0093E9B7
OpenProcess.KERNEL32(00000001,00000000,?), ref: 0093E9E6
TerminateProcess.KERNEL32(00000000,00000000), ref: 0093EA63
GetLastError.KERNEL32(00000000), ref: 0093EA6E
CloseHandle.KERNEL32(00000000), ref: 0093EAA3

Strings

SeDebugPrivilege, xrefs: 0093E9C2

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 2533919879-2896544425
Opcode ID: f6393c581bfc317913cbf5f6141fce926ce4e01f054de068e7d18fc297bcaed8
Instruction ID: fb17b40f4385c65a0cef959f153408b81853f691389422885589f779aaa95f21
Opcode Fuzzy Hash: f6393c581bfc317913cbf5f6141fce926ce4e01f054de068e7d18fc297bcaed8
Instruction Fuzzy Hash: C34187312042019FDB14EF28C8A5FAAB7A5FF85314F048469F9469B2D2CB75A844DB92

Function 00922F94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00923033

Strings

warning, xrefs: 0092301C
question, xrefs: 00922FEC
info, xrefs: 00922FD4
stop, xrefs: 00923004
blank, xrefs: 00922FB5

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: IconLoad
String ID: blank$info$question$stop$warning
API String ID: 2457776203-404129466
Opcode ID: e5b229e2293dd3d843c2cbc53e069820ec8bb1b2247e840317557cca7202ea05
Instruction ID: 3d6d2bcf73ec06f55c3feace98e7cf9a9d53620651847801b65f0583fd86416e
Opcode Fuzzy Hash: e5b229e2293dd3d843c2cbc53e069820ec8bb1b2247e840317557cca7202ea05
Instruction Fuzzy Hash: CC112B323CC3E7BEE7149B19EC42CAB779CEF1A324B10806AF904A6182DB785F4055B5

Function 009242F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00924312
LoadStringW.USER32(00000000), ref: 00924319
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0092432F
LoadStringW.USER32(00000000), ref: 00924336
_wprintf.LIBCMT ref: 0092435C
MessageBoxW.USER32(00000000,?,?,00011010), ref: 0092437A

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00924357

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wprintf
String ID: %s (%d) : ==> %s: %s %s
API String ID: 3648134473-3128320259
Opcode ID: 8442af7f562732d01b10fe701b110458a9d3ac7afed13f7aade3365dde7f6450
Instruction ID: 91d5cd003280ca0d0ee1cda32398d93bc6707e9346ed3dd73a7fbc6d60835653
Opcode Fuzzy Hash: 8442af7f562732d01b10fe701b110458a9d3ac7afed13f7aade3365dde7f6450
Instruction Fuzzy Hash: C801A2F790421DBFE710D7A0DD89EE7736CEB09300F0005A1BB09E2011EA349E844B71

Function 0094D43E Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

GetSystemMetrics.USER32(0000000F), ref: 0094D47C
GetSystemMetrics.USER32(0000000F), ref: 0094D49C
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 0094D6D7
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 0094D6F5
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 0094D716
ShowWindow.USER32(00000003,00000000), ref: 0094D735
InvalidateRect.USER32(?,00000000,00000001), ref: 0094D75A
DefDlgProcW.USER32(?,00000005,?,?), ref: 0094D77D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: aaa7c440070e8424b07629178d6156efa0098619aaa1d9c7350732366071fb71
Instruction ID: cab75be8f4b4933f14d7ab01181aaa47ab38f834805ef40d787f375a6e604086
Opcode Fuzzy Hash: aaa7c440070e8424b07629178d6156efa0098619aaa1d9c7350732366071fb71
Instruction Fuzzy Hash: AEB1BC79601226EFDF14CF68C9D5BAD7BB5FF04710F098069EC489B299D734A950CB90

Function 0093FD11 Relevance: 12.3, APIs: 8, Instructions: 256registryCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 00940E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093FDAD,?,?), ref: 00940E31

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0093FDEE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharConnectRegistryUpper_memmove
String ID:
API String ID: 3479070676-0
Opcode ID: 476d0d27acf54afa21fb2d749cec60b28cd9028ccc0c6685069e3d9fa25bad7e
Instruction ID: 99ea66a4d1d16dc1c7c53edffe592fb178fcffcaf96619ca864c802251aeecf9
Opcode Fuzzy Hash: 476d0d27acf54afa21fb2d749cec60b28cd9028ccc0c6685069e3d9fa25bad7e
Instruction Fuzzy Hash: E5A135716042019FCB10EF18C8A5F6ABBE5FF85314F14886DF9968B2A2DB35E945CF42

Function 008C2A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,008FC1C7,00000004,00000000,00000000,00000000), ref: 008C2ACF
ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,008FC1C7,00000004,00000000,00000000,00000000,000000FF), ref: 008C2B17
ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,008FC1C7,00000004,00000000,00000000,00000000), ref: 008FC21A
ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,008FC1C7,00000004,00000000,00000000,00000000), ref: 008FC286

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 56dffa98bdd600e00ba3de4df7ab705aa5db1b2377d2cfaac45aa0e58947213b
Instruction ID: 4cae8af7342ea5ae4e4d44b52f7ab9e01b3a3bcba6c64c20675ede9472b11c58
Opcode Fuzzy Hash: 56dffa98bdd600e00ba3de4df7ab705aa5db1b2377d2cfaac45aa0e58947213b
Instruction Fuzzy Hash: 084126306186889AC7398B388D98F7F7BB2FB86314F14881DE147C26E0C675E881E711

Function 009270C6 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 009270DD

Part of subcall function 008E0DB6: std::exception::exception.LIBCMT ref: 008E0DEC
Part of subcall function 008E0DB6: __CxxThrowException@8.LIBCMT ref: 008E0E01

ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00927114
EnterCriticalSection.KERNEL32(?), ref: 00927130
_memmove.LIBCMT ref: 0092717E
_memmove.LIBCMT ref: 0092719B
LeaveCriticalSection.KERNEL32(?), ref: 009271AA
ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 009271BF
InterlockedExchange.KERNEL32(?,000001F6), ref: 009271DE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
String ID:
API String ID: 256516436-0
Opcode ID: 780a4e351bfc9299bae3817ff841e0c7a4a37f67140e4d3412eaef50fe6da8a6
Instruction ID: 1147ced7acdacf0bf4b4c9a6c7d2716252dd6b6963c37c3d7afb2ba52f97b82d
Opcode Fuzzy Hash: 780a4e351bfc9299bae3817ff841e0c7a4a37f67140e4d3412eaef50fe6da8a6
Instruction Fuzzy Hash: 00318D35904206EBCB00DFA9DC85AABB7B8FF46310B1441B5F904EA256DB709E50DB61

Function 009461D3 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 009461EB
GetDC.USER32(00000000), ref: 009461F3
GetDeviceCaps.GDI32(00000000,0000005A), ref: 009461FE
ReleaseDC.USER32(00000000,00000000), ref: 0094620A
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00946246
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00946257
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0094902A,?,?,000000FF,00000000,?,000000FF,?), ref: 00946291
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 009462B1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: 36841efc98d6c675a23299392c664c8fb3647f30303e7668a4758b7b1cd8fd9b
Instruction ID: a2aa8b00d90a0a2eea49ca06444759091423196726c3615825518ecf99f6f3f2
Opcode Fuzzy Hash: 36841efc98d6c675a23299392c664c8fb3647f30303e7668a4758b7b1cd8fd9b
Instruction Fuzzy Hash: A8318B76215214BFEF108F10CC9AFEB3BADEF4A765F050065FE08DA291C6B59841CB60

Function 0091BBAF Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 0091BBC4
_memcmp.LIBCMT ref: 0091BBE6
_memcmp.LIBCMT ref: 0091BBFE
_memcmp.LIBCMT ref: 0091BC11
_memcmp.LIBCMT ref: 0091BC2B
_memcmp.LIBCMT ref: 0091BC3E
_memcmp.LIBCMT ref: 0091BC56
_memcmp.LIBCMT ref: 0091BC71

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 2ef5d0b2a575b8115f293b60ea07d890d250f860b9f8a97c10ef27435ce2fd88
Instruction ID: 1ae547dd646d65522d53bd59ba311ad1a3ef87bc83022194d616e1718ea84b43
Opcode Fuzzy Hash: 2ef5d0b2a575b8115f293b60ea07d890d250f860b9f8a97c10ef27435ce2fd88
Instruction Fuzzy Hash: FC21B07274520D7BA604A71A9D42FFB735FAE5234CF044020FD0496A83EB24DE5583E6

Function 0092EB23 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

Part of subcall function 008DFC86: _wcscpy.LIBCMT ref: 008DFCA9

_wcstok.LIBCMT ref: 0092EC94
_wcscpy.LIBCMT ref: 0092ED23
_memset.LIBCMT ref: 0092ED56

Strings

X, xrefs: 0092ED93

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _wcscpy$__itow__swprintf_memset_wcstok
String ID: X
API String ID: 774024439-3081909835
Opcode ID: b28baa404b354bf3cc04d6da8f3afa0e11c86dc1c017ed2be434c05fd7103d6e
Instruction ID: dac4b1641e8ea25d2c45a312d045f3ec456a07cc890ce3f02bb7b20b18da9600
Opcode Fuzzy Hash: b28baa404b354bf3cc04d6da8f3afa0e11c86dc1c017ed2be434c05fd7103d6e
Instruction Fuzzy Hash: 7DC129716082519FC724EF68D885E6AB7E4FF85310F00496DF9999B2A2DB70EC45CB82

Function 00936B03 Relevance: 10.8, APIs: 7, Instructions: 250networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00936C00
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00936C21
WSAGetLastError.WSOCK32(00000000), ref: 00936C34
htons.WSOCK32(?,?,?,00000000,?), ref: 00936CEA
inet_ntoa.WSOCK32(?), ref: 00936CA7

Part of subcall function 0091A7E9: _strlen.LIBCMT ref: 0091A7F3
Part of subcall function 0091A7E9: _memmove.LIBCMT ref: 0091A815

_strlen.LIBCMT ref: 00936D44
_memmove.LIBCMT ref: 00936DAD

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove_strlen$ErrorLasthtonsinet_ntoa
String ID:
API String ID: 3619996494-0
Opcode ID: c5a7a121dd0907f03bf42624cda34d12aff45f42a14c42ce80071ff12332a506
Instruction ID: 9831e9a943d7177a5d001e22841b546bf7bb290411f102832d618a2eebbe5122
Opcode Fuzzy Hash: c5a7a121dd0907f03bf42624cda34d12aff45f42a14c42ce80071ff12332a506
Instruction Fuzzy Hash: BA81AD72208200BBC710EB28DC96F6AB7B9FF84714F10891CF5969B2D2DA70ED45CB52

Function 008C1424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad061636521fd369cf2e70b30f6ffae09df372a8611b2746a8e3f8d2ed347de4
Instruction ID: 3a418792e4af47ee761cbb0468e1b40bb85b9e49389ee58d566e905df4918f09
Opcode Fuzzy Hash: ad061636521fd369cf2e70b30f6ffae09df372a8611b2746a8e3f8d2ed347de4
Instruction Fuzzy Hash: 78714934904109EFCF049FA8C888EBEBB79FF86314F148159E915EA252C734EA51CBA4

Function 0094B351 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01184D90), ref: 0094B3EB
IsWindowEnabled.USER32(01184D90), ref: 0094B3F7
SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 0094B4DB
SendMessageW.USER32(01184D90,000000B0,?,?), ref: 0094B512
IsDlgButtonChecked.USER32(?,?), ref: 0094B54F
GetWindowLongW.USER32(01184D90,000000EC), ref: 0094B571
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 0094B589

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 7fb763e289aa08701851bf25b9cc734a6c648bc66f74319780db4220905da674
Instruction ID: f7f1d647670b732817b2355ee182f73593e0d5769fda72e9282693374120b30c
Opcode Fuzzy Hash: 7fb763e289aa08701851bf25b9cc734a6c648bc66f74319780db4220905da674
Instruction Fuzzy Hash: E271AC38609204EFEB249FA5C8A4FBABBB9EF4A300F144459F945973B2C735E850DB51

Function 0093F41E Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0093F448
_memset.LIBCMT ref: 0093F511
ShellExecuteExW.SHELL32(?), ref: 0093F556

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

Part of subcall function 008DFC86: _wcscpy.LIBCMT ref: 008DFCA9

GetProcessId.KERNEL32(00000000), ref: 0093F5CD
CloseHandle.KERNEL32(00000000), ref: 0093F5FC

Strings

@, xrefs: 0093F525

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
String ID: @
API String ID: 3522835683-2766056989
Opcode ID: a157a230ab6d856634379011d6fee96f85f3968a00e6a96c5a58998870c1c6f0
Instruction ID: 8224e47702fbad0499086d72d91d12bc615b07225b105a67cdc28a669a51d8df
Opcode Fuzzy Hash: a157a230ab6d856634379011d6fee96f85f3968a00e6a96c5a58998870c1c6f0
Instruction Fuzzy Hash: C7617B75A006199FCB04DF68C495AAEBBB5FF49310F1480A9E85AAB361CB30ED41CF91

Function 00920F4D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00920F8C
GetKeyboardState.USER32(?), ref: 00920FA1
SetKeyboardState.USER32(?), ref: 00921002
PostMessageW.USER32(?,00000101,00000010,?), ref: 00921030
PostMessageW.USER32(?,00000101,00000011,?), ref: 0092104F
PostMessageW.USER32(?,00000101,00000012,?), ref: 00921095
PostMessageW.USER32(?,00000101,0000005B,?), ref: 009210B8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 8b2ca7e170e3eecffe4ed46d2c5ddd821b33131a4f03ca9e911d390efcf5a73d
Instruction ID: 00be192967b8be103c9020bc3cbd7b0ec05e1ac814b3e5db9c15bab33fcf7672
Opcode Fuzzy Hash: 8b2ca7e170e3eecffe4ed46d2c5ddd821b33131a4f03ca9e911d390efcf5a73d
Instruction Fuzzy Hash: 605136606887E53DFB3642349C15BB6BEAD5B56300F088589F1D4458D7C2E8ECE4D760

Function 00920D66 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00920DA5
GetKeyboardState.USER32(?), ref: 00920DBA
SetKeyboardState.USER32(?), ref: 00920E1B
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00920E47
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00920E64
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00920EA8
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00920EC9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: f1b6d1d5af9ffa49e4fb476ed5f4ec5994d16af0fd7aa0159b84ba8db2565e43
Instruction ID: c58368619890dabbd0dfc01eef7803275967381ba424692c432f00df12683b1a
Opcode Fuzzy Hash: f1b6d1d5af9ffa49e4fb476ed5f4ec5994d16af0fd7aa0159b84ba8db2565e43
Instruction Fuzzy Hash: 865108A05487E57DFB3283749C55BBABFAD6B86300F088889F1D4468C7D395ACD8E760

Function 009255FD Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 0092560A
_wcsncpy.LIBCMT ref: 0092563F
_wcsncpy.LIBCMT ref: 00925671
_wcsncpy.LIBCMT ref: 009256A4
_wcsncpy.LIBCMT ref: 009256E6
_wcsncpy.LIBCMT ref: 00925720
_wcsncpy.LIBCMT ref: 0092574F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _wcsncpy$LocalTime
String ID:
API String ID: 2945705084-0
Opcode ID: 4ddea5a52406b9765ca1a30a303453fd85bde28ded42b309606ec39956e85625
Instruction ID: 14a17dc785f4b5dabd4865781fb685bbab85326ed3b40fb67968c3a9a2d24ce3
Opcode Fuzzy Hash: 4ddea5a52406b9765ca1a30a303453fd85bde28ded42b309606ec39956e85625
Instruction Fuzzy Hash: 0741D865C10664B6CB11EBB99C4A9CFB3BCEF06310F504866E518E3221FB34A645CBA7

Function 00923671 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0092466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00923697,?), ref: 0092468B

Part of subcall function 0092466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00923697,?), ref: 009246A4

lstrcmpiW.KERNEL32(?,?), ref: 009236B7
_wcscmp.LIBCMT ref: 009236D3
MoveFileW.KERNEL32(?,?), ref: 009236EB
_wcscat.LIBCMT ref: 00923733
SHFileOperationW.SHELL32(?), ref: 0092379F

Strings

\*.*, xrefs: 0092372D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
String ID: \*.*
API String ID: 1377345388-1173974218
Opcode ID: f53b39bb8b7a7af382b61698de3b3987d0af1961db4bfd74e43ad47b2c09034a
Instruction ID: 714521c3dc07db12c5d82778070f1049ee1dbaa7cd884bfe1d67fac238437450
Opcode Fuzzy Hash: f53b39bb8b7a7af382b61698de3b3987d0af1961db4bfd74e43ad47b2c09034a
Instruction Fuzzy Hash: E3418271508355AEC752EF64E446ADF77ECEF89380F10482EF49AC3251EA38D689CB52

Function 00947291 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 009472AA
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00947351
IsMenu.USER32(?), ref: 00947369
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 009473B1
DrawMenuBar.USER32 ref: 009473C4

Strings

0, xrefs: 0094729E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert_memset
String ID: 0
API String ID: 3866635326-4108050209
Opcode ID: 19407a717b65d5bb0005d7fdfa17140a8edd613399bcc781fa22023fc02d5934
Instruction ID: 708e7d316599796f93de531f5f31b29dcbbbbf8b2c5ca6e34630f8cab4320329
Opcode Fuzzy Hash: 19407a717b65d5bb0005d7fdfa17140a8edd613399bcc781fa22023fc02d5934
Instruction Fuzzy Hash: 4C412675A04209EFDB20DFA4E894EAABBF8FB09310F148529FD15A7250D730AD54EF50

Function 00940FA5 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00940FD4
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00940FFE
FreeLibrary.KERNEL32(00000000), ref: 009410B5

Part of subcall function 00940FA5: RegCloseKey.ADVAPI32(?), ref: 0094101B
Part of subcall function 00940FA5: FreeLibrary.KERNEL32(?), ref: 0094106D
Part of subcall function 00940FA5: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00941090

RegDeleteKeyW.ADVAPI32(?,?), ref: 00941058

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: EnumFreeLibrary$CloseDeleteOpen
String ID:
API String ID: 395352322-0
Opcode ID: 71dbe79735cd7bfa7b58d233f1c479b587904a12994ec995258c57697af17a7a
Instruction ID: 7e2fc33678818fa68a2efa4f113a7d98a724695394beb51e201c215104f8505c
Opcode Fuzzy Hash: 71dbe79735cd7bfa7b58d233f1c479b587904a12994ec995258c57697af17a7a
Instruction Fuzzy Hash: 52312B75911109BFDB15DF90DC99EFFB7BCEF49340F00026AE501A2141EB759EC99AA0

Function 009462CD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 009462EC
GetWindowLongW.USER32(01184D90,000000F0), ref: 0094631F
GetWindowLongW.USER32(01184D90,000000F0), ref: 00946354
SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00946386
SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 009463B0
GetWindowLongW.USER32(00000000,000000F0), ref: 009463C1
SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 009463DB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: 46b5031c0a22e117dc4e0dea0c8c93be9466de19f3cb214ba93b6fc2d646862c
Instruction ID: 642bf3c13b83453ce359407a3bedeafa4d45b0a60c0214cc9589785da1163eb8
Opcode Fuzzy Hash: 46b5031c0a22e117dc4e0dea0c8c93be9466de19f3cb214ba93b6fc2d646862c
Instruction Fuzzy Hash: 4C311378658295AFDB20CF18DC84F583BE5FB4A714F1A01A9F5018F2B2CB71AC44EB52

Function 0091DAEB Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0091DB2E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0091DB54
SysAllocString.OLEAUT32(00000000), ref: 0091DB57
SysAllocString.OLEAUT32(?), ref: 0091DB75
SysFreeString.OLEAUT32(?), ref: 0091DB7E
StringFromGUID2.OLE32(?,?,00000028), ref: 0091DBA3
SysAllocString.OLEAUT32(?), ref: 0091DBB1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: e84445bf65b77922b29e3413bf78d7c478d078b3a71a8085c038ff2a8743a901
Instruction ID: 9068cc65e1b6c33fbdbb6a419033490a75508cb9b6d58bf83c108bed70b8ed8b
Opcode Fuzzy Hash: e84445bf65b77922b29e3413bf78d7c478d078b3a71a8085c038ff2a8743a901
Instruction Fuzzy Hash: FC21817670921EAF9F10DFA9DC88CFB73ACEB09360B018535F915DB260DA749C819B60

Function 00936173 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00937D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00937DB6

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 009361C6
WSAGetLastError.WSOCK32(00000000), ref: 009361D5
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 0093620E
connect.WSOCK32(00000000,?,00000010), ref: 00936217
WSAGetLastError.WSOCK32 ref: 00936221
closesocket.WSOCK32(00000000), ref: 0093624A
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00936263

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
String ID:
API String ID: 910771015-0
Opcode ID: a93dcfc9bcc15688805806913f213f7af265203a3b1a7d69dab3e35b6ace7b40
Instruction ID: eece12cdcc806a99366f1cb1e4964f59b84a2a210c341e8a70183ea57ffc660c
Opcode Fuzzy Hash: a93dcfc9bcc15688805806913f213f7af265203a3b1a7d69dab3e35b6ace7b40
Instruction Fuzzy Hash: A231BE35604118AFDF10AF64CC89FBA7BACEB45724F058069F915EB291CB74AC049BA2

Function 0091F65E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 0091F671
__wcsnicmp.LIBCMT ref: 0091F692
__wcsnicmp.LIBCMT ref: 0091F6AC

Strings

#requireadmin, xrefs: 0091F68C
#OnAutoItStartRegister, xrefs: 0091F6A6
#notrayicon, xrefs: 0091F669

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __wcsnicmp
String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
API String ID: 1038674560-2734436370
Opcode ID: 2bc8116f88a19c3fac85039b543655ad1fc232102379f83757b95688a2992a95
Instruction ID: 574763830db8cf1682d1e48792086e9fb2824e1f04e348ebab079eee2ce03b2f
Opcode Fuzzy Hash: 2bc8116f88a19c3fac85039b543655ad1fc232102379f83757b95688a2992a95
Instruction Fuzzy Hash: BD21377230465D66D720A739AC22EE7739CEF5A354F20443AF846C7091EB549DC2C396

Function 0091DBC4 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0091DC09
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0091DC2F
SysAllocString.OLEAUT32(00000000), ref: 0091DC32
SysAllocString.OLEAUT32 ref: 0091DC53
SysFreeString.OLEAUT32 ref: 0091DC5C
StringFromGUID2.OLE32(?,?,00000028), ref: 0091DC76
SysAllocString.OLEAUT32(?), ref: 0091DC84

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: b16300ac62036d5a7f43b956c907d1c8ea23d37a9b828b71e904276e62fd262d
Instruction ID: 2c0bf0006f5cc35edd03fc5b00807a0f111a9ac8196ec18ea51a7f33196a4f11
Opcode Fuzzy Hash: b16300ac62036d5a7f43b956c907d1c8ea23d37a9b828b71e904276e62fd262d
Instruction Fuzzy Hash: 92218335709209AF9B10DFA8DC88DEB77ECEB09360B108525F955CB260DAB4DD81DBA4

Function 009475CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 008C1D73
Part of subcall function 008C1D35: GetStockObject.GDI32(00000011), ref: 008C1D87
Part of subcall function 008C1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 008C1D91

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00947632
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0094763F
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0094764A
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00947659
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00947665

Strings

Msctls_Progress32, xrefs: 00947603

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: a5338274281c4d5ad84e39046e741629522ec38a0477614ccdc59ab8304fde2c
Instruction ID: 2f20040144f33a46ef256dd5ee9256d05f0f09816b5f4e66e278f9ba7f5726d8
Opcode Fuzzy Hash: a5338274281c4d5ad84e39046e741629522ec38a0477614ccdc59ab8304fde2c
Instruction Fuzzy Hash: 4B1163B215421DBFEF159F64CC85EE7BF6DEF08798F114115B604A6060CB729C21DBA4

Function 008E9AE6 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 008E9AE6

Part of subcall function 008E3187: EncodePointer.KERNEL32(00000000), ref: 008E318A
Part of subcall function 008E3187: __initp_misc_winsig.LIBCMT ref: 008E31A5
Part of subcall function 008E3187: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 008E9EA0
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 008E9EB4
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 008E9EC7
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 008E9EDA
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 008E9EED
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 008E9F00
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 008E9F13
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 008E9F26
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 008E9F39
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 008E9F4C
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 008E9F5F
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 008E9F72
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 008E9F85
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 008E9F98
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 008E9FAB
Part of subcall function 008E3187: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 008E9FBE

__mtinitlocks.LIBCMT ref: 008E9AEB
__mtterm.LIBCMT ref: 008E9AF4

Part of subcall function 008E9B5C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,008E9AF9,008E7CD0,0097A0B8,00000014), ref: 008E9C56
Part of subcall function 008E9B5C: _free.LIBCMT ref: 008E9C5D
Part of subcall function 008E9B5C: DeleteCriticalSection.KERNEL32(0097EC00,?,?,008E9AF9,008E7CD0,0097A0B8,00000014), ref: 008E9C7F

__calloc_crt.LIBCMT ref: 008E9B19
__initptd.LIBCMT ref: 008E9B3B
GetCurrentThreadId.KERNEL32 ref: 008E9B42

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
String ID:
API String ID: 3567560977-0
Opcode ID: f9e916ac49833266e1314501544a5ec1b9e7495684b730e445699bc035e774bf
Instruction ID: a4a45750e5c762ba79a398ccc3b83a3749cfb80233c7ad1f07ac173b3e9a831f
Opcode Fuzzy Hash: f9e916ac49833266e1314501544a5ec1b9e7495684b730e445699bc035e774bf
Instruction Fuzzy Hash: 12F0623261D7B15AE774B67F7C0764A2691FF43734B200629F5E4C51D2EE9084414562

Function 008E406B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,008E3F85), ref: 008E4085
GetProcAddress.KERNEL32(00000000), ref: 008E408C
EncodePointer.KERNEL32(00000000), ref: 008E4097
DecodePointer.KERNEL32(008E3F85), ref: 008E40B2

Strings

combase.dll, xrefs: 008E4080
RoUninitialize, xrefs: 008E4074

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoUninitialize$combase.dll
API String ID: 3489934621-2819208100
Opcode ID: 9e90abc124e6110efc99d5424a7645a4e19ddab545241b9e529768db83086526
Instruction ID: ac7da5e648c74abe000d07180b0792842add0a4c3d8a945730af7f5cd7809861
Opcode Fuzzy Hash: 9e90abc124e6110efc99d5424a7645a4e19ddab545241b9e529768db83086526
Instruction Fuzzy Hash: B3E0B6745AD702EFEB60AF62EC1DF053AA4F706F86F108024F511E52A0CBB68608FB14

Function 008C1DB3 Relevance: 9.3, APIs: 6, Instructions: 254COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 008C1DDC
GetWindowRect.USER32(?,?), ref: 008C1E1D
ScreenToClient.USER32(?,?), ref: 008C1E45
GetClientRect.USER32(?,?), ref: 008C1F74
GetWindowRect.USER32(?,?), ref: 008C1F8D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: 9088a3b9159056816474fa65c82fec8a3ddd6f6a942c6bc99105185ae3a8c65e
Instruction ID: 03e8cffccb8a37911292a5ef073fcea6fd9b5265dffae7bf961e62bf8bdd6b8c
Opcode Fuzzy Hash: 9088a3b9159056816474fa65c82fec8a3ddd6f6a942c6bc99105185ae3a8c65e
Instruction Fuzzy Hash: 9DB14679A1024ADBDF10CFA8C484BEAB7B1FF09314F148529ED59EB255DB30AA40DB64

Function 009264B8 Relevance: 9.2, APIs: 6, Instructions: 205COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0092660B
_memmove.LIBCMT ref: 00926546

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

_memmove.LIBCMT ref: 009265B9
_memmove.LIBCMT ref: 009266A0
_memmove.LIBCMT ref: 009266B9
_memmove.LIBCMT ref: 009266D5

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove$__itow__swprintf
String ID:
API String ID: 3253778849-0
Opcode ID: 34dc75f1d360b63ce599dc2d496eca258b29278931950623ef800f25f87fbebb
Instruction ID: 977925afa9ae967751bd5d10bb20356986781d82c52c6ffb7132bff032c2fdc9
Opcode Fuzzy Hash: 34dc75f1d360b63ce599dc2d496eca258b29278931950623ef800f25f87fbebb
Instruction Fuzzy Hash: 83618A305002AA9BCF01EF68D886FBE37A9FF45308F044968F8599B196DA74ED45CB52

Function 009401E4 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 00940E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093FDAD,?,?), ref: 00940E31

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 009402BD
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 009402FD
RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00940320
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00940349
RegCloseKey.ADVAPI32(?,?,00000000), ref: 0094038C
RegCloseKey.ADVAPI32(00000000), ref: 00940399

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
String ID:
API String ID: 4046560759-0
Opcode ID: f618e8862c1d9e63707d828c25350575df2185980a746c48845b616c84730c02
Instruction ID: e2b4cd53855311651ddd447260df8ad7274417a86ba389b3d76f88bde94800f0
Opcode Fuzzy Hash: f618e8862c1d9e63707d828c25350575df2185980a746c48845b616c84730c02
Instruction Fuzzy Hash: 87515831208201AFCB14EF68C885E6EBBF9FF89314F04492DF595872A2DB31E944DB52

Function 00945799 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 009457FB
GetMenuItemCount.USER32(00000000), ref: 00945832
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0094585A
GetMenuItemID.USER32(?,?), ref: 009458C9
GetSubMenu.USER32(?,?), ref: 009458D7
PostMessageW.USER32(?,00000111,?,00000000), ref: 00945928

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Menu$Item$CountMessagePostString
String ID:
API String ID: 650687236-0
Opcode ID: d9bd03b0192e9ef2e770e30208f17f73d14a3e2e5ba03a9c7c599df6ddd49fb4
Instruction ID: 2e3c9bcf6cec8c9db0c6fff3a603209f5609ea9978ac14ad973814b0e38f369c
Opcode Fuzzy Hash: d9bd03b0192e9ef2e770e30208f17f73d14a3e2e5ba03a9c7c599df6ddd49fb4
Instruction Fuzzy Hash: 1F516A35A00615EFCF10DFA8C845EAEB7B4FF49320F1144A9E841BB352CB74AE418B91

Function 0091EEEC Relevance: 9.2, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0091EF06
VariantClear.OLEAUT32(00000013), ref: 0091EF78
VariantClear.OLEAUT32(00000000), ref: 0091EFD3
_memmove.LIBCMT ref: 0091EFFD
VariantClear.OLEAUT32(?), ref: 0091F04A
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0091F078

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType_memmove
String ID:
API String ID: 1101466143-0
Opcode ID: 33070f527caeb79f46a297ee928c33e864a4c5af3bd8472e7fac20553bc47437
Instruction ID: 42d93cc2bab2402a4f5289d95d490c37aec68a84083dd25adc5397d0b2af70d3
Opcode Fuzzy Hash: 33070f527caeb79f46a297ee928c33e864a4c5af3bd8472e7fac20553bc47437
Instruction Fuzzy Hash: 215158B5A00209EFCB14CF58C894AAAB7F8FF4C314B158569ED59DB311E734E951CBA0

Function 0092220A Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00922258
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 009222A3
IsMenu.USER32(00000000), ref: 009222C3
CreatePopupMenu.USER32 ref: 009222F7
GetMenuItemCount.USER32(000000FF), ref: 00922355
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00922386

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup_memset
String ID:
API String ID: 3311875123-0
Opcode ID: e7cc88cac57913f3f0ee8680aef342785679aeaab60ff29bbfde6de5ca412e24
Instruction ID: 8b4632cda47e9ad93f61143498b4b96fdd24b9f7977a83559cf6f301823ef9ca
Opcode Fuzzy Hash: e7cc88cac57913f3f0ee8680aef342785679aeaab60ff29bbfde6de5ca412e24
Instruction Fuzzy Hash: 4C51CF3060426AFBDF21CF68E988BAEBBF9BF45714F104529F81197298E3799904CB51

Function 008C1765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

BeginPaint.USER32(?,?,?,?,?,?), ref: 008C179A
GetWindowRect.USER32(?,?), ref: 008C17FE
ScreenToClient.USER32(?,?), ref: 008C181B
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008C182C
EndPaint.USER32(?,?), ref: 008C1876

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: PaintWindow$BeginClientLongRectScreenViewport
String ID:
API String ID: 1827037458-0
Opcode ID: 79de3917350dd9784a04848823d0537b63342aae0941a27e7dd521f073e774fe
Instruction ID: ce310bdcf1dfa53ea1047e3086dc9d31de82fa89df5374c614b56c48a3c2bcd6
Opcode Fuzzy Hash: 79de3917350dd9784a04848823d0537b63342aae0941a27e7dd521f073e774fe
Instruction Fuzzy Hash: 3B417C341182059FDB10DF24C8C8FA67BF8FB4A764F044669F5A5C62A2C730D849DB62

Function 0094B69E Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(009857B0,00000000,01184D90,?,?,009857B0,?,0094B5A8,?,?), ref: 0094B712
EnableWindow.USER32(00000000,00000000), ref: 0094B736
ShowWindow.USER32(009857B0,00000000,01184D90,?,?,009857B0,?,0094B5A8,?,?), ref: 0094B796
ShowWindow.USER32(00000000,00000004,?,0094B5A8,?,?), ref: 0094B7A8
EnableWindow.USER32(00000000,00000001), ref: 0094B7CC
SendMessageW.USER32(?,0000130C,?,00000000), ref: 0094B7EF

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: bb62e14a7f68ed8034e5d1d5b8b8dbf2dcfaa464a13067f33719660c126a1e46
Instruction ID: de45702cd8b16e6386e985f98b63374c0cd5ac61f255d5f2b28ca814eddb0c2c
Opcode Fuzzy Hash: bb62e14a7f68ed8034e5d1d5b8b8dbf2dcfaa464a13067f33719660c126a1e46
Instruction Fuzzy Hash: 9B417D34604245AFDB26CF28C499F957FE9FF85314F1841B9EA488FAA2C731E856CB50

Function 0093709E Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,00934E41,?,?,00000000,00000001), ref: 009370AC

Part of subcall function 009339A0: GetWindowRect.USER32(?,?), ref: 009339B3

GetDesktopWindow.USER32 ref: 009370D6
GetWindowRect.USER32(00000000), ref: 009370DD
mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 0093710F

Part of subcall function 00925244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 009252BC

GetCursorPos.USER32(?), ref: 0093713B
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00937199

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
String ID:
API String ID: 4137160315-0
Opcode ID: 009dbf25c20425b6caea5aeea67ddb522a525d56db19c0ce354dc135db5e4bc7
Instruction ID: a581c7d64369ab26817b86795fdf42bdfd9821117cfdf52c041ea120f92a1053
Opcode Fuzzy Hash: 009dbf25c20425b6caea5aeea67ddb522a525d56db19c0ce354dc135db5e4bc7
Instruction Fuzzy Hash: C431F272108306ABD720DF94D849F9BB7E9FF89304F000919F48497191C630EA08CB92

Function 00918879 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 009180A9: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 009180C0
Part of subcall function 009180A9: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 009180CA
Part of subcall function 009180A9: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 009180D9
Part of subcall function 009180A9: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 009180E0
Part of subcall function 009180A9: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 009180F6

GetLengthSid.ADVAPI32(?,00000000,0091842F), ref: 009188CA
GetProcessHeap.KERNEL32(00000008,00000000), ref: 009188D6
HeapAlloc.KERNEL32(00000000), ref: 009188DD
CopySid.ADVAPI32(00000000,00000000,?), ref: 009188F6
GetProcessHeap.KERNEL32(00000000,00000000,0091842F), ref: 0091890A
HeapFree.KERNEL32(00000000), ref: 00918911

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: a5f4f49bf9a52f02720b247aa5f1e794009fdff49aab6754350481e9cf27be2c
Instruction ID: 01a486d138743a40fd4f7125f1d76fcc4527bb258692cbefa40fa09ad74e6d86
Opcode Fuzzy Hash: a5f4f49bf9a52f02720b247aa5f1e794009fdff49aab6754350481e9cf27be2c
Instruction Fuzzy Hash: EB11AF3562520AFFDB109FA4DC19FFF77ACEB85315F104068E84597110CB329980EB60

Function 009185B1 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 009185E2
OpenProcessToken.ADVAPI32(00000000), ref: 009185E9
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 009185F8
CloseHandle.KERNEL32(00000004), ref: 00918603
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00918632
DestroyEnvironmentBlock.USERENV(00000000), ref: 00918646

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: f0ba6bd5dbdff5831f0cdc08948350a0280f1097daf1f588a06cb9e3b4ee12b3
Instruction ID: 59386f0097add5932af59f7a8bb94a0878ae6450c6f8b933d588027b0a18c9fa
Opcode Fuzzy Hash: f0ba6bd5dbdff5831f0cdc08948350a0280f1097daf1f588a06cb9e3b4ee12b3
Instruction Fuzzy Hash: FC11477660420EABDF118FA4DD49FEF7BA9EB49354F044064FE05A2160C7768DA0AB60

Function 0091B790 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 0091B7B5
GetDeviceCaps.GDI32(00000000,00000058), ref: 0091B7C6
GetDeviceCaps.GDI32(00000000,0000005A), ref: 0091B7CD
ReleaseDC.USER32(00000000,00000000), ref: 0091B7D5
MulDiv.KERNEL32(000009EC,?,00000000), ref: 0091B7EC
MulDiv.KERNEL32(000009EC,?,?), ref: 0091B7FE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 665d427c2c6eb8e31aa561442661bd075d2a034c6684bfe286b2478b270b7e9c
Instruction ID: 97d45e278fef2eaf4d47dc27a8ff4466754484d23c150d298be89c93e76ce8e0
Opcode Fuzzy Hash: 665d427c2c6eb8e31aa561442661bd075d2a034c6684bfe286b2478b270b7e9c
Instruction Fuzzy Hash: 82017175A04219BBEF109BB69D45F5ABFB8EB49351F044065FA08A7291D6309C00CF90

Function 008E0162 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 008E0193
MapVirtualKeyW.USER32(00000010,00000000), ref: 008E019B
MapVirtualKeyW.USER32(000000A0,00000000), ref: 008E01A6
MapVirtualKeyW.USER32(000000A1,00000000), ref: 008E01B1
MapVirtualKeyW.USER32(00000011,00000000), ref: 008E01B9
MapVirtualKeyW.USER32(00000012,00000000), ref: 008E01C1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 85f8e5c7de1654a39252d4221bde2eb2f7da3a266f32d9feb9a14c71d944ec73
Instruction ID: 0389320a26472f11fa891d78a3474db51c0330c124c6bb59d47db38c3b915628
Opcode Fuzzy Hash: 85f8e5c7de1654a39252d4221bde2eb2f7da3a266f32d9feb9a14c71d944ec73
Instruction Fuzzy Hash: C8016CB090275A7DE3008F5A8C85B52FFA8FF19354F00411BA15C47941C7F5A868CBE5

Function 009253E9 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 009253F9
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0092540F
GetWindowThreadProcessId.USER32(?,?), ref: 0092541E
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0092542D
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00925437
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0092543E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: 215ce2d97e4be13267263a714468860ec577ab4e243ebba5b2099c8742e07d5a
Instruction ID: 6ecc6c8d5cdd87a510cf7a10ddb55af870b430c31fdd1022dcc1ec746f59500f
Opcode Fuzzy Hash: 215ce2d97e4be13267263a714468860ec577ab4e243ebba5b2099c8742e07d5a
Instruction Fuzzy Hash: A5F09036258559BBE3205BA2DC0DEEF7B7CEFCBB11F000169FA04D1060D7A01A0196B5

Function 00927230 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00927243
EnterCriticalSection.KERNEL32(?,?,008D0EE4,?,?), ref: 00927254
TerminateThread.KERNEL32(00000000,000001F6,?,008D0EE4,?,?), ref: 00927261
WaitForSingleObject.KERNEL32(00000000,000003E8,?,008D0EE4,?,?), ref: 0092726E

Part of subcall function 00926C35: CloseHandle.KERNEL32(00000000,?,0092727B,?,008D0EE4,?,?), ref: 00926C3F

InterlockedExchange.KERNEL32(?,000001F6), ref: 00927281
LeaveCriticalSection.KERNEL32(?,?,008D0EE4,?,?), ref: 00927288

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: ccba1c490a27a4f0da474ef5b2052589366714c3df5b09cd8b5ad57cfbf9bd16
Instruction ID: 5efaa1897ac443fe900581d7537ac97cd982523226fe5a4e2f0043d9b6bec577
Opcode Fuzzy Hash: ccba1c490a27a4f0da474ef5b2052589366714c3df5b09cd8b5ad57cfbf9bd16
Instruction Fuzzy Hash: 22F05E3A558A13EBE7112B64ED5CEDB7769EF4A702B100531F613A10A4CBB65811DB60

Function 00918992 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 0091899D
UnloadUserProfile.USERENV(?,?), ref: 009189A9
CloseHandle.KERNEL32(?), ref: 009189B2
CloseHandle.KERNEL32(?), ref: 009189BA
GetProcessHeap.KERNEL32(00000000,?), ref: 009189C3
HeapFree.KERNEL32(00000000), ref: 009189CA

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 243f1ec03beed31897a814b5add2edc958b471154d167c4e0469d0960fc4b4d7
Instruction ID: 6f775a106f654708d874c2afbbbe3e9e4c8b0083d9d4686c4d7f62eb23a44bbd
Opcode Fuzzy Hash: 243f1ec03beed31897a814b5add2edc958b471154d167c4e0469d0960fc4b4d7
Instruction Fuzzy Hash: ACE0527A118506FBDA011FE5EC1CD5ABBA9FB8A762B508631F21981470CB329461EB50

Function 009385ED Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00938613
CharUpperBuffW.USER32(?,?), ref: 00938722
VariantClear.OLEAUT32(?), ref: 0093889A

Part of subcall function 00927562: VariantInit.OLEAUT32(00000000), ref: 009275A2
Part of subcall function 00927562: VariantCopy.OLEAUT32(00000000,?), ref: 009275AB
Part of subcall function 00927562: VariantClear.OLEAUT32(00000000), ref: 009275B7

Strings

Incorrect Parameter format, xrefs: 0093864B, 0093880D
AUTOIT.ERROR, xrefs: 00938728

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4237274167-1221869570
Opcode ID: 787cebbf8d181c10319a36e79ff7210b6c3b8b64f7ce362b1f1c8a59bd1e6bd5
Instruction ID: 4ab7b91258c3eb9fd8fb75f68386a875b3aa9243f9bf08a5853964e7c7179701
Opcode Fuzzy Hash: 787cebbf8d181c10319a36e79ff7210b6c3b8b64f7ce362b1f1c8a59bd1e6bd5
Instruction Fuzzy Hash: BD9147756083019FCB10DF28C485A5BBBE9FF89714F14896DF89A8B261DB30E945CF92

Function 00922A96 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008DFC86: _wcscpy.LIBCMT ref: 008DFCA9

_memset.LIBCMT ref: 00922B87
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00922BB6
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00922C69
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00922C97

Strings

0, xrefs: 00922B73

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ItemMenu$Info$Default_memset_wcscpy
String ID: 0
API String ID: 4152858687-4108050209
Opcode ID: d11296eefc1d79f945a9189b4e1bfef1006015494bcb7dc72c9198318ea6f71c
Instruction ID: 96bc793787b1cf5d95690c724417bb1aabbdf5f42522f503a2e8b2a9a9952f6c
Opcode Fuzzy Hash: d11296eefc1d79f945a9189b4e1bfef1006015494bcb7dc72c9198318ea6f71c
Instruction Fuzzy Hash: 2051DF71608321AAD724EF28E845A6FB7E8EF86320F040A6DF8D1D7294DB74CD44DB52

Function 0091D56C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0091D5D4
SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0091D60A
GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0091D61B
SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0091D69D

Strings

DllGetClassObject, xrefs: 0091D610

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorMode$AddressCreateInstanceProc
String ID: DllGetClassObject
API String ID: 753597075-1075368562
Opcode ID: a21d69b469dcc0efa2f56c8493cf6ddad56954d0ccf2685678a988de7b4af5d6
Instruction ID: c196d0bffbb47bd5a256ed3b1793171cf0f2be7d187b286933917c441f9c93d8
Opcode Fuzzy Hash: a21d69b469dcc0efa2f56c8493cf6ddad56954d0ccf2685678a988de7b4af5d6
Instruction Fuzzy Hash: F1418FB1701208EFDB15CF54C884BDABBA9EF45354F1581A9EC099F209D7B1DA84CBA0

Function 00922753 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 009227C0
GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 009227DC
DeleteMenu.USER32(?,00000007,00000000), ref: 00922822
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00985890,00000000), ref: 0092286B

Strings

0, xrefs: 009227B5

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Menu$Delete$InfoItem_memset
String ID: 0
API String ID: 1173514356-4108050209
Opcode ID: 469e4c0ca5448184464ef4868301c73021da2cfa5e2a389eef6ef4a9a5d4620e
Instruction ID: 1f934b719ebdf133c96d632627ae49fb954e7b78e13ecad0caa6d08564eccd4e
Opcode Fuzzy Hash: 469e4c0ca5448184464ef4868301c73021da2cfa5e2a389eef6ef4a9a5d4620e
Instruction Fuzzy Hash: 1541BE71208351AFD720DF24E884F6ABBE8EF85314F044A2DF9A6D7295D770E905CB62

Function 0093D7A5 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0093D7C5

Part of subcall function 008C784B: _memmove.LIBCMT ref: 008C7899

Strings

winapi, xrefs: 0093D836
none, xrefs: 0093D8A0
stdcall, xrefs: 0093D847
cdecl, xrefs: 0093D81C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharLower_memmove
String ID: cdecl$none$stdcall$winapi
API String ID: 3425801089-567219261
Opcode ID: b8963e7fa9003c6f55dde12838847e10970635308533fa697bb039d0d50a7fc0
Instruction ID: 6c595a876df623ba8e0068e9871bcc9934cad06e4d45ab61d93a03eb16c757d6
Opcode Fuzzy Hash: b8963e7fa9003c6f55dde12838847e10970635308533fa697bb039d0d50a7fc0
Instruction Fuzzy Hash: 7531B071904619ABCF00EF58D861AAEB3B4FF05320F008A69E825976D1DB71E945CF80

Function 00918E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 0091AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0091AABC

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00918F14
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00918F27
SendMessageW.USER32(?,00000189,?,00000000), ref: 00918F57

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

Strings

ListBox, xrefs: 00918ED3
ComboBox, xrefs: 00918E9E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$_memmove$ClassName
String ID: ComboBox$ListBox
API String ID: 365058703-1403004172
Opcode ID: fe2a6db836efdbd17cdc4b1c571b5d1dfdba7829a73f884b78299462139a7506
Instruction ID: 5ecb0d6bf421e384ba5855142db654328221477999804f3c29574a2c3c9dc981
Opcode Fuzzy Hash: fe2a6db836efdbd17cdc4b1c571b5d1dfdba7829a73f884b78299462139a7506
Instruction Fuzzy Hash: C6213471A04109BADB14ABB4DC85EFFB779EF46360F00452DF425972E0CF385C8AAA50

Function 0093182D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0093184C
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00931872
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 009318A2
InternetCloseHandle.WININET(00000000), ref: 009318E9

Part of subcall function 00932483: GetLastError.KERNEL32(?,?,00931817,00000000,00000000,00000001), ref: 00932498
Part of subcall function 00932483: SetEvent.KERNEL32(?,?,00931817,00000000,00000000,00000001), ref: 009324AD

Strings

, xrefs: 00931893

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: 7a920c3969874a0d32f6860de90d19c4767925e75ce615f98c6a7ab378408eca
Instruction ID: 71a2f644abd7d4b0ff6eb80754738f54e65e5c0fbe144dc15d3d1b4d2f6f7d30
Opcode Fuzzy Hash: 7a920c3969874a0d32f6860de90d19c4767925e75ce615f98c6a7ab378408eca
Instruction Fuzzy Hash: 3221CDB5504308BFEB119F64DC85FBF77EDEB89748F10412AF805A6250EB288D04ABB5

Function 009463E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 008C1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 008C1D73
Part of subcall function 008C1D35: GetStockObject.GDI32(00000011), ref: 008C1D87
Part of subcall function 008C1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 008C1D91

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00946461
LoadLibraryW.KERNEL32(?), ref: 00946468
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 0094647D
DestroyWindow.USER32(?), ref: 00946485

Strings

SysAnimate32, xrefs: 0094643C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
String ID: SysAnimate32
API String ID: 4146253029-1011021900
Opcode ID: 7086d22ce08883a277879e969ae87dca20bac4733404713278dbdb99b33c9236
Instruction ID: d795f374bca9fd659b8e5ec246a60cf200fe344987e4996b39c0d8921ce684d5
Opcode Fuzzy Hash: 7086d22ce08883a277879e969ae87dca20bac4733404713278dbdb99b33c9236
Instruction Fuzzy Hash: E9219DB5210205BFEF104FA4DC94EBB37ADEB5A3A8F108629FA10921A0D731DC51A762

Function 00926D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00926DBC
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00926DEF
GetStdHandle.KERNEL32(0000000C), ref: 00926E01
CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00926E3B

Strings

nul, xrefs: 00926E36

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: b5b41ecf869bc8ae51a376d55a997d41b192c3ffe416e0c76e85edf3be70528e
Instruction ID: 5177fed9ac8443a47315bb6d382ef556473bee719a171ff8b797b134679814f7
Opcode Fuzzy Hash: b5b41ecf869bc8ae51a376d55a997d41b192c3ffe416e0c76e85edf3be70528e
Instruction Fuzzy Hash: 8721C47560022AABDB20AF39EC04B9A7BF8EF85720F204A19FDA0D76D4D7709810DB50

Function 00926E6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00926E89
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00926EBB
GetStdHandle.KERNEL32(000000F6), ref: 00926ECC
CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00926F06

Strings

nul, xrefs: 00926F01

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 7000ca1cd741f09b2a6372056c2d25eb6a3a0a2dfb51ef64abf6c31bff046302
Instruction ID: 385ee07930744d196cef4c9b0091057484a70b64e5cfb577220bb792163226a2
Opcode Fuzzy Hash: 7000ca1cd741f09b2a6372056c2d25eb6a3a0a2dfb51ef64abf6c31bff046302
Instruction Fuzzy Hash: 992171795003269BDB209F69EC04AAE77E8EF96730F200A19FDE1D76D4D770A861CB50

Function 0092AC40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 0092AC54
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0092ACA8
__swprintf.LIBCMT ref: 0092ACC1
SetErrorMode.KERNEL32(00000000,00000001,00000000,0094F910), ref: 0092ACFF

Strings

%lu, xrefs: 0092ACBB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorMode$InformationVolume__swprintf
String ID: %lu
API String ID: 3164766367-685833217
Opcode ID: 63df98cd01c2f12456ff7e650031bb2292cd02ea177cf7bd3fefc6889eafa43d
Instruction ID: 2d602d86a94f5fdf3962d3d9760f7c8eab527743f30c32a6e75a92fe667f238a
Opcode Fuzzy Hash: 63df98cd01c2f12456ff7e650031bb2292cd02ea177cf7bd3fefc6889eafa43d
Instruction Fuzzy Hash: 84217135A00109AFCB10EF69D945EEF7BB8FF89714B0040A9F909DB251DB71EA41DB61

Function 00921AE8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00921B19

Strings

KEYS, xrefs: 00921B30
EXISTS, xrefs: 00921B41
REMOVE, xrefs: 00921B1F
APPEND, xrefs: 00921B52

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 3964851224-769500911
Opcode ID: 3fa6edc87dac9a09b87ec0069aa904ad5c602677c3e423735f02185507734d2c
Instruction ID: fca4c62125a77a7500e0b3af803f2741fb706582bc9270f91005e3863cbea5c7
Opcode Fuzzy Hash: 3fa6edc87dac9a09b87ec0069aa904ad5c602677c3e423735f02185507734d2c
Instruction Fuzzy Hash: 4811A5319402588FCF00DF58E8518FEB7B4FF26304B1084A8E81497655EB329D46CF50

Function 0093EB55 Relevance: 7.7, APIs: 5, Instructions: 247COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0093EC07
GetProcessIoCounters.KERNEL32(00000000,?), ref: 0093EC37
GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0093ED6A
CloseHandle.KERNEL32(?), ref: 0093EDEB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$CloseCountersHandleInfoMemoryOpen
String ID:
API String ID: 2364364464-0
Opcode ID: 8bc544fc6b7bc1f7f8a1cff546045555eb094b2a4345a583f547a5d684884ea7
Instruction ID: 6893dfa3d794087a578f75d025fbe5c2602d82f0410be17ceaf36665cf2f860d
Opcode Fuzzy Hash: 8bc544fc6b7bc1f7f8a1cff546045555eb094b2a4345a583f547a5d684884ea7
Instruction Fuzzy Hash: 55813D716047119FD760EF28C886F2AB7E5EF84710F14886DF99ADB2D2DA70EC418B52

Function 00940037 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 00940E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0093FDAD,?,?), ref: 00940E31

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 009400FD
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 0094013C
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00940183
RegCloseKey.ADVAPI32(?,?), ref: 009401AF
RegCloseKey.ADVAPI32(00000000), ref: 009401BC

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
String ID:
API String ID: 3440857362-0
Opcode ID: 179c8511858cc1f822e4242802e1baf87565f34370ae2aabdf2032e7cc0dea67
Instruction ID: b438067ab5877295c06dd29a4c9f0f223928b19806474235630addcfad3be1dd
Opcode Fuzzy Hash: 179c8511858cc1f822e4242802e1baf87565f34370ae2aabdf2032e7cc0dea67
Instruction Fuzzy Hash: D6515871208205AFD714EF68D881F6AB7F9FF88314F40492DF5968B2A2DB31E944CB52

Function 0093D8C8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0093D927
GetProcAddress.KERNEL32(00000000,?), ref: 0093D9AA
GetProcAddress.KERNEL32(00000000,00000000), ref: 0093D9C6
GetProcAddress.KERNEL32(00000000,?), ref: 0093DA07
FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0093DA21

Part of subcall function 008C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00927896,?,?,00000000), ref: 008C5A2C
Part of subcall function 008C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00927896,?,?,00000000,?,?), ref: 008C5A50

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
String ID:
API String ID: 327935632-0
Opcode ID: ec97f6c8de3709284440bd2a10017a5b619a1d0a7ba8b6718d3492c3f77e39cd
Instruction ID: 766b8890609883f78cdcaba2f6b91d96efbcb53a9b0f0e8d5d4f9195e450a998
Opcode Fuzzy Hash: ec97f6c8de3709284440bd2a10017a5b619a1d0a7ba8b6718d3492c3f77e39cd
Instruction Fuzzy Hash: 2851F535A05209DFCB00EFA8D494EADB7B5FF09320B1481A9E859AB312DB31ED45CF91

Function 0092E571 Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0092E61F
GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0092E648
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0092E687

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0092E6AC
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0092E6B4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
String ID:
API String ID: 1389676194-0
Opcode ID: 9bb209238c0e1a765b2357f2d5884826dfe6fef1f6fe8f94cf265dc340db0a6a
Instruction ID: c13bf1d2b5bb981f3d89a3c08063bf8ea0eb4f24a5c8e5edc69ae2f64410f002
Opcode Fuzzy Hash: 9bb209238c0e1a765b2357f2d5884826dfe6fef1f6fe8f94cf265dc340db0a6a
Instruction Fuzzy Hash: 3C510635A00205DFCB01EF69C985EAABBF5FF09314B1480A9E859AB362CB31ED51DB51

Function 0094A056 Relevance: 7.6, APIs: 5, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a25055ebfa9f89e2a6c91c0e0226cc55fbeace45e2ca6fc12b28a3f736441f18
Instruction ID: d0465866686f0add274a16d41e8ef72313c8dc6c93469029ec501fff97294929
Opcode Fuzzy Hash: a25055ebfa9f89e2a6c91c0e0226cc55fbeace45e2ca6fc12b28a3f736441f18
Instruction Fuzzy Hash: 2241D63998C114AFD724DF28CC58FA9BBACEB0E320F150565F816A72E1C770AD41EB51

Function 008C2344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 008C2357
ScreenToClient.USER32(009857B0,?), ref: 008C2374
GetAsyncKeyState.USER32(00000001), ref: 008C2399
GetAsyncKeyState.USER32(00000002), ref: 008C23A7

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: 2d7a76cceb516538d72face04d55dba6e6751a5e93141dd122e4abd093f8c2a7
Instruction ID: 7ea8a643b50360df406cce46622c0b2d50b24323f8025a8177a3c3e9281fd15f
Opcode Fuzzy Hash: 2d7a76cceb516538d72face04d55dba6e6751a5e93141dd122e4abd093f8c2a7
Instruction Fuzzy Hash: 01416C75608109FBCB199F78C844FE9BB74FB45364F20431AF929D22E0CB359A50DB91

Function 009163AA Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 009163E7
TranslateAcceleratorW.USER32(?,?,?), ref: 00916433
TranslateMessage.USER32(?), ref: 0091645C
DispatchMessageW.USER32(?), ref: 00916466
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00916475

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Message$PeekTranslate$AcceleratorDispatch
String ID:
API String ID: 2108273632-0
Opcode ID: be72f48a2559081ee303d4f5ad12e4ba19878bd5d90e5b209e9e59784f3ecf0f
Instruction ID: a84f9f85ee903dfef1e7367030419f46af25df28b32c5937ee320de2d1c31a7c
Opcode Fuzzy Hash: be72f48a2559081ee303d4f5ad12e4ba19878bd5d90e5b209e9e59784f3ecf0f
Instruction Fuzzy Hash: 7431B231F1465AAFDB24CFB49C44FF67BACAB01300F554169E421C21B0E72594C9E761

Function 00918A1F Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00918A30
PostMessageW.USER32(?,00000201,00000001), ref: 00918ADA
Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00918AE2
PostMessageW.USER32(?,00000202,00000000), ref: 00918AF0
Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00918AF8

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 40ba1f24107427fadb409e93d7b5fee24509f74b82d423a7d252ec30159adfa2
Instruction ID: 91af4baa36d97d5bbf8ea86c8b5ac5f461baa9b9b07dd140ff18295ce8a60a95
Opcode Fuzzy Hash: 40ba1f24107427fadb409e93d7b5fee24509f74b82d423a7d252ec30159adfa2
Instruction Fuzzy Hash: 7231AD7160421EEBDB14CFA8D94CADE3BB9EF05315F10862AF925A61D0C7B09954EB90

Function 0091B1EC Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0091B204
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0091B221
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0091B259
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0091B27F
_wcsstr.LIBCMT ref: 0091B289

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
String ID:
API String ID: 3902887630-0
Opcode ID: 7d49d5e25a6934bf71abb5e754d669f1190065b3a50dad2521256e6e9c4db76a
Instruction ID: 45ff5e7aec11ef74cd51b5b6cd44c0530958d778ad60cf4c6b4affafea420de2
Opcode Fuzzy Hash: 7d49d5e25a6934bf71abb5e754d669f1190065b3a50dad2521256e6e9c4db76a
Instruction Fuzzy Hash: 9B2137323082497BEB255B399C09EBF7B9DDF5A760F004539F808CA1A1EFB1DC809660

Function 0094B14B Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

GetWindowLongW.USER32(?,000000F0), ref: 0094B192
SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0094B1B7
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0094B1CF
GetSystemMetrics.USER32(00000004), ref: 0094B1F8
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00930E90,00000000), ref: 0094B216

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: be3fc8e6631ba1c4d6d30f29c5f6f84e9595958b673568e939e06f8053f8e70c
Instruction ID: df90735d083ca538dee0adfd384d316fe4e2f5873e7a42cda329a13a9a81922c
Opcode Fuzzy Hash: be3fc8e6631ba1c4d6d30f29c5f6f84e9595958b673568e939e06f8053f8e70c
Instruction Fuzzy Hash: 69219471928251AFCB149F38DC14E6A3BA8FB19321F114B29F932D72E0D730D8109B90

Function 00919307 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00919320

Part of subcall function 008C7BCC: _memmove.LIBCMT ref: 008C7C06

SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00919352
__itow.LIBCMT ref: 0091936A
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00919392
__itow.LIBCMT ref: 009193A3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$__itow$_memmove
String ID:
API String ID: 2983881199-0
Opcode ID: e8851522d9ef1a1a1c3991d69a2c9fc20268f3ba7c681a0be05dc90d3217e73d
Instruction ID: 91c4a5fadae138ad9ac14cb1e218e883b0307040e8ab5e0bdaecb639bd7aef31
Opcode Fuzzy Hash: e8851522d9ef1a1a1c3991d69a2c9fc20268f3ba7c681a0be05dc90d3217e73d
Instruction Fuzzy Hash: B321073170120DBBDB10AA648C99FEE7BACEB99724F044029F914D71C0D6B0CD829792

Function 00935A4D Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00935A6E
GetForegroundWindow.USER32 ref: 00935A85
GetDC.USER32(00000000), ref: 00935AC1
GetPixel.GDI32(00000000,?,00000003), ref: 00935ACD
ReleaseDC.USER32(00000000,00000003), ref: 00935B08

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 7053bd4865caaf662b008212ed49d1b8d8bf954bd1ed815c8ae328cda2af2b03
Instruction ID: f034c5987a9551ce813efa5991ad8e8d535ca4253075641c8b38515bca4f0ac7
Opcode Fuzzy Hash: 7053bd4865caaf662b008212ed49d1b8d8bf954bd1ed815c8ae328cda2af2b03
Instruction Fuzzy Hash: 18216F39A00114AFDB14EF69D898E9ABBF9EF49310F158479F849D7362CA34ED00DB91

Function 008C12F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 008C134D
SelectObject.GDI32(?,00000000), ref: 008C135C
BeginPath.GDI32(?), ref: 008C1373
SelectObject.GDI32(?,00000000), ref: 008C139C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 24a52051f5f7ed456aabde5cd44a31a41c3638a6cb754785dd73a3eba642b96f
Instruction ID: c3c1237e8c69fc3e9b00d8aae3aec4ce724c11706728d624144cc54b1e592c1d
Opcode Fuzzy Hash: 24a52051f5f7ed456aabde5cd44a31a41c3638a6cb754785dd73a3eba642b96f
Instruction Fuzzy Hash: 42215E30828649EBDF108F65DC88B697BF8FB02329F15821BE811D66B1D774D895EF90

Function 0091BC9E Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 0091BCB3
_memcmp.LIBCMT ref: 0091BCD1
_memcmp.LIBCMT ref: 0091BCE4
_memcmp.LIBCMT ref: 0091BCFC
_memcmp.LIBCMT ref: 0091BD14

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: a5b505e5f1b46285f1936828eb01c439816bdf4600a40a1165d62973f813ff7e
Instruction ID: 6af342cf23a0851471b2475bc2c3a4141b7cd31f96ac09f93befaa5e2eae555c
Opcode Fuzzy Hash: a5b505e5f1b46285f1936828eb01c439816bdf4600a40a1165d62973f813ff7e
Instruction Fuzzy Hash: F10180B270010D7AD604AB1BAD42FFBA35EEEA238CF044425FD4596382EB61DE5483E5

Function 00924A93 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00924ABA
__beginthreadex.LIBCMT ref: 00924AD8
MessageBoxW.USER32(?,?,?,?), ref: 00924AED
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00924B03
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00924B0A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
String ID:
API String ID: 3824534824-0
Opcode ID: 83c66352c893f6fc0796c03edfd3127e90c21f2c26e34aeb0a56e84fae401eda
Instruction ID: 91fa39925b298f21af53960086917402d24c87955997dff560b311ddf345a122
Opcode Fuzzy Hash: 83c66352c893f6fc0796c03edfd3127e90c21f2c26e34aeb0a56e84fae401eda
Instruction Fuzzy Hash: 4111087691C659BBC7008FA8AC08E9F7FACEB45320F154265F824D3350D675CD049BA1

Function 00918202 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0091821E
GetLastError.KERNEL32(?,00917CE2,?,?,?), ref: 00918228
GetProcessHeap.KERNEL32(00000008,?,?,00917CE2,?,?,?), ref: 00918237
HeapAlloc.KERNEL32(00000000,?,00917CE2,?,?,?), ref: 0091823E
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00918255

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 7ad54fe74ef390411a0bf2b657477289b330a2d2129c6272830e07742a7aafc0
Instruction ID: 75d80ecc9d7080a66f88f539b1bf632a0a9379f7d7abbf9ad1ecdce12dceee82
Opcode Fuzzy Hash: 7ad54fe74ef390411a0bf2b657477289b330a2d2129c6272830e07742a7aafc0
Instruction Fuzzy Hash: 1C0162B5314609BFDB214FA5DC58DA77BACEF8B7947500829FD19C2120DA318C40EA60

Function 0091710A Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?,?,00917455), ref: 00917127
ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?), ref: 00917142
lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?), ref: 00917150
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?), ref: 00917160
CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00917044,80070057,?,?), ref: 0091716C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 4884e1cc0862a4c063eb39e979b40138a6d821b2d630feb56128bb222eae4189
Instruction ID: a0599cb4bc70d12165cad4c63edbee62ae7bdbd6fbbc14e14ce4acdda049de43
Opcode Fuzzy Hash: 4884e1cc0862a4c063eb39e979b40138a6d821b2d630feb56128bb222eae4189
Instruction Fuzzy Hash: D901BCBA61820ABBCB104FA4DC44EAABBBCEB45791F100064FD05D6220D732DD80ABA0

Function 00925244 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00925260
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0092526E
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00925276
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00925280
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 009252BC

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: db86b452c0b7835db80a5280af921f84a632aecb83fd2f6d80f38a7ffc8ea964
Instruction ID: 26c9e0b7ada20e046854c250a16e0b8ebc9ba7adc89c25e3dc1a8eb3bf39cde6
Opcode Fuzzy Hash: db86b452c0b7835db80a5280af921f84a632aecb83fd2f6d80f38a7ffc8ea964
Instruction Fuzzy Hash: 13015B35D19A2EDBCF00DFE4E848AEDBB78FB0D711F420455E961B2184CB3095509BA1

Function 0091810A Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00918121
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0091812B
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0091813A
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00918141
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00918157

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: e73ec5965b4003cca38841329854bcabeefb31410351b6c7293fc618ce887df4
Instruction ID: 54592770a8aba9b6a96e57c90962f870e6db4002c52ab62717075dbf76a034ec
Opcode Fuzzy Hash: e73ec5965b4003cca38841329854bcabeefb31410351b6c7293fc618ce887df4
Instruction Fuzzy Hash: 9CF062B5358309BFEB210FA5ECD8EA73BADFF8A754B500025F945C6150CBA19D41EA60

Function 0091C1E3 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 0091C1F7
GetWindowTextW.USER32(00000000,?,00000100), ref: 0091C20E
MessageBeep.USER32(00000000), ref: 0091C226
KillTimer.USER32(?,0000040A), ref: 0091C242
EndDialog.USER32(?,00000001), ref: 0091C25C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 6f4cb3dd728d5e1c2279592ffafc6def5d236706bd9346187bda53e420163423
Instruction ID: f51b98ecb2625aef3e37f7707e3cc6ebfc9f0072c7180cb6512a1636f86d64a5
Opcode Fuzzy Hash: 6f4cb3dd728d5e1c2279592ffafc6def5d236706bd9346187bda53e420163423
Instruction Fuzzy Hash: B401F27455830CABEB205B64ED4EF9677B8FB01B06F000A69B552A00E0CBF4A884DB80

Function 008C13B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 008C13BF
StrokeAndFillPath.GDI32(?,?,008FB888,00000000,?), ref: 008C13DB
SelectObject.GDI32(?,00000000), ref: 008C13EE
DeleteObject.GDI32 ref: 008C1401
StrokePath.GDI32(?), ref: 008C141C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 662a028c94241f4b915bd468b0d83cad34771e9355298a93d33689e720a6251d
Instruction ID: 0a4de815bffcb7a2f7ef4d79b7bd64544ad8aae605cb158eb244eace764df5b9
Opcode Fuzzy Hash: 662a028c94241f4b915bd468b0d83cad34771e9355298a93d33689e720a6251d
Instruction Fuzzy Hash: FCF03134028749DBDB255F26EC5CB583FF5FB42326F198229E429882F2C7348599EF10

Function 008D2CFB Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON

Download Yara Rule

APIs

Part of subcall function 008E0DB6: std::exception::exception.LIBCMT ref: 008E0DEC
Part of subcall function 008E0DB6: __CxxThrowException@8.LIBCMT ref: 008E0E01

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 008C7A51: _memmove.LIBCMT ref: 008C7AAB

__swprintf.LIBCMT ref: 008D2ECD

Strings

\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 008D2D66

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
API String ID: 1943609520-557222456
Opcode ID: b7f9aabf3dfd51025c1a33845cbd9ef6d0a16c5eec7e35e4380195ff677a3745
Instruction ID: a510e84f4189406344bd058cc0c7a3ac62432d13f3a106c41c20022888cea06c
Opcode Fuzzy Hash: b7f9aabf3dfd51025c1a33845cbd9ef6d0a16c5eec7e35e4380195ff677a3745
Instruction Fuzzy Hash: B59128711082119FCB14EF28D885D6AB7B9FF95710F004A6EF495DB2A2EB70ED48CB52

Function 0092B93B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON

Download Yara Rule

APIs

Part of subcall function 008C4750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,008C4743,?,?,008C37AE,?), ref: 008C4770

CoInitialize.OLE32(00000000), ref: 0092B9BB
CoCreateInstance.OLE32(00952D6C,00000000,00000001,00952BDC,?), ref: 0092B9D4
CoUninitialize.OLE32 ref: 0092B9F1

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

Strings

.lnk, xrefs: 0092B99D, 0092B9AB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
String ID: .lnk
API String ID: 2126378814-24824748
Opcode ID: a222b3f0357da22a4291a91879f151a4e9b85ed29a80156bcafbbb59bb5894aa
Instruction ID: 4e6448313e0bd4b81611fd27b8fdbbac8248433159e128a7aa8231f8de95636a
Opcode Fuzzy Hash: a222b3f0357da22a4291a91879f151a4e9b85ed29a80156bcafbbb59bb5894aa
Instruction Fuzzy Hash: 9BA125756042159FCB00DF18C494E6ABBF5FF89314F148998F89A9B3A1CB31ED45CB92

Function 008E501D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 008E50AD

Part of subcall function 008F00F0: __87except.LIBCMT ref: 008F012B

Strings

pow, xrefs: 008E5085, 008E50A2

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: 85bc5133b4fb1a98aa145857af3536580de31d6e3b0d0242bf1096c423f542dc
Instruction ID: 3f1495d50faca7acc1118853347e91bfd069b30938783cc8110dd5d2db6d914f
Opcode Fuzzy Hash: 85bc5133b4fb1a98aa145857af3536580de31d6e3b0d0242bf1096c423f542dc
Instruction Fuzzy Hash: EA518D2191CA498ADB117739C80137E3B94FB42708F208D59F5D5C629BDF348EC4AF82

Function 008D6192 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 008D6248
_memmove.LIBCMT ref: 008D62E4
_memset.LIBCMT ref: 008D6308

Strings

ERCP, xrefs: 008D61B3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memset$_memmove
String ID: ERCP
API String ID: 2532777613-1384759551
Opcode ID: 464cf8b1f64b4d92fd25c0ca7184630a60c9a440e659bf9860c1ed6f0a3d5241
Instruction ID: 1d2ff0570f1ff071bb69e00366ac706a66747ef525c7b8847f1839da37718058
Opcode Fuzzy Hash: 464cf8b1f64b4d92fd25c0ca7184630a60c9a440e659bf9860c1ed6f0a3d5241
Instruction Fuzzy Hash: C9519071A0030DDBDB24CF95C941BAAB7E4FF44314F20866FE54ACB291E771AA94CB41

Function 009197F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON

Download Yara Rule

APIs

Part of subcall function 009214BC: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00919296,?,?,00000034,00000800,?,00000034), ref: 009214E6

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0091983F

Part of subcall function 00921487: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,009192C5,?,?,00000800,?,00001073,00000000,?,?), ref: 009214B1

Part of subcall function 009213DE: GetWindowThreadProcessId.USER32(?,?), ref: 00921409
Part of subcall function 009213DE: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0091925A,00000034,?,?,00001004,00000000,00000000), ref: 00921419
Part of subcall function 009213DE: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0091925A,00000034,?,?,00001004,00000000,00000000), ref: 0092142F

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009198AC
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 009198F9

Strings

@, xrefs: 00919911

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: 85d8bda1dc2bfea191a6b26f1a8666c3ae95d9831da99424820a88becf6fa249
Instruction ID: 6ff457126ca9548524912487294b918bbc2be5e7cabaa7b25f50039072a29f02
Opcode Fuzzy Hash: 85d8bda1dc2bfea191a6b26f1a8666c3ae95d9831da99424820a88becf6fa249
Instruction Fuzzy Hash: 7E414F76A0111CAFCB10EFA4CC51EDEBBB8EB45340F004199F949B7151DA706E85CBA1

Function 00947946 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0094F910,00000000,?,?,?,?), ref: 009479DF
GetWindowLongW.USER32 ref: 009479FC
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00947A0C

Strings

SysTreeView32, xrefs: 009479B1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$Long
String ID: SysTreeView32
API String ID: 847901565-1698111956
Opcode ID: a0057c6fb48410faf8ba63f4914885509771044e7aab58af509e81ade6328e79
Instruction ID: fefa9e6a729da6e31b165c86531400c16c83ed74f5090fa1284b14bcadae4b91
Opcode Fuzzy Hash: a0057c6fb48410faf8ba63f4914885509771044e7aab58af509e81ade6328e79
Instruction Fuzzy Hash: 6C31BE3120420AABDB218E78DC45FEAB7A9FB45324F248729F875E22E0D731E9519B50

Function 009473D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00947461
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00947475
SendMessageW.USER32(?,00001002,00000000,?), ref: 00947499

Strings

SysMonthCal32, xrefs: 0094742C

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 7547c97319666dceb529eed2d5032f03809b0eac467c6036b391697acc73ede9
Instruction ID: 8823856a51605ae9a148d09f9f63ebc00925d225234ba4c8fa32131c8def0054
Opcode Fuzzy Hash: 7547c97319666dceb529eed2d5032f03809b0eac467c6036b391697acc73ede9
Instruction Fuzzy Hash: 0F219F32514219ABDF118FA4CC46FEA7B7AEB48724F110214FE156B1E0DB75AC51DBA0

Function 00947B93 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00947C4A
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00947C58
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00947C5F

Strings

msctls_updown32, xrefs: 00947BC4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: 9c48a6fbb63db99f6fd34d06e7ccc94a32dc89f478abdb98e0ce88f09100c3cd
Instruction ID: 3da42421d7c427ba8950ffb15166de4806896b6459cc89fc4ba3ee7b8881ace8
Opcode Fuzzy Hash: 9c48a6fbb63db99f6fd34d06e7ccc94a32dc89f478abdb98e0ce88f09100c3cd
Instruction Fuzzy Hash: 522189B5204209AFEB10DF68DCC1DA677ECEF5A3A4B150059FA05DB3A1CB31EC119BA0

Function 00946CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00946D3B
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00946D4B
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00946D70

Strings

Listbox, xrefs: 00946D08

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: 64dfcfda5fe0206d0525baabc18b26dd511d88a67677aabd4c5b565347472a8a
Instruction ID: 5ead47c5f75f3ff0ab2b723a97638ae9d0403b53b1b5c12c059f5f8cc60758ea
Opcode Fuzzy Hash: 64dfcfda5fe0206d0525baabc18b26dd511d88a67677aabd4c5b565347472a8a
Instruction Fuzzy Hash: F021D472610118BFEF158F54CC85FBB3BBEEF8A754F018128FA459B1A0C6719C5197A1

Function 0094770E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00947772
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00947787
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00947794

Strings

msctls_trackbar32, xrefs: 00947749

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: f798b9d55cc469208cd937599a9bc95914531179a15f51eef8db2eedecf28f07
Instruction ID: 2600f23a6dc4ade82fe0a3f063b84e89011909ecfa15248460bfd328fd675263
Opcode Fuzzy Hash: f798b9d55cc469208cd937599a9bc95914531179a15f51eef8db2eedecf28f07
Instruction Fuzzy Hash: 16112772254208BAEF105FA4CC45FE7776CEF89B54F014218F64592090C771E811DB10

Function 008C4C03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,008C4BD0,?,008C4DEF,?,009852F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 008C4C11
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008C4C23

Strings

kernel32.dll, xrefs: 008C4C0C
Wow64DisableWow64FsRedirection, xrefs: 008C4C1D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 4b3980e0ecebf2223a82e0995829023fd8978248cc3825a97d9658862686785a
Instruction ID: 2f65d25c461ffb8c2561d5e3dd09ea6960fd219958be948fb6800527df5332fe
Opcode Fuzzy Hash: 4b3980e0ecebf2223a82e0995829023fd8978248cc3825a97d9658862686785a
Instruction Fuzzy Hash: E7D01275515713CFD7205F71D928E07B6E5EF0A355B11CC3D9485D6160E6B0D4C0C750

Function 008C4C36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,008C4B83,?), ref: 008C4C44
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008C4C56

Strings

kernel32.dll, xrefs: 008C4C3F
Wow64RevertWow64FsRedirection, xrefs: 008C4C50

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: 934c299641a45ecb9caff9c3654cab73cc04b9c902e08310d5cc567400491917
Instruction ID: 175d01e796738240f5460379e5020ca3597fb8f881ee7a0aba77ee5b0095def8
Opcode Fuzzy Hash: 934c299641a45ecb9caff9c3654cab73cc04b9c902e08310d5cc567400491917
Instruction Fuzzy Hash: 41D01775928713CFD7209F31D928F0A76E4EF1A395B11C83EA49AD6170E6B0D8C0DA50

Function 00940DE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,?,00941039), ref: 00940DF5
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00940E07

Strings

advapi32.dll, xrefs: 00940DF0
RegDeleteKeyExW, xrefs: 00940E01

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2574300362-4033151799
Opcode ID: 5f83e40caa69b874a9a459efd8226d3311df1bd2e65d0d979f4e1ae9355de218
Instruction ID: b7a2159b13c46c75fab1af083336a0b80c41af09af43fa61280a40298212110e
Opcode Fuzzy Hash: 5f83e40caa69b874a9a459efd8226d3311df1bd2e65d0d979f4e1ae9355de218
Instruction Fuzzy Hash: 1FD01775924733CFD7209F75C809A8776E9EF89356F11CC3EA98AD6150E6B0D8A0CA50

Function 009390E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000001,00938CF4,?,0094F910), ref: 009390EE
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00939100

Strings

kernel32.dll, xrefs: 009390E9
GetModuleHandleExW, xrefs: 009390FA

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 2574300362-199464113
Opcode ID: 72d18ed3bf1c36d838dc72cafb0ccf8b97185aa4f3547a04f9382ef02eea98f4
Instruction ID: 5efa66fb2a3cb3b6f4b295684fccb7debdb04567a4c4511e09c1e52f1fffda17
Opcode Fuzzy Hash: 72d18ed3bf1c36d838dc72cafb0ccf8b97185aa4f3547a04f9382ef02eea98f4
Instruction Fuzzy Hash: 2ED0127556C713CFD7209F71D82CA0776D8AF06355F11C839D485D6650E6B0C880CA90

Function 00901714 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00901718
__swprintf.LIBCMT ref: 00901749

Strings

%.3d, xrefs: 00901723
WIN_XPe, xrefs: 00901788

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LocalTime__swprintf
String ID: %.3d$WIN_XPe
API String ID: 2070861257-2409531811
Opcode ID: 3f8e9fc46886fcfc1510d60c289dbe75672e584d990076bc160a3f9cd0d7e50b
Instruction ID: 8211f87d2ba496343012d48a2b5cb1d573b0fc0d2ac00e5d1ec145a55dc2faf7
Opcode Fuzzy Hash: 3f8e9fc46886fcfc1510d60c289dbe75672e584d990076bc160a3f9cd0d7e50b
Instruction Fuzzy Hash: 53D01772848109EFCB049B909888CB973BCFB19311F540862F406E2080E239CB94EA22

Function 0091717D Relevance: 6.3, APIs: 4, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9a626bdef1d65a58f92ada642c49b1afb9bec4050c0f2ec1efd2c58024f34f6
Instruction ID: 0c1d9da19b6148c62f733afafd9a0795860dd92d69f29ba3ddfd424bd551f70e
Opcode Fuzzy Hash: d9a626bdef1d65a58f92ada642c49b1afb9bec4050c0f2ec1efd2c58024f34f6
Instruction Fuzzy Hash: DAC11C75B0421AEFCB14CF94C884AAEFBB9FF48714B158998E815DB261D730DD81DB90

Function 0093E02A Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 0093E0BE
CharLowerBuffW.USER32(?,?), ref: 0093E101

Part of subcall function 0093D7A5: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0093D7C5

VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 0093E301
_memmove.LIBCMT ref: 0093E314

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: BuffCharLower$AllocVirtual_memmove
String ID:
API String ID: 3659485706-0
Opcode ID: 1e75384f235bf09e34bed7b616bb0cb76af537cec24b03447c1bfeebacb4cb4a
Instruction ID: 80199e6f4f1e62c799268c998953d2b687c17a937823671d94f3fd22e50fa65f
Opcode Fuzzy Hash: 1e75384f235bf09e34bed7b616bb0cb76af537cec24b03447c1bfeebacb4cb4a
Instruction Fuzzy Hash: 65C10271A083019FC714DF68C480A6ABBE4FF89714F14896EF8999B391D771E946CF82

Function 00938093 Relevance: 6.3, APIs: 4, Instructions: 267COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 009380C3
CoUninitialize.OLE32 ref: 009380CE

Part of subcall function 0091D56C: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0091D5D4

VariantInit.OLEAUT32(?), ref: 009380D9
VariantClear.OLEAUT32(?), ref: 009383AA

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
String ID:
API String ID: 780911581-0
Opcode ID: 27b83508e6dc141ec4084a5eca5566c046936728b46078a5e6f9ec4a14cc6a12
Instruction ID: 93a4c1ec3f7991b134281415e05c1ac644a93cb826e87accfa6f39d7e1915cf5
Opcode Fuzzy Hash: 27b83508e6dc141ec4084a5eca5566c046936728b46078a5e6f9ec4a14cc6a12
Instruction Fuzzy Hash: 4CA100756047019FCB00DF68C885B2AB7E4FF89764F148858F99A9B3A1CB34ED45CB82

Function 00917530 Relevance: 6.2, APIs: 4, Instructions: 231COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00952C7C,?), ref: 009176EA
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00952C7C,?), ref: 00917702
CLSIDFromProgID.OLE32(?,?,00000000,0094FB80,000000FF,?,00000000,00000800,00000000,?,00952C7C,?), ref: 00917727
_memcmp.LIBCMT ref: 00917748

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 01c9fcc83ed37d8114b022d62cf02c2566f5e70882509b44cad90b6981bc4baf
Instruction ID: ddbf58e48d75ad1b6bb8d14f5af90b4d55b66b217554f53bd4c21c5c953fd7dd
Opcode Fuzzy Hash: 01c9fcc83ed37d8114b022d62cf02c2566f5e70882509b44cad90b6981bc4baf
Instruction Fuzzy Hash: F681DC75A0010AEFCB04DFE4C984EEEB7B9FF89315F204558E506AB250DB71AE46CB61

Function 0091687D Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 0091688E
SysAllocString.OLEAUT32(00000000), ref: 00916937
VariantCopy.OLEAUT32 ref: 00916966
VariantClear.OLEAUT32(?), ref: 0091698D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: bfcfdb421a565b60818a6b494aa77040a0711c9af894be5124bc99d881747219
Instruction ID: 1f89c75aa0aafb8f2ed716bfa3e9611c995da0ab46050129b5907369339d5c0c
Opcode Fuzzy Hash: bfcfdb421a565b60818a6b494aa77040a0711c9af894be5124bc99d881747219
Instruction Fuzzy Hash: 8C51C674B0430A9BCB24AF69D895BBAB7E9EF45310F20DC1FE596DB291DA74D8C08701

Function 009497F4 Relevance: 6.1, APIs: 4, Instructions: 140COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(0118E728,?), ref: 00949863
ScreenToClient.USER32(00000002,00000002), ref: 00949896
MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 00949903

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$ClientMoveRectScreen
String ID:
API String ID: 3880355969-0
Opcode ID: b758cb63ccd4ead3587242adcee5b4442bf63ebb5fd5d8caae630495d0d7cd57
Instruction ID: fb6056b9fc5ca4ba2f1193fcad6f62e9a5a08f70767b6f196528dbf2fc0de7f1
Opcode Fuzzy Hash: b758cb63ccd4ead3587242adcee5b4442bf63ebb5fd5d8caae630495d0d7cd57
Instruction Fuzzy Hash: B6511C34A00209EFCF14DF68C884EAE7BB9FB56360F148159F8559B3A0D731AD41DB90

Function 00919A80 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00919AD2
__itow.LIBCMT ref: 00919B03

Part of subcall function 00919D53: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00919DBE

SendMessageW.USER32(?,0000110A,00000001,?), ref: 00919B6C
__itow.LIBCMT ref: 00919BC3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend$__itow
String ID:
API String ID: 3379773720-0
Opcode ID: 2bca605fd1321c8cd5af5f759f8969f8b7e43e831776a6d898aaa90f19e077fd
Instruction ID: 12b315c12159a7991587dfce43f291d6bbf49c308e528391f0303c13a6b2ed90
Opcode Fuzzy Hash: 2bca605fd1321c8cd5af5f759f8969f8b7e43e831776a6d898aaa90f19e077fd
Instruction Fuzzy Hash: 5041B174A0420DABDF11EF58D855FEE7BB9EF45724F000069F905A7291DB709E88CB62

Function 009369AA Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 009369D1
WSAGetLastError.WSOCK32(00000000), ref: 009369E1

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00936A45
WSAGetLastError.WSOCK32(00000000), ref: 00936A51

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorLast$__itow__swprintfsocket
String ID:
API String ID: 2214342067-0
Opcode ID: 85276c0f4170e2a2da54cfe22714b86d048ecf20270f5af9c9986b024cf6b40f
Instruction ID: bb70abb4b71df93911584b3cabf5282452cc66af051477025717408af1d680a2
Opcode Fuzzy Hash: 85276c0f4170e2a2da54cfe22714b86d048ecf20270f5af9c9986b024cf6b40f
Instruction Fuzzy Hash: A7416375740200AFEB50AF28CC86F6A77A8EB45B14F04C46CFA59DF2D2DA74DD008B52

Function 0093641A Relevance: 6.1, APIs: 4, Instructions: 116COMMON

Download Yara Rule

APIs

#16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,0094F910), ref: 009364A7
_strlen.LIBCMT ref: 009364D9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: a1de6dd03b560dc84d728d02442a4a3b9a87fec851e832e64d0fbc9c9e7d93f4
Instruction ID: 08532892498021dcc12b7255e0f62302783d1d0c2ec25feb2be18ae98c6ea23c
Opcode Fuzzy Hash: a1de6dd03b560dc84d728d02442a4a3b9a87fec851e832e64d0fbc9c9e7d93f4
Instruction Fuzzy Hash: 2C419331A00114ABCB14EBA8EC95FAEB7B9FF44310F108169F91AD7292DB30ED44CB51

Function 0092B7F4 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON

Download Yara Rule

APIs

CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0092B89E
GetLastError.KERNEL32(?,00000000), ref: 0092B8C4
DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0092B8E9
CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0092B915

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateHardLink$DeleteErrorFileLast
String ID:
API String ID: 3321077145-0
Opcode ID: d2fbec5746004f63027c11c6884ffdb108ed35b8bc3bb1ea5ec905d732f3d911
Instruction ID: c7efa577e2fa137fe771013ac63b9d89d5de8121cdb6e86bb49298d5a791fea9
Opcode Fuzzy Hash: d2fbec5746004f63027c11c6884ffdb108ed35b8bc3bb1ea5ec905d732f3d911
Instruction Fuzzy Hash: 1341F639600511DFCB11EF19C598A59BBF5FF4A714F098098EC8A9B362CB30ED41DB92

Function 00948851 Relevance: 6.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009488DE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: cd07fbde68a8ef2fe5d8758c7a801d97f05a8c6f9b8da1bf7ecdbd3d0ba69757
Instruction ID: a63852aefdba705ee0e4c4e03139894c5684bec447febc5ae694e4d3daedec33
Opcode Fuzzy Hash: cd07fbde68a8ef2fe5d8758c7a801d97f05a8c6f9b8da1bf7ecdbd3d0ba69757
Instruction Fuzzy Hash: AC310234614509BFEF249B28CC45FBE37A8FB0A350F944412FA21E62A0CE30E9809B53

Function 0094AB37 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 0094AB60
GetWindowRect.USER32(?,?), ref: 0094ABD6
PtInRect.USER32(?,?,0094C014), ref: 0094ABE6
MessageBeep.USER32(00000000), ref: 0094AC57

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: 964f9ecaf9230eb32950000d3e042ffed56fab78b6e7b288ff3136913978cbc7
Instruction ID: c3c2aa94b4d6a25541e09c03c25b8790033a8934fb5b4fde68da6974777ca4fc
Opcode Fuzzy Hash: 964f9ecaf9230eb32950000d3e042ffed56fab78b6e7b288ff3136913978cbc7
Instruction Fuzzy Hash: FC41A935A44219DFCB21CF58C8C4FA9BBF9FB49301F1984A9E894DF260D730A841DB92

Function 00920AD6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00920B27
SetKeyboardState.USER32(00000080,?,00000001), ref: 00920B43
PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00920BA9
SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00920BFB

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 91eb55f96fcbade9ff8f18451459da487bab80aaa4f4ad8f0edf3afbc513235f
Instruction ID: e6eba7414e04061795f530387c1ec9a8ba567ea4e36cb4379f45e47a46a5a466
Opcode Fuzzy Hash: 91eb55f96fcbade9ff8f18451459da487bab80aaa4f4ad8f0edf3afbc513235f
Instruction Fuzzy Hash: 4B315A70E4422CAEFF308B25AC05BFEBBADABC5314F04426AF491521DBC37889919761

Function 00920C11 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,7694C0D0,?,00008000), ref: 00920C66
SetKeyboardState.USER32(00000080,?,00008000), ref: 00920C82
PostMessageW.USER32(00000000,00000101,00000000), ref: 00920CE1
SendInput.USER32(00000001,?,0000001C,7694C0D0,?,00008000), ref: 00920D33

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 1c04b16f4423611ada643b770d5c439cc62ecfc8be1f0f30764d970ebd529cbd
Instruction ID: 9f53e3a9b3ae13c3a5272cd181a424e3bceb4ff0779c22901fc59da707c262d8
Opcode Fuzzy Hash: 1c04b16f4423611ada643b770d5c439cc62ecfc8be1f0f30764d970ebd529cbd
Instruction Fuzzy Hash: 273158B0A0432CAEFF34CB64AC14BFEBB6AABC5310F04471AE4C1521D6C3799995D7A1

Function 008F61C5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 008F61FB
__isleadbyte_l.LIBCMT ref: 008F6229
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 008F6257
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 008F628D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 3bb6295d633cd5f18b47b5bf3906aa831fa00722c476c30bb01aeadfe764e40e
Instruction ID: fce1021b1255579135504f0249a3c4f17dafbf9a092c1591e737b16f86193aea
Opcode Fuzzy Hash: 3bb6295d633cd5f18b47b5bf3906aa831fa00722c476c30bb01aeadfe764e40e
Instruction Fuzzy Hash: 5731AE3160424AAFDB218F75CC44BBA7BB9FF42310F154229E964D71A1F731E9A0DB90

Function 00944EEE Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00944F02

Part of subcall function 00923641: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0092365B
Part of subcall function 00923641: GetCurrentThreadId.KERNEL32 ref: 00923662
Part of subcall function 00923641: AttachThreadInput.USER32(00000000,?,00925005), ref: 00923669

GetCaretPos.USER32(?), ref: 00944F13
ClientToScreen.USER32(00000000,?), ref: 00944F4E
GetForegroundWindow.USER32 ref: 00944F54

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: 08c8af38c55d68069d53d1f670739b00453af66edca3a00b661896cf5bc351d6
Instruction ID: 08b5ab2f70b3bcb4854107310a62ec894fb8c62f38e34fcfd6d1e85ffdd0a638
Opcode Fuzzy Hash: 08c8af38c55d68069d53d1f670739b00453af66edca3a00b661896cf5bc351d6
Instruction Fuzzy Hash: 6F312E71D00108AFDB10EFA9C885EEFB7FDEF95300F10406AE455E7201DA759E058BA1

Function 00923C55 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00923C7A
Process32FirstW.KERNEL32(00000000,?), ref: 00923C88
Process32NextW.KERNEL32(00000000,?), ref: 00923CA8
CloseHandle.KERNEL32(00000000), ref: 00923D52

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: b65b6a08fc3c279ce3e7c274d318a6e782468947eab1846fa1afc4e8a830edff
Instruction ID: 0df9ffe39a66774518a767eca8d83a2a1f216b3e9f4769a61cf77710ff3f89f2
Opcode Fuzzy Hash: b65b6a08fc3c279ce3e7c274d318a6e782468947eab1846fa1afc4e8a830edff
Instruction Fuzzy Hash: 62316F311082059BD300EF54E891EAABBF8FF99354F50082DF582861A1EB71EA49CB53

Function 0094C498 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

GetCursorPos.USER32(?), ref: 0094C4D2
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,008FB9AB,?,?,?,?,?), ref: 0094C4E7
GetCursorPos.USER32(?), ref: 0094C534
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,008FB9AB,?,?,?), ref: 0094C56E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 2d13a4025f89687a87bca4dde62bdae305e4a8bd85ab8a7729441419a6ba0e27
Instruction ID: 84a831fb36b88e0ef01517eff1b47cc849e0e9adf01344c8f602ea342ad6d80b
Opcode Fuzzy Hash: 2d13a4025f89687a87bca4dde62bdae305e4a8bd85ab8a7729441419a6ba0e27
Instruction Fuzzy Hash: 1A31A075605018AFCB65CF58C858EFE7BB9FB09350F044169F9058B261C731AD50EBA4

Function 00918656 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0091810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00918121
Part of subcall function 0091810A: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0091812B
Part of subcall function 0091810A: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0091813A
Part of subcall function 0091810A: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00918141
Part of subcall function 0091810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00918157

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 009186A3
_memcmp.LIBCMT ref: 009186C6
GetProcessHeap.KERNEL32(00000000,00000000), ref: 009186FC
HeapFree.KERNEL32(00000000), ref: 00918703

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: 7c3918d0319c6f321958077ae2d9400637adc62755b46a76488122f1dd0a5ed4
Instruction ID: 192ac8da43e4fc2f052785b2627f33224759212b1f5264ec58c87cdb91624fa2
Opcode Fuzzy Hash: 7c3918d0319c6f321958077ae2d9400637adc62755b46a76488122f1dd0a5ed4
Instruction Fuzzy Hash: C8218C72E04109EFDB10DFA8C959BEFB7B8EF45344F154059E444AB240DB31AE45EB90

Function 008E098C Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

__setmode.LIBCMT ref: 008E09AE

Part of subcall function 008C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00927896,?,?,00000000), ref: 008C5A2C
Part of subcall function 008C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00927896,?,?,00000000,?,?), ref: 008C5A50

_fprintf.LIBCMT ref: 008E09E5
OutputDebugStringW.KERNEL32(?), ref: 00915DBB

Part of subcall function 008E4AAA: _flsall.LIBCMT ref: 008E4AC3

__setmode.LIBCMT ref: 008E0A1A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
String ID:
API String ID: 521402451-0
Opcode ID: a5ba3692c5581db1bbf2f79f56e0d94225d30989fcfaecee63f227981f946000
Instruction ID: 38e9d476b736880c0b033fc6afe4430b7f9de209a70b1ec5b87ca9af526bb312
Opcode Fuzzy Hash: a5ba3692c5581db1bbf2f79f56e0d94225d30989fcfaecee63f227981f946000
Instruction Fuzzy Hash: 8A115B315041586FDB04B6BAAC46EBE776CFF87320F100069F119D71C2EE7058855792

Function 00931767 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 009317A3

Part of subcall function 0093182D: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0093184C
Part of subcall function 0093182D: InternetCloseHandle.WININET(00000000), ref: 009318E9

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Internet$CloseConnectHandleOpen
String ID:
API String ID: 1463438336-0
Opcode ID: 6f29e0e3936b65bc2ddcbada93a53a24adf9c6af9f6f720a5be630345495c851
Instruction ID: 7993752105030dce2cd9c7eef088c6a1d7f7fe881d65f4090497790f6b288fd0
Opcode Fuzzy Hash: 6f29e0e3936b65bc2ddcbada93a53a24adf9c6af9f6f720a5be630345495c851
Instruction Fuzzy Hash: 8A21F036204601BFEB169F60CC01FBBBBADFF89710F14442AFA1596660DB75D811AFA4

Function 00923A2A Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,0094FAC0), ref: 00923A64
GetLastError.KERNEL32 ref: 00923A73
CreateDirectoryW.KERNEL32(?,00000000), ref: 00923A82
CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0094FAC0), ref: 00923ADF

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CreateDirectory$AttributesErrorFileLast
String ID:
API String ID: 2267087916-0
Opcode ID: 62fda97dc44ddb93d4de28b16ad41dbfcf8c10a03381d41f6eea8698e7f4d26b
Instruction ID: b6cc5e28a45ff66af7f8e555a842742ff4b706502da15364d7c4858119dd6374
Opcode Fuzzy Hash: 62fda97dc44ddb93d4de28b16ad41dbfcf8c10a03381d41f6eea8698e7f4d26b
Instruction Fuzzy Hash: 422186745082129F8710DF28E891D6B77E8FF55364F108A2DF499C72A1D735DE46CB42

Function 0091DCBE Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0091F0BC: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,0091DCD3,?,?,?,0091EAC6,00000000,000000EF,00000119,?,?), ref: 0091F0CB
Part of subcall function 0091F0BC: lstrcpyW.KERNEL32(00000000,?,?,0091DCD3,?,?,?,0091EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0091F0F1
Part of subcall function 0091F0BC: lstrcmpiW.KERNEL32(00000000,?,0091DCD3,?,?,?,0091EAC6,00000000,000000EF,00000119,?,?), ref: 0091F122

lstrlenW.KERNEL32(?,00000002,?,?,?,?,0091EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0091DCEC
lstrcpyW.KERNEL32(00000000,?,?,0091EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0091DD12
lstrcmpiW.KERNEL32(00000002,cdecl,?,0091EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0091DD46

Strings

cdecl, xrefs: 0091DD3D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 0ed94071c2046cfdcb0f455dbc40aaac8c4f8be8aaaa2feee8422bbf8de27cb1
Instruction ID: 0075fada4b398afcfc86c0d4ec36e1b582e63aebd0e9e32bdfb725afcb0aea95
Opcode Fuzzy Hash: 0ed94071c2046cfdcb0f455dbc40aaac8c4f8be8aaaa2feee8422bbf8de27cb1
Instruction Fuzzy Hash: 9411B13A300309EFCB259F74D845DBA77A9FF46350B40852AF806CB2A0EB719880D791

Function 008F50E2 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 008F5101

Part of subcall function 008E571C: __FF_MSGBANNER.LIBCMT ref: 008E5733
Part of subcall function 008E571C: __NMSG_WRITE.LIBCMT ref: 008E573A
Part of subcall function 008E571C: RtlAllocateHeap.NTDLL(01170000,00000000,00000001,00000000,?,?,?,008E0DD3,?), ref: 008E575F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 3d79475c050927ee6ef8c37daa0a6f21cabe8b2482df9d35f071a6f030d8bdf8
Instruction ID: 7973e3fd67ce07e9ce102a3402aca361e2641ee7bdca7cedbdeae7d7caf63f81
Opcode Fuzzy Hash: 3d79475c050927ee6ef8c37daa0a6f21cabe8b2482df9d35f071a6f030d8bdf8
Instruction Fuzzy Hash: 0711E372504A1AAECB312FB9AC05B7E3798FB423A1F104529FB08D6251DF3098809791

Function 00936369 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON

Download Yara Rule

APIs

Part of subcall function 008C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00927896,?,?,00000000), ref: 008C5A2C
Part of subcall function 008C5A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00927896,?,?,00000000,?,?), ref: 008C5A50

gethostbyname.WSOCK32(?,?,?), ref: 00936399
WSAGetLastError.WSOCK32(00000000), ref: 009363A4
_memmove.LIBCMT ref: 009363D1
inet_ntoa.WSOCK32(?), ref: 009363DC

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
String ID:
API String ID: 1504782959-0
Opcode ID: a31ed3a910ef64d94650ebc6b74ee66c1fcd80b3aeee60ce2f66ff5459da0d7b
Instruction ID: 6b61916b32753ca67a8ca022fc0535bd70bb79a98467cb08e44a97807d64ccb0
Opcode Fuzzy Hash: a31ed3a910ef64d94650ebc6b74ee66c1fcd80b3aeee60ce2f66ff5459da0d7b
Instruction Fuzzy Hash: 29117F36500109AFCF04EBA8D956DAEB7B8FF49310B004069F506E7261DB30EE04DB62

Function 00918B41 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00918B61
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00918B73
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00918B89
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00918BA4

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 646f7cdad13b49067cb2fc978f184d83f02bea37815c4bec408441c0870a0f04
Instruction ID: 35143ae75243c2ddcc795de7a66db402737e9477186f908591f86f01d63adee5
Opcode Fuzzy Hash: 646f7cdad13b49067cb2fc978f184d83f02bea37815c4bec408441c0870a0f04
Instruction Fuzzy Hash: 75113A79A41218BFDB10DB95C884FAEBB78EB48310F2040A5E900B7250DA716E50EB94

Function 008C1290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 008C2612: GetWindowLongW.USER32(?,000000EB), ref: 008C2623

DefDlgProcW.USER32(?,00000020,?), ref: 008C12D8
GetClientRect.USER32(?,?), ref: 008FB5FB
GetCursorPos.USER32(?), ref: 008FB605
ScreenToClient.USER32(?,?), ref: 008FB610

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: f930a3448216f34f8bd5acd5f4dda911f7581267770dd9bd8aa3de194941e2ee
Instruction ID: 14b937a68ffe4db1c1049da05ce5d132957e676120d1f7eed8226e105b762674
Opcode Fuzzy Hash: f930a3448216f34f8bd5acd5f4dda911f7581267770dd9bd8aa3de194941e2ee
Instruction Fuzzy Hash: CC11283951401EAFDF10EFA8D899EBEB7B8FB06301F40045AF901E7241C730EA559BA6

Function 00921142 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0091FCED,?,00920D40,?,00008000), ref: 0092115F
Sleep.KERNEL32(00000000,?,?,?,?,?,?,0091FCED,?,00920D40,?,00008000), ref: 00921184
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0091FCED,?,00920D40,?,00008000), ref: 0092118E
Sleep.KERNEL32(?,?,?,?,?,?,?,0091FCED,?,00920D40,?,00008000), ref: 009211C1

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: de170e696bbaaf3c925f3914c8355884e9600996033bd72e89f39f698fc147f3
Instruction ID: 537e952427c259662aafbb8080e20111eca6001d7eb48e71b4f154b9f364e858
Opcode Fuzzy Hash: de170e696bbaaf3c925f3914c8355884e9600996033bd72e89f39f698fc147f3
Instruction Fuzzy Hash: 7B117035C0852DDBCF009FA5E884AEEBBB8FF19711F004455EA44B2245CB7055B0DB92

Function 0091D831 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 0091D84D
LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 0091D864
RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0091D879
RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 0091D897

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: fc4f1f7d3d2c84f763fa5ea5eb401c50bab95e64dc2ab080b2235028a451cac5
Instruction ID: f63a0bd3a790ad9b46678f967894c982215f6767c3acc225673a4f68284d3440
Opcode Fuzzy Hash: fc4f1f7d3d2c84f763fa5ea5eb401c50bab95e64dc2ab080b2235028a451cac5
Instruction Fuzzy Hash: B8116175706309DBE3208F50DC0CFD3BBBCEB00B10F1089A9A916D6050D7B4E689ABA1

Function 008F6FB7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 008F6FDB

Part of subcall function 008F76C2: __fltout2.LIBCMT ref: 008F76EB

__cftog_l.LIBCMT ref: 008F7001
__cftoe_l.LIBCMT ref: 008F7033

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: d0c66bd6d00314575022efaf070e0a53988f5f58cfab7e77fc47cfd675b8922f
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: 8D017B3244854EBBDF125EA8DC01CEE3F62FF68354B588415FB1898030D636C9B1AB81

Function 0094B2C5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 0094B2E4
ScreenToClient.USER32(?,?), ref: 0094B2FC
ScreenToClient.USER32(?,?), ref: 0094B320
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 0094B33B

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: 0c556032bda8298c05e600479ca53301396c68547b3aa01f65f49fbf3631bde5
Instruction ID: e661a09802234dfab06ebc174511d9a2a1bfd27fc24a473dd5101592741e3ec2
Opcode Fuzzy Hash: 0c556032bda8298c05e600479ca53301396c68547b3aa01f65f49fbf3631bde5
Instruction Fuzzy Hash: 04114679D0420EEFDB41CF99D4449EEBBF9FB09310F104166E914E3220D735AA659F50

Function 0094B635 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0094B644
_memset.LIBCMT ref: 0094B653
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00986F20,00986F64), ref: 0094B682
CloseHandle.KERNEL32 ref: 0094B694

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _memset$CloseCreateHandleProcess
String ID:
API String ID: 3277943733-0
Opcode ID: f51754ca3a27195a63d0d18222f025519abeac3faae1a27021c5c5139406a7a7
Instruction ID: a68b51aebd6dc1153cf2a7547b35aa7bdfcf43688553084c9a3865a3ec82710a
Opcode Fuzzy Hash: f51754ca3a27195a63d0d18222f025519abeac3faae1a27021c5c5139406a7a7
Instruction Fuzzy Hash: ACF012B2654304BBE3102B65BC06FBB7E9CEB09795F404021FB08EA292D775DC1097A9

Function 00926BDA Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 00926BE6

Part of subcall function 009276C4: _memset.LIBCMT ref: 009276F9

_memmove.LIBCMT ref: 00926C09
_memset.LIBCMT ref: 00926C16
LeaveCriticalSection.KERNEL32(?), ref: 00926C26

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CriticalSection_memset$EnterLeave_memmove
String ID:
API String ID: 48991266-0
Opcode ID: 602ec49a7a56cf3dd75ed83a531f0d1b96fad5ce867a0c82c18db9e77c61f4ac
Instruction ID: 0e8038ad7bc4d2d9ed058487673f15b32161b8a5397e82f9f5169b4cfd2ae417
Opcode Fuzzy Hash: 602ec49a7a56cf3dd75ed83a531f0d1b96fad5ce867a0c82c18db9e77c61f4ac
Instruction Fuzzy Hash: 59F0543A204114ABCF016F95EC85E4ABB29EF46320F048065FE089E227C771E811DBB5

Function 008C2218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 008C2231
SetTextColor.GDI32(?,000000FF), ref: 008C223B
SetBkMode.GDI32(?,00000001), ref: 008C2250
GetStockObject.GDI32(00000005), ref: 008C2258
GetWindowDC.USER32(?,00000000), ref: 008FBE83
GetPixel.GDI32(00000000,00000000,00000000), ref: 008FBE90
GetPixel.GDI32(00000000,?,00000000), ref: 008FBEA9
GetPixel.GDI32(00000000,00000000,?), ref: 008FBEC2
GetPixel.GDI32(00000000,?,?), ref: 008FBEE2
ReleaseDC.USER32(?,00000000), ref: 008FBEED

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
String ID:
API String ID: 1946975507-0
Opcode ID: f8044f3bcdd69ce0bb427450e0300f4b04f698bb64264b2db440da8b665c62b9
Instruction ID: a4dc04276d58f8efb7a651e7a1691dae9ab2e8731a6e71d08cf4af9d292e6716
Opcode Fuzzy Hash: f8044f3bcdd69ce0bb427450e0300f4b04f698bb64264b2db440da8b665c62b9
Instruction Fuzzy Hash: 76E03036118145EADF215F64EC0DBE83B10EB0A336F008366FA69980E187714590EB11

Function 00918712 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 0091871B
OpenThreadToken.ADVAPI32(00000000,?,?,?,009182E6), ref: 00918722
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,009182E6), ref: 0091872F
OpenProcessToken.ADVAPI32(00000000,?,?,?,009182E6), ref: 00918736

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: 218b65b902ca20a4ca343aec0cd59bafd72c8795331d17cf70cb6dfe630783a6
Instruction ID: 419f3f88eb5d29a0a603c615c42f0bee741fb372cd5377d9dc86e75a1d3518f0
Opcode Fuzzy Hash: 218b65b902ca20a4ca343aec0cd59bafd72c8795331d17cf70cb6dfe630783a6
Instruction Fuzzy Hash: 58E0863A7292129BD7205FB05D0CF9B3BACEF527D1F144828B245D9080DA348485E750

Function 008E5DAC Relevance: 6.0, APIs: 4, Instructions: 14threadCOMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 008E5DAD

Part of subcall function 008E99C4: GetLastError.KERNEL32(00000000,008E0DD3,008E8B2D,008E57A3,?,?,008E0DD3,?), ref: 008E99C6
Part of subcall function 008E99C4: __calloc_crt.LIBCMT ref: 008E99E7
Part of subcall function 008E99C4: __initptd.LIBCMT ref: 008E9A09
Part of subcall function 008E99C4: GetCurrentThreadId.KERNEL32 ref: 008E9A10
Part of subcall function 008E99C4: SetLastError.KERNEL32(00000000,008E0DD3,?), ref: 008E9A28

CloseHandle.KERNEL32(?,?,008E5D8C), ref: 008E5DC1
__freeptd.LIBCMT ref: 008E5DC8
ExitThread.KERNEL32 ref: 008E5DD0

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ErrorLastThread$CloseCurrentExitHandle__calloc_crt__freeptd__getptd_noexit__initptd
String ID:
API String ID: 4169687693-0
Opcode ID: 77a3ac6e7f91a07cb73ff4a4200c9cea05246c9dc21d35ac8765bb477115e19d
Instruction ID: 7357c9eddbf91f107f63b2d1636307255ba06421a1184a776746cc458551dd4e
Opcode Fuzzy Hash: 77a3ac6e7f91a07cb73ff4a4200c9cea05246c9dc21d35ac8765bb477115e19d
Instruction Fuzzy Hash: 04D0A731101F5167C2323B758C1DA293790FF03BA5B048228F4A5C51F19B6058028642

Function 0091B2F3 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON

Download Yara Rule

APIs

OleSetContainedObject.OLE32(?,00000001), ref: 0091B4BE

Strings

Container, xrefs: 0091B43B
AutoIt3GUI, xrefs: 0091B436

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ContainedObject
String ID: AutoIt3GUI$Container
API String ID: 3565006973-3941886329
Opcode ID: 05309850a4fb767558819f28311d3d0a0c36feb1490d8d81ade448a45d35f39a
Instruction ID: b1004ca3d725ccecc1bec74dafc1816a12b0cf917fe111f59e25c53a1cb94ae0
Opcode Fuzzy Hash: 05309850a4fb767558819f28311d3d0a0c36feb1490d8d81ade448a45d35f39a
Instruction Fuzzy Hash: 979139713006059FDB14DF69C884BAAB7EAFF49710F24856DF94ACB2A1DB70E881CB50

Function 0092AFAC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON

Download Yara Rule

APIs

Part of subcall function 008DFC86: _wcscpy.LIBCMT ref: 008DFCA9

Part of subcall function 008C9837: __itow.LIBCMT ref: 008C9862
Part of subcall function 008C9837: __swprintf.LIBCMT ref: 008C98AC

__wcsnicmp.LIBCMT ref: 0092B02D
WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0092B0F6

Strings

LPT, xrefs: 0092B027

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
String ID: LPT
API String ID: 3222508074-1350329615
Opcode ID: 9657707466eb488ade63208748895a47644516312215aaefcf1928455f010529
Instruction ID: 609373afcc84417496926bd885e75d32f3aad49661a9bda53b8c7c0cce3ec07f
Opcode Fuzzy Hash: 9657707466eb488ade63208748895a47644516312215aaefcf1928455f010529
Instruction Fuzzy Hash: D661A171A04225AFCB14DF98D895EAEB7F8FF08710F1040A9F956AB295D730AE80CB51

Function 008D2957 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 008D2968
GlobalMemoryStatusEx.KERNEL32(?), ref: 008D2981

Strings

@, xrefs: 008D2975

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: a4857dc955974d1d959b906d8969574c4952473c829f2d41c8acf192830d0d51
Instruction ID: d49a3ec2b4efce029afd28ae156c072090a6de2eaaecbdfa1c9602b65b9c0357
Opcode Fuzzy Hash: a4857dc955974d1d959b906d8969574c4952473c829f2d41c8acf192830d0d51
Instruction Fuzzy Hash: 8B5134724187449BD320EF54D886BABBBF8FB85344F41885DF2D8821A1DB708529CB67

Function 00929734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 008C4F0B: __fread_nolock.LIBCMT ref: 008C4F29

_wcscmp.LIBCMT ref: 00929824
_wcscmp.LIBCMT ref: 00929837

Strings

FILE, xrefs: 00929770

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: _wcscmp$__fread_nolock
String ID: FILE
API String ID: 4029003684-3121273764
Opcode ID: 627bbe924b3519e6d43baed518c2e0f38238ff63765964650dd0835cfd6ef590
Instruction ID: 8b6d7cd8060fffea5f4ba5ed06145f86b55db646687567454f5f6bd78bfd7c8e
Opcode Fuzzy Hash: 627bbe924b3519e6d43baed518c2e0f38238ff63765964650dd0835cfd6ef590
Instruction Fuzzy Hash: 5141D771A04219BADF209BA5DC45FEFBBBDEF86710F00046DF904E7185DA719A44CBA1

Function 0093258E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0093259E
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 009325D4

Strings

|, xrefs: 009325A5

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CrackInternet_memset
String ID: |
API String ID: 1413715105-2343686810
Opcode ID: 90c928ab18995a863e4dade7034d9d6a5a258cd1057b63e386501b1650fbb34f
Instruction ID: 5d8480bdaec9919032089830a7626647e3d92372ac22e211a0edced3aee64869
Opcode Fuzzy Hash: 90c928ab18995a863e4dade7034d9d6a5a258cd1057b63e386501b1650fbb34f
Instruction Fuzzy Hash: 5C31F671804119ABCF01AFA5CC86EEEBFB9FF08314F10005AF915A6162EA359956DF61

Function 00947A71 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001132,00000000,?), ref: 00947B61
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00947B76

Strings

', xrefs: 00947ACA

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: 63fe8946836b4bc7fe9e7deee51a047794eedb0dd74098ee24325c017459ae90
Instruction ID: 84cf5affbcbf68f6cb901b8e6199343fd5d27a6c6d889c93c19e007a6f7d12ae
Opcode Fuzzy Hash: 63fe8946836b4bc7fe9e7deee51a047794eedb0dd74098ee24325c017459ae90
Instruction Fuzzy Hash: 3341E774A0520E9FDB14CFA4C981FEABBB9FB09300F11456AE904EB391E770A955CF90

Function 00946A63 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00946B17
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00946B53

Strings

static, xrefs: 00946AB3

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: 9073681799b653243a3cc0005d75594a81fd80c29ba679926b14d606b70174ac
Instruction ID: 36a7bc697ebcdd351e07ce113d837e1714c1f5119cb7d856ef583657396c0378
Opcode Fuzzy Hash: 9073681799b653243a3cc0005d75594a81fd80c29ba679926b14d606b70174ac
Instruction Fuzzy Hash: 66317AB1210604AEEB109F68C880FFB77ADFF49764F108619F9A5D7190DA30AC91D761

Function 009228A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00922911
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0092294C

Strings

0, xrefs: 0092290A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 6ae85aa11bc6eb23208619ab6b660f9951d695c368467a902945b00f10ee2baa
Instruction ID: 9713eb592f40f06aeb8dda76fc277cfcf41867f5613ff40a7a18b0d604c7eb36
Opcode Fuzzy Hash: 6ae85aa11bc6eb23208619ab6b660f9951d695c368467a902945b00f10ee2baa
Instruction Fuzzy Hash: 7E31C539600315BBDB24CF58EA45BAEBBBCEF46350F140429ED85A62A4D7709984CB51

Function 009339E9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

__snwprintf.LIBCMT ref: 00933A66

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Strings

AUTOITCALLVARIABLE%d, xrefs: 00933A58
, $, xrefs: 00933AA6

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: __snwprintf_memmove
String ID: , $$AUTOITCALLVARIABLE%d
API String ID: 3506404897-2584243854
Opcode ID: 5db3016517f613ec77bc27d8231530397075ff4efef393cc028865d2ebec9a69
Instruction ID: 9cc408667cd6019123b8a0c29387d7a275264fefb2a16a41cb59ee2f8ffefe78
Opcode Fuzzy Hash: 5db3016517f613ec77bc27d8231530397075ff4efef393cc028865d2ebec9a69
Instruction Fuzzy Hash: 1F216F31A44219AACF10EF68CC86EAE77B9FF85710F508458F549EB181DB30EA45CF66

Function 009466D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00946761
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0094676C

Strings

Combobox, xrefs: 0094672E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: e8a181eb642e76dfbc89f2311fd3ddb790e1bcbdc01ca260e1d8025bd0acc9b0
Instruction ID: 8ebee6d6fc1b515b5a6eaa3e5aea97a23d69085989c6a12ca00c73064a5a3b0e
Opcode Fuzzy Hash: e8a181eb642e76dfbc89f2311fd3ddb790e1bcbdc01ca260e1d8025bd0acc9b0
Instruction Fuzzy Hash: 5811BFB5210308AFEF218F54CC80EFB3B6EEB8A3A8F114129F91897290D635DC5187A1

Function 00946C07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 008C1D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 008C1D73
Part of subcall function 008C1D35: GetStockObject.GDI32(00000011), ref: 008C1D87
Part of subcall function 008C1D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 008C1D91

GetWindowRect.USER32(00000000,?), ref: 00946C71
GetSysColor.USER32(00000012), ref: 00946C8B

Strings

static, xrefs: 00946C4E

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 1f54d94409064f3e24170f81c2f362b69a834d95c4ea3e7f001c73f330052d8e
Instruction ID: 4f5b4c01298d36e31745f85e295b7cc65e143030725b92d3bac81596e3e20587
Opcode Fuzzy Hash: 1f54d94409064f3e24170f81c2f362b69a834d95c4ea3e7f001c73f330052d8e
Instruction Fuzzy Hash: E72129B652020AAFDF04DFA8CC85EFA7BB8FB09315F014629FE95D2250D635E850DB61

Function 00946920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 009469A2
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009469B1

Strings

edit, xrefs: 00946986

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 0955bee840408192c805a077fc550993d137c9b253128e1c06eb452fdb9e0125
Instruction ID: 23bf6383bd9fb8ccc640020652baa9a9aae1a434f2b49b29ad705b967954bb3d
Opcode Fuzzy Hash: 0955bee840408192c805a077fc550993d137c9b253128e1c06eb452fdb9e0125
Instruction Fuzzy Hash: F2118CB1110209ABEF108E64DC54EFB3BADEB063B8F504728F9A5971E0C7B5DC90A761

Function 009229AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00922A22
GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00922A41

Strings

0, xrefs: 00922A18

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 92a9a499155806538bd832f3e061a32f690fe1342e1d8cd585b3f5f94c724c6c
Instruction ID: 0595e4b16addaf60ec609e28ca2f3d46f585fa6e47ca7a13d3be647bd535f254
Opcode Fuzzy Hash: 92a9a499155806538bd832f3e061a32f690fe1342e1d8cd585b3f5f94c724c6c
Instruction Fuzzy Hash: 98110432D15238BBCF34EB98EC44BAA73BCAB46300F054021E955EB2D4D770AE0AC791

Function 009321D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0093222C
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00932255

Strings

<local>, xrefs: 0093221D

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: e44d6eb886c3b210fec8d7f7da485ff4dbd1fbd4233aeb877bd12497d21e761c
Instruction ID: a70d2f6a601711c2300828eca585503ffd0d62837b31fd7e32542de4514b04d7
Opcode Fuzzy Hash: e44d6eb886c3b210fec8d7f7da485ff4dbd1fbd4233aeb877bd12497d21e761c
Instruction Fuzzy Hash: F911E570545225BADB298F518C98EFBFFACFF16751F10862AF92546000D3746990DEF0

Function 00937D8B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00937FF6: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00937DB3,?,00000000,?,?), ref: 0093800D

inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00937DB6
htons.WSOCK32(00000000,?,00000000), ref: 00937DF3

Strings

255.255.255.255, xrefs: 00937DCE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ByteCharMultiWidehtonsinet_addr
String ID: 255.255.255.255
API String ID: 2496851823-2422070025
Opcode ID: ceefa9422f8710aea9f2fe7368fb395f4b645bebc92d53017ecc7a3c441002cd
Instruction ID: 363d93d73e0ab7b7d5a3fc8517c485a63e4ba6b5e31015498020ac259197deb2
Opcode Fuzzy Hash: ceefa9422f8710aea9f2fe7368fb395f4b645bebc92d53017ecc7a3c441002cd
Instruction Fuzzy Hash: 6E118275604209ABCB30AFA4DC86FBEF765FF44320F10495AE925972D1DA71A810CA91

Function 00918E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 0091AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0091AABC

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00918E73

Strings

ListBox, xrefs: 00918E3D
ComboBox, xrefs: 00918E12

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: c4d16b2db67e10bc69454b71bcc8fc70e8bfd8f69fbe5c62f1f95500d2f0242a
Instruction ID: 7cc838cfcef8122d38cd064c66b5ba017549b3cfd5adbd4ba6eff96b5df48c11
Opcode Fuzzy Hash: c4d16b2db67e10bc69454b71bcc8fc70e8bfd8f69fbe5c62f1f95500d2f0242a
Instruction Fuzzy Hash: 2E0141B170221DAB8F04FBA4CC41EFE7369FF46320F000A19F826A72E1DE319848D651

Function 00918CFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 0091AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0091AABC

SendMessageW.USER32(?,00000180,00000000,?), ref: 00918D6B

Strings

ListBox, xrefs: 00918D35
ComboBox, xrefs: 00918D0A

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 7ed248a5ae0a534694cf361995837f1bc49559b339ec79493ba0476eaa488ee3
Instruction ID: 940d4cf49bf464e090e3e0cff841b4b37745e399e480f3ecdeb16f47ec6c4cad
Opcode Fuzzy Hash: 7ed248a5ae0a534694cf361995837f1bc49559b339ec79493ba0476eaa488ee3
Instruction Fuzzy Hash: CB01B1B5B4120DABCF14EBE4D952FFF77A8DF55340F100419B806A32D1DE249E48A662

Function 00918D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 008C7DE1: _memmove.LIBCMT ref: 008C7E22

Part of subcall function 0091AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0091AABC

SendMessageW.USER32(?,00000182,?,00000000), ref: 00918DEE

Strings

ListBox, xrefs: 00918DBA
ComboBox, xrefs: 00918D8F

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 9dc33650d23ed563de2d9acb41ad86e5bd4a547e7c45e0d977c19aa36b77555e
Instruction ID: a2cc630e9857849a061a30aa85f67862b94fcce708c03466d38b5f08cd2feb90
Opcode Fuzzy Hash: 9dc33650d23ed563de2d9acb41ad86e5bd4a547e7c45e0d977c19aa36b77555e
Instruction Fuzzy Hash: 8701F275B4120DA7DF10EAA8D982FFF77ACDF15340F104419B806A32D2DE259E48E672

Function 00924F28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00924F46
_wcscmp.LIBCMT ref: 00924F58

Strings

#32770, xrefs: 00924F52

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: ClassName_wcscmp
String ID: #32770
API String ID: 2292705959-463685578
Opcode ID: ec1062e092f5140fe21e137918d66bd0368e5b8b1dec32e4dd85644a056f8eeb
Instruction ID: aeb7df2571659ee1394ee01fa190a0afbf7ddd85fdcd6d5c0e94e0de52f4ceb2
Opcode Fuzzy Hash: ec1062e092f5140fe21e137918d66bd0368e5b8b1dec32e4dd85644a056f8eeb
Instruction Fuzzy Hash: 80E092326042296AD7209A99AC49EA7F7ACEB85B60F000066FD04D7151D9609A458BE1

Function 008FB2C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 008FB314: _memset.LIBCMT ref: 008FB321

Part of subcall function 008E0940: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,008FB2F0,?,?,?,008C100A), ref: 008E0945

IsDebuggerPresent.KERNEL32(?,?,?,008C100A), ref: 008FB2F4
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,008C100A), ref: 008FB303

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008FB2FE

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 3158253471-631824599
Opcode ID: 32e9969bd61fd23cbe2902f5d567253834f7664ce1691b73359d2a0cc7a1a796
Instruction ID: 2905d967eb4d61c61f4cc94ee8a32910c76e087b1f9a3f9b88beae5851e5274a
Opcode Fuzzy Hash: 32e9969bd61fd23cbe2902f5d567253834f7664ce1691b73359d2a0cc7a1a796
Instruction Fuzzy Hash: B9E06D74614B028BD7219F78E4047527AE4FF00358F01893DE556C7341EBB5D448CBA1

Function 00917C74 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00917C82

Part of subcall function 008E3358: _doexit.LIBCMT ref: 008E3362

Strings

Error allocating memory., xrefs: 00917C7B
AutoIt, xrefs: 00917C76

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Message_doexit
String ID: AutoIt$Error allocating memory.
API String ID: 1993061046-4017498283
Opcode ID: 85fbb2a7dbeba51de92660f81bb9d44230f63d91c3ed317411335efe824d06ea
Instruction ID: 7139d64380519c1b4c0e70fda9e50fb850acd262094ee79256ff172210c8f645
Opcode Fuzzy Hash: 85fbb2a7dbeba51de92660f81bb9d44230f63d91c3ed317411335efe824d06ea
Instruction Fuzzy Hash: 4AD012323C835836D11532AAAC07FDA65489B06B56F044425BB48995D389D289C052E6

Function 00901935 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?), ref: 00901775

Part of subcall function 0093BFF0: LoadLibraryA.KERNEL32(kernel32.dll,?,0090195E,?), ref: 0093BFFE
Part of subcall function 0093BFF0: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0093C010

FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0090196D

Strings

WIN_XPe, xrefs: 00901788

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: Library$AddressDirectoryFreeLoadProcSystem
String ID: WIN_XPe
API String ID: 582185067-3257408948
Opcode ID: 5853044632372dd561b56aa0b95470b81a80ea6b7421e82a9ca7ce45f3426a18
Instruction ID: 1e273d841c1af480433dfc466349eadf381e27443d582e98de3489d3c1654c6e
Opcode Fuzzy Hash: 5853044632372dd561b56aa0b95470b81a80ea6b7421e82a9ca7ce45f3426a18
Instruction Fuzzy Hash: 16F0C271818109DFDB15DBA1CA98FECBBF8BB18305F64049AE102A61A0D7758F84EF61

Function 00945998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 009459AE
PostMessageW.USER32(00000000), ref: 009459B5

Part of subcall function 00925244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 009252BC

Strings

Shell_TrayWnd, xrefs: 009459A7

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: 746f5e0a4bc37f96c4b0a22a48b45b013ab6775fdbd4bd341fc5f4d97db9b679
Instruction ID: 356a7a9277743c3dddb830cbb237a115da59d29c34e75bdbe821dd215feb5dc4
Opcode Fuzzy Hash: 746f5e0a4bc37f96c4b0a22a48b45b013ab6775fdbd4bd341fc5f4d97db9b679
Instruction Fuzzy Hash: 3CD012367D4312BBE764BB70AC1FFD76614BB45B50F010835B359EA1D4D9F0A800D654

Function 00945964 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0094596E
PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00945981

Part of subcall function 00925244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 009252BC

Strings

Shell_TrayWnd, xrefs: 00945967

Memory Dump Source

Source File: 00000000.00000002.2211396486.00000000008C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008C0000, based on PE: true

Associated: 00000000.00000002.2211378842.00000000008C0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.000000000094F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211456245.0000000000974000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211531605.000000000097E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2211556948.0000000000987000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8c0000_2XnMqJW0u1.jbxd

Similarity

API ID: FindMessagePostSleepWindow
String ID: Shell_TrayWnd
API String ID: 529655941-2988720461
Opcode ID: bd441170bd31526d6aedb1e0c863c00ebd3837e279576aefad4f00af35b8af47
Instruction ID: 03257feaf801be23ec7b310a6528dac6f1fc91352aa3562981bf9d2ac02bc8c8
Opcode Fuzzy Hash: bd441170bd31526d6aedb1e0c863c00ebd3837e279576aefad4f00af35b8af47
Instruction Fuzzy Hash: 1ED012367D8312B7E764BB70AC1FFE76A14BF41B50F010835B359AA1D4D9F09800D654

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 2XnMqJW0u1.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Xworm

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_a666021dc984861fc71dcf4d0549ad4bc6d7789_380355b3_169fe224-055a-41bf-bfbe-70fe38e4fde3\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERD8BB.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAC0.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAEF.tmp.xml

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegSvcs.exe.log

C:\Users\user\AppData\Local\Temp\Allene

C:\Users\user\AppData\Local\Temp\aut6222.tmp

C:\Users\user\AppData\Local\Temp\aut6F42.tmp

C:\Users\user\AppData\Local\Temp\autA9CA.tmp

C:\Users\user\AppData\Local\lustring\Esher.exe

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Esher.vbs

Windows Analysis Report
2XnMqJW0u1.exe

Function 008C3B3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153
windowCOMMON

Function 008C49A0 Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Function 008C4E89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62
COMMON

Function 00929155 Relevance: 19.8, APIs: 13, Instructions: 322
fileCOMMON

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre