Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1565724
MD5:efd5937f50c21b5ce660d67f3f995821
SHA1:28c4a690949e1a798904c67a869e33ec0f70ba13
SHA256:5a09d23637929d77e9c04322d800690bc6e7272e0755843f387c37b99f452fb8
Tags:exeuser-Bitsight
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to capture screen (.Net source)
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4464 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EFD5937F50C21B5CE660D67F3F995821)
    • schtasks.exe (PID: 4900 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 5324 cmdline: C:\Windows\system32\WerFault.exe -u -p 4464 -s 1548 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • github.exe (PID: 5332 cmdline: C:\Users\user\AppData\Roaming\github.exe MD5: EFD5937F50C21B5CE660D67F3F995821)
  • github.exe (PID: 3612 cmdline: C:\Users\user\AppData\Roaming\github.exe MD5: EFD5937F50C21B5CE660D67F3F995821)
  • github.exe (PID: 6288 cmdline: C:\Users\user\AppData\Roaming\github.exe MD5: EFD5937F50C21B5CE660D67F3F995821)
  • github.exe (PID: 4548 cmdline: C:\Users\user\AppData\Roaming\github.exe MD5: EFD5937F50C21B5CE660D67F3F995821)
  • github.exe (PID: 6048 cmdline: C:\Users\user\AppData\Roaming\github.exe MD5: EFD5937F50C21B5CE660D67F3F995821)
    • schtasks.exe (PID: 4500 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 2720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["179.43.171.209"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
file.exeJoeSecurity_XWormYara detected XWormJoe Security
    file.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0xb828:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0xb8c5:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0xb9da:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0xb664:$cnc4: POST / HTTP/1.1

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Roaming\github.exeJoeSecurity_XWormYara detected XWormJoe Security
      C:\Users\user\AppData\Roaming\github.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xb828:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xb8c5:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xb9da:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xb664:$cnc4: POST / HTTP/1.1

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
        • 0x7a28:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
        • 0x7ac5:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
        • 0x7bda:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
        • 0x7864:$cnc4: POST / HTTP/1.1
        0000000F.00000002.4134757107.0000000002571000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
          00000000.00000002.3233150482.00000000024A1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
            Process Memory Space: file.exe PID: 4464JoeSecurity_XWormYara detected XWormJoe Security
              Click to see the 1 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.file.exe.1f0000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                0.0.file.exe.1f0000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0xb828:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0xb8c5:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0xb9da:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0xb664:$cnc4: POST / HTTP/1.1

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Startup Folder File Write
                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 4464, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnk
                Sigma detected: Suspicious Add Scheduled Task Parent
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\github.exe, ParentImage: C:\Users\user\AppData\Roaming\github.exe, ParentProcessId: 6048, ParentProcessName: github.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", ProcessId: 4500, ProcessName: schtasks.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 4464, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", ProcessId: 4900, ProcessName: schtasks.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:50:12.564317+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:21.803302+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:23.014211+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:33.465699+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:43.918831+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:51.814724+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:54.432651+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:04.824542+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:09.654756+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:09.864173+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:10.454592+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:10.738647+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:15.060901+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:19.793422+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:21.812970+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:25.073709+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:25.200549+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:25.320839+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:25.527460+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:25.736397+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:26.067338+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:30.859539+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:31.070001+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:41.456528+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:41.666901+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:46.210378+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:47.435009+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:51.636877+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:51.850817+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:54.835154+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449822TCP
                2024-11-30T16:51:56.996773+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:57.207115+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:52:21.838590+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:52:32.711224+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:53:17.594430+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:53:21.847241+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:53:33.003664+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:53:46.931470+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:53:51.857063+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:54:01.603960+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:54:03.244083+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:50:12.643357+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:50:23.015820+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:50:33.468092+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:50:43.921384+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:50:54.434649+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:04.826643+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:09.662560+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:09.873575+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:10.456609+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:10.741862+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:15.063564+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:19.795772+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:25.606526+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:25.902700+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:26.185995+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:30.863516+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:31.071572+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:33.999086+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.122772+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.249174+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.370530+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.497285+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.624520+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.768811+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.892365+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.060270+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.185176+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.443452+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.563586+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.683837+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.795590+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.978074+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.098567+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.219877+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.344969+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.393729+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.513714+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.633903+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.754006+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.874148+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.962504+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.086777+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.208267+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.334509+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.464429+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.585171+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.626459+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.747918+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.957117+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.321395+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.441409+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.562931+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.688664+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.815602+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.177953+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.304771+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.430260+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.534450+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.910585+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.034305+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.154483+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.243128+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.382449+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.604633+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.835088+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.147414+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.273561+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.395553+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.460527+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:41.515632+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.636111+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.668482+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:41.761133+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.794146+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:41.881331+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.001428+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.126576+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.246928+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.459438+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.579948+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.700698+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.820724+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.940850+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.061075+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.206914+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.328303+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.448579+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.572661+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.693683+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.888243+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.010541+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.134515+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.255303+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.331991+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.452034+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.589044+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.709081+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.830251+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.950502+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.070585+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.286444+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.406517+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.530524+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.654666+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.776082+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.896245+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.198462+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.214458+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:46.319477+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.440258+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.561066+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.681137+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.898463+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.019175+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.139163+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.259201+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.379133+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.442462+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:47.602529+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.726321+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.846422+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.966450+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.034603+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.158550+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.299668+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.422516+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.543162+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.663722+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.784004+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.906496+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.041293+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.161507+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.282022+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.430464+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.694462+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.900716+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.080141+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.200432+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.320526+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.440778+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.560985+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.802832+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.922883+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.042943+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.163464+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.283428+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.403590+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.552115+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.638403+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:51.672816+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.799237+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.920598+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.042635+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.170469+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.508364+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.630146+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.839768+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.959862+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.107857+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.228054+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.348096+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.468395+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.588417+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.778822+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.899221+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.019388+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.140854+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.262283+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.456298+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.576467+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.696984+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.818226+010028529231Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:56.999543+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:51:57.209270+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                2024-11-30T16:53:17.613505+010028529231Malware Command and Control Activity Detected192.168.2.450015179.43.171.2097000TCP
                2024-11-30T16:53:33.053965+010028529231Malware Command and Control Activity Detected192.168.2.450015179.43.171.2097000TCP
                2024-11-30T16:53:46.933157+010028529231Malware Command and Control Activity Detected192.168.2.450015179.43.171.2097000TCP
                2024-11-30T16:54:01.606203+010028529231Malware Command and Control Activity Detected192.168.2.450015179.43.171.2097000TCP
                2024-11-30T16:54:03.244859+010028529231Malware Command and Control Activity Detected192.168.2.450015179.43.171.2097000TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:50:21.803302+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:50:51.814724+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:21.812970+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:51:51.850817+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:52:21.838590+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                2024-11-30T16:53:21.847241+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                2024-11-30T16:53:51.857063+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.450015TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:51:33.999086+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.122772+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.249174+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.370530+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.497285+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.624520+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.768811+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:34.892365+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.060270+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.185176+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.443452+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.563586+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.683837+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.795590+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:35.978074+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.098567+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.219877+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.344969+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.393729+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.513714+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.633903+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.754006+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.874148+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:36.962504+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.086777+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.208267+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.334509+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.464429+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.585171+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.626459+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.747918+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:37.957117+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.321395+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.441409+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.562931+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.688664+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:38.815602+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.177953+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.304771+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.430260+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.534450+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:39.910585+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.034305+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.154483+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.243128+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.382449+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.604633+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:40.835088+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.147414+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.273561+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.395553+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.515632+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.636111+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.761133+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:41.881331+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.001428+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.126576+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.246928+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.459438+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.579948+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.700698+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.820724+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:42.940850+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.061075+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.206914+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.328303+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.448579+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.572661+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.693683+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:43.888243+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.010541+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.134515+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.255303+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.331991+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.452034+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.589044+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.709081+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.830251+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:44.950502+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.070585+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.286444+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.406517+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.530524+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.654666+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.776082+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:45.896245+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.198462+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.319477+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.440258+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.561066+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.681137+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:46.898463+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.019175+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.139163+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.259201+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.379133+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.602529+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.726321+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.846422+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:47.966450+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.034603+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.158550+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.299668+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.422516+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.543162+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.663722+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.784004+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:48.906496+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.041293+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.161507+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.282022+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.430464+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.694462+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:49.900716+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.080141+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.200432+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.320526+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.440778+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.560985+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.802832+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:50.922883+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.042943+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.163464+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.283428+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.403590+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.552115+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.672816+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.799237+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:51.920598+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.042635+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.170469+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.508364+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.630146+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.839768+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:52.959862+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.107857+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.228054+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.348096+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.468395+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.588417+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.778822+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:53.899221+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.019388+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.140854+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.262283+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.456298+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.576467+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.696984+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                2024-11-30T16:51:54.818226+010028528731Malware Command and Control Activity Detected192.168.2.449822179.43.171.2097000TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:51:30.592125+010028531931Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:51:33.505510+010028531911Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-30T16:51:32.936491+010028531921Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: file.exeMalware Configuration Extractor: Xworm {"C2 url": ["179.43.171.209"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\github.exeReversingLabs: Detection: 55%
                Multi AV Scanner detection for submitted file
                Source: file.exeReversingLabs: Detection: 55%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\github.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: file.exeString decryptor: 179.43.171.209
                Source: file.exeString decryptor: 7000
                Source: file.exeString decryptor: <123456789>
                Source: file.exeString decryptor: <Xwormmm>
                Source: file.exeString decryptor: XWorm V5.6
                Source: file.exeString decryptor: USB.exe
                Source: file.exeString decryptor: %AppData%
                Source: file.exeString decryptor: github.exe
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Xml.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbr) source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: System.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: C:\Users\user\Desktop\file.PDB source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: System.Windows.Forms.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.pdbh source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Drawing.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Drawing.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32edC^i18 source: file.exe, 00000000.00000002.3235318254.000000001B400000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Xml.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: 0C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: System.Xml.ni.pdbRSDS# source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: rsymbols\dll\mscorlib.pdbpdb` source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Core.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbPDB" source: file.exe, 00000000.00000002.3235318254.000000001B477000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Windows.Forms.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbD source: file.exe, 00000000.00000002.3235318254.000000001B4E0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb; source: file.exe, 00000000.00000002.3235318254.000000001B4E0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Management.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Drawing.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: mscorlib.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Management.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3235318254.000000001B477000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Core.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb, source: file.exe, 00000000.00000002.3235318254.000000001B477000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.pdbSystem.Xml.dll` source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.pdbP source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: Microsoft.VisualBasic.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Core.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFD9B8BE3D2h0_2_00007FFD9B8BE20D
                Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFD9B8BF9B4h0_2_00007FFD9B8BC8B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFD9B8BF9C5h0_2_00007FFD9B8BC8B0
                Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFD9B8C05F7h0_2_00007FFD9B8BC8F0
                Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp 00007FFD9B8C05F7h0_2_00007FFD9B8BC8F0

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49730 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 179.43.171.209:7000 -> 192.168.2.4:49730
                Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49730 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 179.43.171.209:7000 -> 192.168.2.4:49730
                Source: Network trafficSuricata IDS: 2852873 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M2 : 192.168.2.4:49822 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49822 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49730 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2853192 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound : 192.168.2.4:49730 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2853191 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound : 179.43.171.209:7000 -> 192.168.2.4:49730
                Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 179.43.171.209:7000 -> 192.168.2.4:50015
                Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:50015 -> 179.43.171.209:7000
                Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 179.43.171.209:7000 -> 192.168.2.4:50015
                Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 179.43.171.209:7000 -> 192.168.2.4:49822
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: 179.43.171.209
                Source: global trafficTCP traffic: 192.168.2.4:49730 -> 179.43.171.209:7000
                Source: Joe Sandbox ViewASN Name: PLI-ASCH PLI-ASCH
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
                Source: file.exe, 00000000.00000002.3233150482.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.0000000002571000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to capture screen (.Net source)
                Source: 0.2.file.exe.1acb0000.0.raw.unpack, RemoteDesktop.cs.Net Code: GetScreen

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: file.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 0.0.file.exe.1f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: 00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                Source: C:\Users\user\AppData\Roaming\github.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                PE file contains section with special chars
                Source: file.exeStatic PE information: section name: U@7'
                Source: github.exe.0.drStatic PE information: section name: U@7'
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8BD0150_2_00007FFD9B8BD015
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8B8C550_2_00007FFD9B8B8C55
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8BB2F90_2_00007FFD9B8BB2F9
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8B7B1A0_2_00007FFD9B8B7B1A
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8B0F280_2_00007FFD9B8B0F28
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8B11DA0_2_00007FFD9B8B11DA
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8BC8F00_2_00007FFD9B8BC8F0
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8B11C80_2_00007FFD9B8B11C8
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 3_2_00007FFD9B891BAE3_2_00007FFD9B891BAE
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 3_2_00007FFD9B8910A03_2_00007FFD9B8910A0
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 3_2_00007FFD9B8910F23_2_00007FFD9B8910F2
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 3_2_00007FFD9B8911183_2_00007FFD9B891118
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 4_2_00007FFD9B891BAE4_2_00007FFD9B891BAE
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 4_2_00007FFD9B8910A04_2_00007FFD9B8910A0
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 4_2_00007FFD9B8910F24_2_00007FFD9B8910F2
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 4_2_00007FFD9B8911184_2_00007FFD9B891118
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 8_2_00007FFD9B8A1BAE8_2_00007FFD9B8A1BAE
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 8_2_00007FFD9B8A10A08_2_00007FFD9B8A10A0
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 8_2_00007FFD9B8A10F28_2_00007FFD9B8A10F2
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 8_2_00007FFD9B8A11188_2_00007FFD9B8A1118
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 13_2_00007FFD9B891BAE13_2_00007FFD9B891BAE
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 13_2_00007FFD9B8910A013_2_00007FFD9B8910A0
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 13_2_00007FFD9B8910F213_2_00007FFD9B8910F2
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 13_2_00007FFD9B89111813_2_00007FFD9B891118
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 15_2_00007FFD9BAD0F2815_2_00007FFD9BAD0F28
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 15_2_00007FFD9BAD11C815_2_00007FFD9BAD11C8
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 15_2_00007FFD9BAD2E6815_2_00007FFD9BAD2E68
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4464 -s 1548
                Source: file.exe, 00000000.00000000.1654542882.0000000000202000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegithub.exe4 vs file.exe
                Source: file.exe, 00000000.00000002.3235116337.000000001ACB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRemoteDesktop.dll< vs file.exe
                Source: file.exeBinary or memory string: OriginalFilenamegithub.exe4 vs file.exe
                Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: file.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 0.0.file.exe.1f0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: 00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: C:\Users\user\AppData\Roaming\github.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                Source: file.exeStatic PE information: Section: U@7' ZLIB complexity 1.0007672991071428
                Source: github.exe.0.drStatic PE information: Section: U@7' ZLIB complexity 1.0007672991071428
                Source: 0.2.file.exe.1acb0000.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.file.exe.1acb0000.0.raw.unpack, Helper.csCryptographic APIs: 'TransformFinalBlock'
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/8@0/1
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\github.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMutant created: NULL
                Source: C:\Users\user\AppData\Roaming\github.exeMutant created: \Sessions\1\BaseNamedObjects\aKo7AtdK4OEvATqs
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1396:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2720:120:WilError_03
                Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4464
                Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\91def029-68b7-4b1a-a002-40da87a1053bJump to behavior
                Source: file.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: file.exeReversingLabs: Detection: 55%
                Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
                Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\github.exe C:\Users\user\AppData\Roaming\github.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\github.exe C:\Users\user\AppData\Roaming\github.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\github.exe C:\Users\user\AppData\Roaming\github.exe
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 4464 -s 1548
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\github.exe C:\Users\user\AppData\Roaming\github.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\github.exe C:\Users\user\AppData\Roaming\github.exe
                Source: C:\Users\user\AppData\Roaming\github.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
                Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"Jump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: scrrun.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: linkinfo.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32Jump to behavior
                Source: github.lnk.0.drLNK file: ..\..\..\..\..\github.exe
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Xml.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbr) source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: System.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: C:\Users\user\Desktop\file.PDB source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: System.Windows.Forms.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.pdbh source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Drawing.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Drawing.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: mscorlib.pdbCLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32edC^i18 source: file.exe, 00000000.00000002.3235318254.000000001B400000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Xml.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: 0C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: System.Xml.ni.pdbRSDS# source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: rsymbols\dll\mscorlib.pdbpdb` source: file.exe, 00000000.00000002.3235867035.000000001B739000.00000004.00000010.00020000.00000000.sdmp
                Source: Binary string: Microsoft.VisualBasic.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Core.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\dll\mscorlib.pdbPDB" source: file.exe, 00000000.00000002.3235318254.000000001B477000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Windows.Forms.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbD source: file.exe, 00000000.00000002.3235318254.000000001B4E0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mscorlib.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Windows.Forms.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb; source: file.exe, 00000000.00000002.3235318254.000000001B4E0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Management.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Drawing.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: mscorlib.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Management.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: \??\C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3235318254.000000001B477000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Core.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb, source: file.exe, 00000000.00000002.3235318254.000000001B477000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: System.Drawing.pdbSystem.Xml.dll` source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Configuration.pdbP source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.ni.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: Microsoft.VisualBasic.pdb source: WER9F9F.tmp.dmp.12.dr
                Source: Binary string: System.Core.ni.pdbRSDS source: WER9F9F.tmp.dmp.12.dr
                Source: initial sampleStatic PE information: section where entry point is pointing to: XejnR
                Source: file.exeStatic PE information: section name: U@7'
                Source: file.exeStatic PE information: section name: XejnR
                Source: github.exe.0.drStatic PE information: section name: U@7'
                Source: github.exe.0.drStatic PE information: section name: XejnR
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FFD9B8B00BD pushad ; iretd 0_2_00007FFD9B8B00C1
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 15_2_00007FFD9BAD3B05 pushad ; retf 15_2_00007FFD9BAD3B3D
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 15_2_00007FFD9BAD2A5D push E95E5007h; ret 15_2_00007FFD9BAD2AF9
                Source: C:\Users\user\AppData\Roaming\github.exeCode function: 15_2_00007FFD9BAD7EDA push eax; ret 15_2_00007FFD9BAD7EE9
                Source: file.exeStatic PE information: section name: U@7' entropy: 7.9871822316254475
                Source: github.exe.0.drStatic PE information: section name: U@7' entropy: 7.9871822316254475
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\github.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnkJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnkJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\AAF0BA07CDEB53E61426 88D9A666AFE4B49FD15B45F1DC568347855CF049E54918D00BAF1610AE750872Jump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\user\AppData\Roaming\github.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 22F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: 1A4A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 1050000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 1A8B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: FF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 1AB70000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 2A50000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 1ABE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: C30000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 1A8F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 9A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeMemory allocated: 1A570000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 7380Jump to behavior
                Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 2440Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeWindow / User API: threadDelayed 7301Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeWindow / User API: threadDelayed 2547Jump to behavior
                Source: C:\Users\user\Desktop\file.exe TID: 2132Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 1344Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 1396Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 4248Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 4908Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 3668Thread sleep count: 38 > 30Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 3668Thread sleep time: -35048813740048126s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 5496Thread sleep count: 7301 > 30Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exe TID: 5496Thread sleep count: 2547 > 30Jump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: Amcache.hve.12.drBinary or memory string: VMware
                Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
                Source: Amcache.hve.12.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.12.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.12.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.12.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.12.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: Amcache.hve.12.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: Amcache.hve.12.drBinary or memory string: vmci.sys
                Source: Amcache.hve.12.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                Source: Amcache.hve.12.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.12.drBinary or memory string: \driver\vmci,\driver\pci
                Source: github.exe, 0000000F.00000002.4135597921.000000001B446000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW=b%SystemRoot%\system32\mswsock.dllconnectionStringName="LocalSqlServer"
                Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: Amcache.hve.12.drBinary or memory string: VMware20,1
                Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.12.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.12.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.12.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: file.exe, 00000000.00000002.3235318254.000000001B400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen%SystemRoot%\system32\mswsock.dllroviders>
                Source: Amcache.hve.12.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"Jump to behavior
                Source: file.exe, 00000000.00000002.3233150482.0000000002A2A000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.000000000261C000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.00000000025C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0
                Source: file.exe, 00000000.00000002.3233150482.0000000002A2A000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.000000000261C000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.00000000025C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: file.exe, 00000000.00000002.3233150482.0000000002A2A000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.000000000261C000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.00000000025C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
                Source: file.exe, 00000000.00000002.3233150482.0000000002A2A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager2y
                Source: file.exe, 00000000.00000002.3233150482.0000000002A2A000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.000000000261C000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.00000000025C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0@
                Source: github.exe, 0000000F.00000002.4134757107.000000000261C000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.00000000025C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager2
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeQueries volume information: C:\Users\user\AppData\Roaming\github.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeQueries volume information: C:\Users\user\AppData\Roaming\github.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeQueries volume information: C:\Users\user\AppData\Roaming\github.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeQueries volume information: C:\Users\user\AppData\Roaming\github.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\github.exeQueries volume information: C:\Users\user\AppData\Roaming\github.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.12.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.12.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: github.exe, 0000000F.00000002.4135597921.000000001B480000.00000004.00000020.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4133786462.00000000006BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.12.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                Source: C:\Users\user\AppData\Roaming\github.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected XWorm
                Source: Yara matchFile source: file.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.file.exe.1f0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.4134757107.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3233150482.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 4464, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: github.exe PID: 6048, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\github.exe, type: DROPPED

                Remote Access Functionality

                barindex
                Yara detected XWorm
                Source: Yara matchFile source: file.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.file.exe.1f0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000F.00000002.4134757107.0000000002571000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.3233150482.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: file.exe PID: 4464, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: github.exe PID: 6048, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\github.exe, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                Windows Management Instrumentation                		1
                Scheduled Task/Job                		12
                Process Injection                		1
                Masquerading                		OS Credential Dumping231
                Security Software Discovery                		Remote Services1
                Screen Capture                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Scheduled Task/Job                		2
                Registry Run Keys / Startup Folder                		1
                Scheduled Task/Job                		1
                Modify Registry                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol11
                Archive Collected Data                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                DLL Side-Loading                		2
                Registry Run Keys / Startup Folder                		1
                Disable or Modify Tools                		Security Account Manager141
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		141
                Virtualization/Sandbox Evasion                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Process Injection                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Deobfuscate/Decode Files or Information                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1565724 Sample: file.exe Startdate: 30/11/2024 Architecture: WINDOWS Score: 100 35 Suricata IDS alerts for network traffic 2->35 37 Found malware configuration 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 8 other signatures 2->41 7 file.exe 1 5 2->7         started        12 github.exe 1 2->12         started        14 github.exe 3 2->14         started        16 3 other processes 2->16 process3 dnsIp4 33 179.43.171.209, 49730, 49822, 50015 PLI-ASCH Panama 7->33 31 C:\Users\user\AppData\Roaming\github.exe, PE32 7->31 dropped 43 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 7->43 45 Uses schtasks.exe or at.exe to add and modify task schedules 7->45 18 WerFault.exe 19 16 7->18         started        21 schtasks.exe 1 7->21         started        47 Multi AV Scanner detection for dropped file 12->47 49 Machine Learning detection for dropped file 12->49 23 schtasks.exe 14->23         started        file5 signatures6 process7 file8 29 C:\ProgramData\Microsoft\...\Report.wer, Unicode 18->29 dropped 25 conhost.exe 21->25         started        27 conhost.exe 23->27         started        process9

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe55%ReversingLabsByteCode-MSIL.Trojan.XWorm
                file.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\github.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\github.exe55%ReversingLabsByteCode-MSIL.Trojan.XWorm

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                179.43.171.2090%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                No contacted domains info

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                179.43.171.209true
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://upx.sf.netAmcache.hve.12.drfalse
                  		high
                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefile.exe, 00000000.00000002.3233150482.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, github.exe, 0000000F.00000002.4134757107.0000000002571000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    179.43.171.209
                    		unknownPanama
                    		51852PLI-ASCHtrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1565724
                    Start date and time:2024-11-30 16:49:05 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 3s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:18
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:file.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@13/8@0/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 94%
                    • Number of executed functions: 21
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 20.189.173.21
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtSetInformationFile calls found.
                    • VT rate limit hit for: file.exe

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    10:49:54API Interceptor4170595x Sleep call for process: file.exe modified
                    10:49:56API Interceptor168x Sleep call for process: github.exe modified
                    10:52:31API Interceptor1x Sleep call for process: WerFault.exe modified
                    15:49:56Task SchedulerRun new task: github path: C:\Users\user\AppData\Roaming\github.exe
                    15:49:58AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnk

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    PLI-ASCHH4IoDDh3Rv.exeGet hashmaliciousAveMaria, PrivateLoader, UACMeBrowse
                    • 176.223.112.134
                    wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                    • 179.43.171.197
                    o4QEzeCniw.exeGet hashmaliciousUnknownBrowse
                    • 179.43.182.252
                    http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTczMTQ4OTAwMjtzOjI6ImlkIjtpOjEzODk4O3M6NDoiZmlsZSI7czo0MzoicGRmY3JlYXRvci0xLTYtMi1QREZDcmVhdG9yLTFfNl8yX3NldHVwLmV4ZSI7czozOiJ1cmwiO3M6NTA6Imh0dHA6Ly93d3cub2xkdmVyc2lvbi5jb20vd2luZG93cy9wZGZjcmVhdG9yLTEtNi0yIjtzOjQ6InBhc3MiO3M6MzI6IjMwYzExNzY3MTEwNWY3MjhjYjA0YzU2ZjkzYTc1YTRjIjt9Get hashmaliciousUnknownBrowse
                    • 81.17.20.50
                    Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                    • 179.43.180.122
                    Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                    • 179.43.180.122
                    Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                    • 190.211.254.101
                    Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                    • 190.211.254.192
                    file.exeGet hashmaliciousWhiteSnake StealerBrowse
                    • 81.17.25.195
                    SCV.cmdGet hashmaliciousUnknownBrowse
                    • 179.43.180.122

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_489542ce3eb4b4cc3c3bd7df7e4d98eb5ea1839_8bc8969b_736690da-bad7-4558-90ec-2c5b112d0ce3\Report.wer

                    Download File
                    Process:C:\Windows\System32\WerFault.exe
                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):65536
                    Entropy (8bit):1.3900530712829182
                    Encrypted:false
                    SSDEEP:192:oiBvjv4yOY081iHYIxaWz8iyX8CNln72ZFxZzuiFAZ24lO8HVB:/b4J81iZa48i/SuZzuiFAY4lO87
                    MD5:233811CAB1431FC51B33AEA1CA117B5F
                    SHA1:0E872E5DAA110425CC538BD85D584DD330CD4E6B
                    SHA-256:A8ABFE1EE640A732D8EFBFED32A9F727C49A6FD876996EC0CEB57D52BBB07596
                    SHA-512:385964B78A6C14D9E4ADF21ECA1B4BE64AE54637A9D5D7C8854029A5365A7D9A0E16ACC48F58C9E35731252F13B348E66E7F36343D12E3B6EF12CFE8F391940D
                    Malicious:true
                    Reputation:low
                    Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.4.5.5.5.1.9.4.8.0.9.3.4.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.4.5.5.5.2.0.7.3.0.9.2.7.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.3.6.6.9.0.d.a.-.b.a.d.7.-.4.5.5.8.-.9.0.e.c.-.2.c.5.b.1.1.2.d.0.c.e.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.6.b.d.f.1.5.2.-.b.9.4.8.-.4.0.8.1.-.8.e.2.e.-.f.c.4.5.f.f.f.f.a.e.d.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.g.i.t.h.u.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.1.7.0.-.0.0.0.1.-.0.0.1.4.-.7.d.5.5.-.6.d.7.f.3.f.4.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.b.1.f.5.e.c.8.4.6.3.4.e.a.0.3.a.7.9.a.6.5.e.9.8.c.e.4.7.d.0.a.0.0.0.0.0.0.0.0.!.0.0.0.0.2.8.c.4.a.6.9.0.9.4.9.e.1.a.7.9.8.9.0.4.c.6.7.a.8.6.9.e.3.3.e.c.0.f.7.0.b.a.1.3.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.

                    C:\ProgramData\Microsoft\Windows\WER\Temp\WER9F9F.tmp.dmp

                    Download File
                    Process:C:\Windows\System32\WerFault.exe
                    File Type:Mini DuMP crash report, 16 streams, Sat Nov 30 15:51:59 2024, 0x1205a4 type
                    Category:dropped
                    Size (bytes):642462
                    Entropy (8bit):2.930222490285549
                    Encrypted:false
                    SSDEEP:3072:Yd2M60ASwsFFyMB3uPEBE47vzAtPMXcSnl61CCqv14uxXaRo3+vAtdN9tdN9tdNE:Ydo039aEK4vck7uqvGuVUo3Qtt
                    MD5:08BB38236391942E7EC1396227F6F1C0
                    SHA1:B0EEF06592139923F2704FF09E98A99AA07130E1
                    SHA-256:BFBC15D815A3A4ACE6EF38471D58ECE5FBBAA9D85F8DE9D5D41333002E28152E
                    SHA-512:C2192EE81D66A3F41F3192C49C93A002136F2E14ECF330A70A667243249E953EB8678D5636E67F4F02BDBAED6C0CAEA70A13F76AD83E50B3E9879E12BDF5FDA9
                    Malicious:false
                    Reputation:low
                    Preview:MDMP..a..... ........4Kg............T...........@'..t.......$....2...........2.......H..............l.......8...........T............X...t...........F...........H..............................................................................eJ......dI......Lw......................T.......p...!4Kg....(........................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA155.tmp.WERInternalMetadata.xml

                    Download File
                    Process:C:\Windows\System32\WerFault.exe
                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):9158
                    Entropy (8bit):3.7039269132747146
                    Encrypted:false
                    SSDEEP:192:R6l7wVeJuC/ks6Y9BvSj3agmfZDE87prnx89bHxvmPHTfVlhm:R6lXJ1X6YLvSj3agmfaJHx+PHTf/c
                    MD5:3F73725B32BD5662435C081E2A4D23DE
                    SHA1:F8E151384E3EB3D4C51B93AFF68A9986A58F2695
                    SHA-256:AA5D985F855469B8D86BC6EB5D22763772D8EFB156735F634A4457C0543707B3
                    SHA-512:275E6E522B49084F5E2A2FF7201ED3A3259BE60ECC35542DD503A3A4B2D619B3E1478EAF54162EA1C5526395B042C3D63AD94F0F9A488ADF8C6AF07E8AC1A839
                    Malicious:false
                    Reputation:low
                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.4.6.4.<./.P.i.

                    C:\ProgramData\Microsoft\Windows\WER\Temp\WERA175.tmp.xml

                    Download File
                    Process:C:\Windows\System32\WerFault.exe
                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):4748
                    Entropy (8bit):4.432176957408072
                    Encrypted:false
                    SSDEEP:48:cvIwWl8zsZZJg771I9KFWpW8VYcPYm8M4JR6EFaXyq8vN6+yGbgDLid:uIjfJI7p07VlSJ4fWE+lqLid
                    MD5:E9E8897322A91CBC377824766892BC38
                    SHA1:A77A9EBD7C44F1E7ACFAF107A7285F37A572260E
                    SHA-256:B08C4D11CCE894E51B7228B3B522ABAA30BE753A46CF1645B374FA1EB7252D83
                    SHA-512:5BC3C0BE582AA3FFF3FE58F6A877E2B7158BF87AED50BAE224C6462846DFAE6611A241B07FEB6819B6CADC925FE9F28BB52DBEA31A02ACEB12AF84C5C535E193
                    Malicious:false
                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="610974" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\github.exe.log

                    Download File
                    Process:C:\Users\user\AppData\Roaming\github.exe
                    File Type:CSV text
                    Category:dropped
                    Size (bytes):654
                    Entropy (8bit):5.380476433908377
                    Encrypted:false
                    SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                    MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                    SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                    SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                    SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                    Malicious:false
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnk

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Nov 30 14:49:55 2024, mtime=Sat Nov 30 14:49:55 2024, atime=Sat Nov 30 14:49:55 2024, length=52736, window=hide
                    Category:dropped
                    Size (bytes):759
                    Entropy (8bit):5.02726270492719
                    Encrypted:false
                    SSDEEP:12:8cBmBwg4RHWC2dY//6D2LMq0KmXEAtjAfrH8oKeEACOLBmV:8+sl+iDgDmXLJAfVL7LBm
                    MD5:C431B80472A21549266CAF0AB39A2186
                    SHA1:F94A2D58E26B18C04AFDF5070F3F05349A5E28FE
                    SHA-256:F931F4FD7DB98571D11ADF16E2B1458B8DC3E0CB528886F33D63A6CE8D984930
                    SHA-512:BA9D7A761F93C6820AAB4867D05988CE93E75CBA79A44C97FF9E23E47633E95A8981A539B1BA65E2441060F548F6FE78FA60228418BA6F0615A3C28E8950567B
                    Malicious:false
                    Preview:L..................F.... .....S.?C....S.?C....S.?C..........................t.:..DG..Yr?.D..U..k0.&...&......vk.v......y{?C..s..?C......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^~Y:~...........................%..A.p.p.D.a.t.a...B.V.1.....~Y8~..Roaming.@......CW.^~Y8~...........................\..R.o.a.m.i.n.g.....`.2.....~Y<~ .github.exe..F......~Y<~~Y<~..........................g.q.g.i.t.h.u.b...e.x.e.......X...............-.......W............u.Q.....C:\Users\user\AppData\Roaming\github.exe........\.....\.....\.....\.....\.g.i.t.h.u.b...e.x.e.`.......X.......942247...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                    C:\Users\user\AppData\Roaming\github.exe

                    Download File
                    Process:C:\Users\user\Desktop\file.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):52736
                    Entropy (8bit):6.560412971442069
                    Encrypted:false
                    SSDEEP:1536:J/mQgB/wjBHgXOo6PF09a3Yu2u29Pp9/D9gSFovbnlgZFO/86c9p:J/mzBIlAe3WuMzr9vFovbnmFO/54
                    MD5:EFD5937F50C21B5CE660D67F3F995821
                    SHA1:28C4A690949E1A798904C67A869E33EC0F70BA13
                    SHA-256:5A09D23637929D77E9C04322D800690BC6E7272E0755843F387C37B99F452FB8
                    SHA-512:13E092E75FD3FCF2DAFCE1E186F6583DF1F562FFEBC5F45CDF80A21F2DEA25DC96E1535194E393B94153E2D41CB8B0E86B7835CB918FB278E119486836BC1CD9
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\github.exe, Author: Joe Security
                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\github.exe, Author: ditekSHen
                    Antivirus:
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 55%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r0Kg.....................@.......`...`... ....@.. .......................`............@.................................T...W.... .......................@.......................................................`..................H...........U@...7'.@6... ...8..................@...XejnR........`.......<.............. ..`.text...............>.............. ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Windows\appcompat\Programs\Amcache.hve

                    Download File
                    Process:C:\Windows\System32\WerFault.exe
                    File Type:MS Windows registry file, NT/2000 or above
                    Category:dropped
                    Size (bytes):1835008
                    Entropy (8bit):4.465474120418933
                    Encrypted:false
                    SSDEEP:6144:GIXfpi67eLPU9skLmb0b4RWSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSba:rXD94RWlLZMM6YFH1+a
                    MD5:E425F9AAB62D27392103565EADBFB511
                    SHA1:ACD8A711831C936F8C8C4B41C532AEE8E703F0D2
                    SHA-256:F968D7B97FDF7D2A9B1145292E22588400ED64FF06C4EDD169B99C4C1845E88C
                    SHA-512:AF3215247FBE65C2E335A22A2B248800E838E8E31ABFBF4E5ED4E9E2017CBB86D8CEE2336D2D77B53D05F4E2B50D4C370576777BA13655416A9B2C57C4C2D9C6
                    Malicious:false
                    Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.1K.?C..............................................................................................................................................................................................................................................................................................................................................+.\.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):6.560412971442069
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    • Win32 Executable (generic) a (10002005/4) 49.96%
                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    File name:file.exe
                    File size:52'736 bytes
                    MD5:efd5937f50c21b5ce660d67f3f995821
                    SHA1:28c4a690949e1a798904c67a869e33ec0f70ba13
                    SHA256:5a09d23637929d77e9c04322d800690bc6e7272e0755843f387c37b99f452fb8
                    SHA512:13e092e75fd3fcf2dafce1e186f6583df1f562ffebc5f45cdf80a21f2dea25dc96e1535194e393b94153e2d41cb8b0e86b7835cb918fb278e119486836bc1cd9
                    SSDEEP:1536:J/mQgB/wjBHgXOo6PF09a3Yu2u29Pp9/D9gSFovbnlgZFO/86c9p:J/mzBIlAe3WuMzr9vFovbnmFO/54
                    TLSH:EA338E2C739083A5D6E83B3598F662330B3ABAD75E738F4D5794820B1D53394BD0639A
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r0Kg.....................@.......`...`... ....@.. .......................`............@................................

                    File Icon

                    Icon Hash:90cececece8e8eb0

                    Static PE Info

                    General

                    Entrypoint:0x40600a
                    Entrypoint Section:XejnR
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x674B3072 [Sat Nov 30 15:34:10 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00406000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x94540x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x120000x4ce.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x140000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x60000x8XejnR
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x80000x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    U@7'0x20000x36400x380024fe46f061557bcc63cb7b5ea49571bfFalse1.0007672991071428data7.9871822316254475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    XejnR0x60000x100x2001e1e8b60a387632920fef4df72800438False0.04296875data0.12227588125913882IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .text0x80000x87f40x88007556788c4657fd71bc6193fc9504e89fFalse0.5373965992647058data5.769865084802064IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x120000x4ce0x600d411d24a8585785d52d5c0a3f715d899False0.373046875data3.7126756714690634IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x140000xc0x20056fe95061a1756a1322efd56a668547bFalse0.041015625data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_VERSION0x120a00x244data0.4706896551724138
                    RT_MANIFEST0x122e40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-11-30T16:50:12.133555+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:50:12.564317+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:12.643357+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:50:21.803302+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:21.803302+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:23.014211+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:23.015820+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:50:33.465699+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:33.468092+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:50:43.918831+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:43.921384+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:50:51.814724+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:51.814724+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:54.432651+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:50:54.434649+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:04.824542+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:04.826643+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:09.654756+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:09.662560+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:09.864173+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:09.873575+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:10.454592+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:10.456609+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:10.738647+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:10.741862+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:15.060901+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:15.063564+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:19.793422+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:19.795772+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:21.812970+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:21.812970+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:25.073709+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:25.200549+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:25.320839+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:25.527460+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:25.606526+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:25.736397+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:25.902700+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:26.067338+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:26.185995+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:30.592125+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:30.859539+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:30.863516+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:31.070001+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:31.071572+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:32.936491+01002853192ETPRO MALWARE Win32/XWorm V3 CnC Command - sendPlugin Outbound1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:33.505510+01002853191ETPRO MALWARE Win32/XWorm V3 CnC Command - savePlugin Inbound1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:33.999086+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:33.999086+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.122772+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.122772+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.249174+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.249174+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.370530+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.370530+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.497285+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.497285+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.624520+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.624520+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.768811+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.768811+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.892365+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:34.892365+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.060270+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.060270+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.185176+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.185176+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.443452+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.443452+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.563586+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.563586+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.683837+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.683837+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.795590+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.795590+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.978074+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:35.978074+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.098567+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.098567+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.219877+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.219877+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.344969+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.344969+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.393729+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.393729+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.513714+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.513714+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.633903+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.633903+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.754006+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.754006+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.874148+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.874148+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.962504+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:36.962504+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.086777+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.086777+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.208267+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.208267+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.334509+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.334509+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.464429+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.464429+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.585171+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.585171+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.626459+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.626459+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.747918+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.747918+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.957117+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:37.957117+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.321395+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.321395+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.441409+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.441409+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.562931+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.562931+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.688664+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.688664+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.815602+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:38.815602+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.177953+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.177953+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.304771+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.304771+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.430260+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.430260+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.534450+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.534450+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.910585+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:39.910585+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.034305+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.034305+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.154483+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.154483+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.243128+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.243128+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.382449+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.382449+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.604633+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.604633+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.835088+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:40.835088+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.147414+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.147414+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.273561+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.273561+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.395553+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.395553+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.456528+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:41.460527+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:41.515632+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.515632+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.636111+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.636111+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.666901+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:41.668482+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:41.761133+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.761133+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.794146+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:41.881331+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:41.881331+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.001428+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.001428+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.126576+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.126576+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.246928+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.246928+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.459438+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.459438+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.579948+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.579948+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.700698+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.700698+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.820724+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.820724+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.940850+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:42.940850+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.061075+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.061075+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.206914+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.206914+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.328303+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.328303+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.448579+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.448579+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.572661+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.572661+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.693683+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.693683+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.888243+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:43.888243+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.010541+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.010541+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.134515+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.134515+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.255303+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.255303+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.331991+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.331991+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.452034+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.452034+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.589044+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.589044+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.709081+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.709081+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.830251+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.830251+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.950502+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:44.950502+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.070585+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.070585+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.286444+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.286444+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.406517+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.406517+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.530524+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.530524+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.654666+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.654666+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.776082+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.776082+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.896245+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:45.896245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.198462+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.198462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.210378+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:46.214458+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:46.319477+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.319477+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.440258+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.440258+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.561066+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.561066+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.681137+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.681137+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.898463+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:46.898463+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.019175+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.019175+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.139163+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.139163+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.259201+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.259201+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.379133+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.379133+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.435009+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:47.442462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:47.602529+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.602529+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.726321+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.726321+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.846422+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.846422+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.966450+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:47.966450+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.034603+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.034603+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.158550+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.158550+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.299668+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.299668+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.422516+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.422516+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.543162+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.543162+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.663722+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.663722+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.784004+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.784004+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.906496+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:48.906496+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.041293+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.041293+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.161507+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.161507+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.282022+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.282022+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.430464+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.430464+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.694462+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.694462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.900716+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:49.900716+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.080141+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.080141+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.200432+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.200432+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.320526+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.320526+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.440778+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.440778+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.560985+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.560985+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.802832+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.802832+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.922883+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:50.922883+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.042943+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.042943+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.163464+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.163464+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.283428+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.283428+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.403590+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.403590+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.552115+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.552115+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.636877+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:51.638403+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:51.672816+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.672816+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.799237+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.799237+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.850817+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:51.850817+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:51.920598+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:51.920598+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.042635+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.042635+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.170469+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.170469+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.508364+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.508364+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.630146+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.630146+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.839768+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.839768+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.959862+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:52.959862+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.107857+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.107857+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.228054+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.228054+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.348096+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.348096+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.468395+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.468395+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.588417+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.588417+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.778822+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.778822+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.899221+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:53.899221+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.019388+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.019388+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.140854+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.140854+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.262283+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.262283+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.456298+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.456298+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.576467+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.576467+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.696984+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.696984+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.818226+01002852873ETPRO MALWARE Win32/XWorm CnC PING Command Outbound M21192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.818226+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449822179.43.171.2097000TCP
                    2024-11-30T16:51:54.835154+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449822TCP
                    2024-11-30T16:51:56.996773+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:56.999543+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:51:57.207115+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:51:57.209270+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                    2024-11-30T16:52:21.838590+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:52:21.838590+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:52:32.711224+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                    2024-11-30T16:53:17.594430+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:53:17.613505+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450015179.43.171.2097000TCP
                    2024-11-30T16:53:21.847241+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:53:21.847241+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:53:33.003664+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:53:33.053965+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450015179.43.171.2097000TCP
                    2024-11-30T16:53:46.931470+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:53:46.933157+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450015179.43.171.2097000TCP
                    2024-11-30T16:53:51.857063+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:53:51.857063+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:54:01.603960+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:54:01.606203+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450015179.43.171.2097000TCP
                    2024-11-30T16:54:03.244083+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.450015TCP
                    2024-11-30T16:54:03.244859+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.450015179.43.171.2097000TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Nov 30, 2024 16:50:01.280052900 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:01.400099039 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:01.400180101 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:01.682056904 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:01.802130938 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:12.133554935 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:12.253583908 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:12.564316988 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:12.611788988 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:12.643357038 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:12.763468981 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:21.803302050 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:21.846168041 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:22.581401110 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:22.703443050 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:23.014210939 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:23.015820026 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:23.135987997 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:33.034142971 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:33.154879093 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:33.465698957 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:33.468091965 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:33.587980032 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:43.487947941 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:43.608536959 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:43.918831110 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:43.921384096 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:44.041434050 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:51.814723969 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:51.861851931 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:53.940260887 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:54.061111927 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:54.432651043 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:50:54.434648991 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:50:54.554580927 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:04.393476009 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:04.513453960 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:04.824542046 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:04.826642990 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:04.946604013 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.221585989 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:09.342710018 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.342765093 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:09.462738991 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.654756069 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.662559986 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:09.784044027 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.864172935 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.873574972 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:09.993577003 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:09.993709087 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:10.029622078 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.084438086 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:10.159301043 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.159780979 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:10.283030033 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.299587965 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:10.422911882 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.454591990 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.456609011 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:10.623243093 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.738646984 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:10.741862059 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:10.862967014 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:14.628017902 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:14.749706030 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:15.060900927 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:15.063564062 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:15.185477972 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:19.362354040 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:19.482431889 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:19.793421984 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:19.795772076 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:19.915739059 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:21.812969923 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:21.861897945 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:24.628106117 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:24.748174906 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:24.748219967 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:24.870014906 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:24.870064974 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:24.990076065 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:24.990124941 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.073709011 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.073769093 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.110336065 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.110384941 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.193862915 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.193923950 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.200548887 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.252533913 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.287471056 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.287528038 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.314271927 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.320838928 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.361907959 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.441030979 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.441273928 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.527460098 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.527595043 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.603379965 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.606525898 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.647975922 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.651282072 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.706423998 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.736397028 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.736604929 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:25.901729107 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:25.902699947 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:26.063349009 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:26.063473940 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:26.067337990 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:26.114423990 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:26.185471058 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:26.185995102 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:26.307019949 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:30.424870968 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:30.592077017 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:30.592124939 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:30.714508057 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:30.859539032 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:30.863516092 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:30.986489058 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:31.070000887 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:31.071572065 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:31.195219994 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:32.932578087 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:32.936491013 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.057879925 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.505510092 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.505587101 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.507221937 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.509773016 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.510077000 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.510142088 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.518239975 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.518361092 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.520591021 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.526582003 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.526681900 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.526967049 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.535011053 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.535075903 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.535223961 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.543363094 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.596545935 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.736560106 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.857671022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.857919931 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.877460003 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:33.998980045 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:33.999085903 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.122394085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.122771978 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.249007940 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.249174118 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.370102882 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.370529890 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.497217894 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.497284889 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.622158051 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.624520063 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.744421959 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.768810987 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:34.890717030 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:34.892364979 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.013097048 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.060270071 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.185095072 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.185175896 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.220639944 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.268290997 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.323266983 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.355336905 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.443353891 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.443424940 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.443451881 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.443491936 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.443501949 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.443677902 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.443686008 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.563520908 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.563585997 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.683705091 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.683836937 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.795360088 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.795589924 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.803982973 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.856471062 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.916018009 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.978002071 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.978037119 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.978074074 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:35.978234053 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.978390932 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.978602886 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:35.978884935 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.098438025 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.098567009 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.219702005 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.219877005 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.344882965 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.344969034 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.393651962 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.393728971 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.435051918 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.464927912 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.513659954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.513714075 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.555603027 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.555706978 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.555829048 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.555919886 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.555990934 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.556031942 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.633835077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.633903027 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.753902912 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.754005909 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.874100924 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.874147892 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.962445974 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:36.962503910 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:36.994384050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.037744045 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.086611986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.086776972 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.159179926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.159372091 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.159389973 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.208214998 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.208266973 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.331645966 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.334508896 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.460540056 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.464428902 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.584595919 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.585170984 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.620740891 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.626458883 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.746378899 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.747917891 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.928282022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:37.957117081 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:37.997574091 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.078905106 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.117868900 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.117958069 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.117985010 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.118309021 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.131684065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.131704092 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.154722929 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.154747009 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.154756069 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.161066055 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.161079884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.161091089 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.174186945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.199069023 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.199084044 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.220670938 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.220680952 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.222790956 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.222886086 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.237868071 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.237880945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.237891912 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.237931967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.237978935 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238018990 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238071918 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238107920 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238225937 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238261938 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238338947 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238348007 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.238449097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.251913071 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.251924992 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.251935959 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.251954079 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.251993895 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.274694920 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.274749041 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.274764061 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.281024933 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.281035900 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.281392097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.294210911 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.319118977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.321394920 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.441334009 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.441409111 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.562885046 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.562931061 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.688616037 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.688663960 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.752477884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.815553904 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:38.815602064 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.930002928 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.930075884 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:38.936449051 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050225019 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050259113 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050376892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050386906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050491095 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050501108 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050545931 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050606012 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050721884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050730944 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050829887 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050837994 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050911903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.050920963 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051012039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051058054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051197052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051206112 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051282883 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051343918 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051429033 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051485062 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051521063 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051531076 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051604986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051656961 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051686049 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051728010 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051817894 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051826000 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.051856041 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.056382895 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.056391954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.056442976 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.056524038 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177068949 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177079916 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177150011 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177220106 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177284002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177293062 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177333117 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177373886 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177407980 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177459002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177510977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177520037 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177560091 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177647114 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177654982 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177700043 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177824020 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177833080 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.177953005 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:39.304708004 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.304770947 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:39.430016994 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.430259943 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:39.528460026 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.534450054 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:39.550973892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.656752110 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.656893969 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:39.656963110 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:39.780982018 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.780994892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781004906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781040907 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781172991 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781219959 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781339884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781395912 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781465054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781533957 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781701088 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781749010 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.781956911 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782016039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782198906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782207966 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782304049 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782320023 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782416105 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782424927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782510042 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782519102 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782610893 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782629013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782711983 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782721996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782854080 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782864094 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.782988071 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783036947 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783222914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783273935 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783282042 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783416033 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783504963 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783668041 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.783684969 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.852840900 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.852972031 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.907998085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.908006907 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.908278942 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.908341885 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.908550978 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.908607960 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909018993 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909146070 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909390926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909408092 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909609079 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909686089 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909779072 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.909904957 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:39.910584927 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.033090115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.034305096 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.154366016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.154483080 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.243014097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.243128061 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.276302099 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.363568068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.382448912 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.502660990 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.604633093 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.727266073 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:40.835088015 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.892829895 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.909502983 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:40.957588911 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.018800020 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.018810987 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.018841982 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.018851042 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.018888950 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019115925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019124985 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019299984 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019308090 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019352913 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019439936 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019505978 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019556999 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019632101 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019639969 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019750118 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019759893 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019850016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019889116 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019982100 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.019990921 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020131111 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020143986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020231009 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020240068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020315886 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020324945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020435095 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020445108 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020519018 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020565987 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020605087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020613909 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020682096 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020700932 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020796061 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020804882 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020853996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020863056 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020901918 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020945072 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.020999908 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.021008968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.021043062 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.021132946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.021142006 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.084088087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.084099054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.098881960 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.098936081 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.145703077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.145768881 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.145967960 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.146019936 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.147084951 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.147413969 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.273190022 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.273516893 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.273561001 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.395509005 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.395553112 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.456527948 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.460526943 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.465043068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.515510082 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.515631914 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.582175016 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.635992050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.636111021 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.637890100 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.666901112 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.668482065 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.756185055 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.757936001 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.757946014 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758074045 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758102894 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758302927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758316040 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758363962 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758373022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758466005 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758526087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758604050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758620977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758780956 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758789062 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758892059 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.758899927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759047031 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759054899 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759183884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759299994 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759347916 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759356976 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759572029 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759581089 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759685040 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759701014 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759800911 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759855032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759917974 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.759926081 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760035992 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760045052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760087967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760138988 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760183096 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760287046 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760294914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760303020 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760371923 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760389090 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760515928 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760524035 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760565996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760581017 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760675907 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760684013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760782957 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760791063 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760880947 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760889053 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760977983 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.760984898 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.761025906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.761132956 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.788475990 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.792707920 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.794146061 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.881241083 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.881330967 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:41.955450058 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:41.956569910 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.001324892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.001427889 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.076726913 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.121344090 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.126575947 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.188576937 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.246635914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.246927977 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.336649895 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.336730957 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.366848946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.456923008 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.456933975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457009077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457016945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457062006 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457098961 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457117081 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457159996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457257986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457293034 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457365036 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457375050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457436085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457479000 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457571030 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457628012 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457690954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457701921 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457743883 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457834005 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457842112 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457880020 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457940102 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.457950115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458019018 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458055973 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458106041 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458143950 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458184958 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458234072 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458295107 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458332062 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458380938 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458442926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458520889 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458565950 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458630085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458638906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458683968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458731890 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458770037 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.458858013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459002972 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459229946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459238052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459244967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459253073 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459259987 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459268093 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459275961 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459285021 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459356070 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459364891 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.459438086 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.579875946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.579947948 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.700150967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.700697899 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.820681095 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.820724010 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:42.889349937 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.940745115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:42.940850019 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.060992002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.061074972 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.081788063 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.182574987 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204086065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204154968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204199076 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204241037 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204296112 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204354048 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204385996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204408884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204485893 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204557896 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204617977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204725027 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204736948 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204766035 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204853058 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204866886 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204920053 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.204957962 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205050945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205061913 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205197096 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205212116 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205280066 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205331087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205425024 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205471039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205569029 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205667973 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205723047 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.205734968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206301928 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206315041 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206326008 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206336975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206347942 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206360102 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206371069 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206382036 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206393003 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206403017 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206413984 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206444979 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206456900 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206468105 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206490993 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206501961 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206557989 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206569910 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206670046 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206681013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206695080 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206758022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206806898 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.206913948 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.328252077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.328303099 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.448286057 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.448579073 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.569689989 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.572660923 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.634994030 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.693536997 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.693682909 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.765374899 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.765446901 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:43.814179897 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885488987 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885525942 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885596037 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885620117 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885756016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885767937 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885808945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885848045 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885979891 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.885992050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886027098 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886111975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886262894 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886275053 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886368036 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886380911 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886491060 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886502028 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886590004 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886601925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886646032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886672020 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886744022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886754990 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886858940 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886871099 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886914968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.886925936 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887015104 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887026072 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887140989 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887227058 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887239933 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887264013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887348890 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887361050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887470961 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887481928 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887521982 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887588978 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887626886 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887676954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887713909 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887726068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887774944 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887798071 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887891054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887902021 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887937069 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.887955904 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.888081074 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.888093948 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.888104916 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:43.888242960 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.008282900 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.010540962 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.133464098 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.134515047 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.255235910 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.255302906 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.331864119 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.331990957 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.376235008 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.451982975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.452033997 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.465591908 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.572036028 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.585747004 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.585815907 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.585899115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.585994959 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586045980 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586134911 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586193085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586246967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586374044 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586385965 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586534977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586574078 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586729050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586740971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586796999 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586808920 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.586955070 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587003946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587124109 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587136030 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587280989 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587291956 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587349892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587467909 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587549925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587560892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587618113 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587656975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587769985 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587780952 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587822914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587913036 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587924957 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.587969065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588037968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588076115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588170052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588202953 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588289022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588300943 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588365078 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588376999 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588510990 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588635921 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588690996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588802099 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588926077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.588937044 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.589044094 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.709018946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.709080935 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.830176115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.830250978 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:44.950294971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:44.950501919 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.015607119 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.065088987 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.070542097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.070585012 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.162864923 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.162950039 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.190766096 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.283983946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284070015 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284188986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284243107 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284256935 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284354925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284378052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284476042 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284595966 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284607887 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284703016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284714937 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284784079 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284888983 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284900904 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.284931898 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285017014 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285104036 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285115957 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285211086 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285259008 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285325050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285336971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285433054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.285445929 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.286354065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.286443949 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.406455994 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.406517029 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.526452065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.530524015 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.651670933 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.654665947 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.768552065 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.775582075 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.776082039 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.888489008 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.896125078 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:45.896245003 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:45.906409979 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.063271046 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.063368082 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.069715977 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.183955908 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.190802097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.190851927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.191302061 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.191344976 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.191843033 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.191929102 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.192006111 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.192619085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.192744017 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.193228960 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.193240881 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.193785906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.193890095 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194322109 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194386959 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194641113 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194675922 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194731951 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194809914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194915056 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.194989920 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.195050955 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.195137024 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.195204020 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.195358992 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.195374012 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.198462009 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.210377932 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.214457989 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.319255114 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.319477081 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.335558891 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.440210104 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.440258026 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.561012030 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.561065912 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.618366957 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.681082010 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.681137085 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.772702932 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.772773027 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:46.801245928 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.893635988 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.893647909 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.893656015 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.893666029 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.893821001 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.893927097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894032955 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894083023 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894265890 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894411087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894551039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894705057 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894762993 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894864082 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.894979954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895035982 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895190001 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895296097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895394087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895525932 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895595074 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895723104 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895730972 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895780087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895860910 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.895942926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:46.898463011 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.003489971 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.019128084 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.019175053 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.123720884 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.139107943 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.139163017 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.259149075 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.259201050 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.326597929 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.379090071 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.379132986 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.435009003 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.442461967 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.473452091 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.473531008 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.499099016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.563199997 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598443031 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598558903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598603964 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598654985 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598804951 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598870039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.598985910 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599081039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599186897 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599281073 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599380016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599447012 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599520922 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.599694967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600007057 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600023985 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600131035 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600260019 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600301981 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600436926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600480080 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600579023 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600626945 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600774050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600835085 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.600984097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.602529049 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.726227045 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.726320982 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.846328974 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.846421957 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:47.966356039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:47.966449976 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.032349110 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.034603119 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.089745998 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.154614925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.158550024 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.177186966 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.278996944 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297452927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297560930 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297604084 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297734022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297789097 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297909021 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.297966003 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298091888 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298167944 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298279047 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298332930 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298434019 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298544884 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298609972 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298801899 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.298913002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299005032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299068928 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299174070 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299247026 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299304962 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299549103 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299559116 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299566984 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.299668074 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.420128107 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.422516108 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.543086052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.543162107 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.663588047 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.663722038 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.725522995 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.725581884 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.783881903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.784003973 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.904068947 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:48.906496048 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:48.918735027 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.033451080 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039349079 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039478064 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039583921 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039632082 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039725065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039841890 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039899111 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.039985895 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040111065 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040287971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040296078 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040343046 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040385962 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040477991 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040524006 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040610075 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040816069 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040879011 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040982962 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.040998936 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.041054964 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.041143894 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.041196108 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.041292906 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.161431074 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.161506891 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.281914949 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.282021999 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.404673100 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.430464029 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.469192028 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.550823927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.568252087 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.694462061 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.814692974 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:49.900716066 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:49.956918955 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.021167040 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.077877998 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.077946901 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078036070 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078175068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078254938 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078310013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078372002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078414917 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078461885 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078511953 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078557014 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078635931 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078680992 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078792095 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078829050 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078898907 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.078967094 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079037905 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079133034 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079293013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079349995 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079471111 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079617977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079725027 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079790115 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.079883099 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.080018997 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.080141068 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.200318098 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.200432062 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.320410013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.320525885 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.440728903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.440778017 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.506184101 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.560940981 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.560985088 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.679646969 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.679728985 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.681005001 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800059080 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800153971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800198078 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800319910 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800474882 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800496101 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800668955 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800729036 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.800915956 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801047087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801167011 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801211119 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801326990 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801420927 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801507950 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801635027 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801770926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801944017 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.801996946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802140951 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802206039 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802376032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802448988 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802555084 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802604914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802725077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802742958 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.802831888 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:50.922831059 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:50.922883034 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.042891979 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.042943001 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.163419008 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.163464069 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.206075907 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.232773066 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.283380032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.283427954 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.326559067 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.403544903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.403589964 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.428894043 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.523682117 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.549217939 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.549313068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.549374104 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.549505949 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.549693108 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.549702883 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550065041 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550206900 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550373077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550571918 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550641060 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550667048 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550815105 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550911903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.550962925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551023006 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551090002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551165104 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551239967 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551328897 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551487923 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551597118 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551604986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.551718950 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.552114964 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.636877060 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.638402939 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.672698975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.672816038 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.764060020 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.798996925 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.799237013 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.850816965 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.920365095 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:51.920598030 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.941088915 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:51.978877068 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.041100025 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.042634964 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.162992954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.170469046 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.176079988 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.290694952 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.297512054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.297555923 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.298518896 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.298962116 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.299704075 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.299782038 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.299864054 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.300292015 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.300301075 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.302738905 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.303653002 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304352045 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304361105 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304368973 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304377079 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304384947 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304862022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.304871082 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.305495977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.305665970 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.306179047 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.306186914 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.307307959 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.307323933 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.307482958 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.308448076 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.508363962 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.630075932 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.630146027 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.723310947 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.750431061 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.839767933 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.959788084 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:52.959861994 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:52.984147072 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.080557108 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.105402946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.105494022 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.105712891 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.105813980 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106062889 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106072903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106317043 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106354952 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106442928 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106615067 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106822014 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106868029 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.106967926 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107060909 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107081890 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107172012 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107228994 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107361078 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107368946 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107563019 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107570887 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107625961 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107769966 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.107856989 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.228008986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.228054047 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.348057985 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.348095894 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.468278885 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.468394995 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.532896996 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.588320971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.588417053 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.656517982 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.656586885 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.656586885 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.708626986 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.776817083 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777009964 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777019024 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777026892 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777154922 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777235985 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777292013 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777384043 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777471066 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777519941 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777529955 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777672052 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777714968 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777800083 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777900934 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.777961016 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778048992 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778110981 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778230906 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778306007 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778361082 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778476954 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778527975 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778589964 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778691053 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778707981 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778716087 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.778821945 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:53.899111032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:53.899220943 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.019201040 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.019387960 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.140527010 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.140853882 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.208741903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.262171984 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.262283087 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.333321095 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.382392883 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.453830004 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.453840971 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.453849077 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.453860044 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454123974 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454176903 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454339981 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454647064 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454758883 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454871893 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.454977989 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455027103 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455127001 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455204010 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455255032 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455306053 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455445051 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455485106 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455600977 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455652952 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455703974 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455801010 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455873966 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.455966949 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.456034899 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.456166029 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.456298113 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.576417923 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.576467037 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.696934938 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.696984053 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.818171024 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.818226099 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:54.835154057 CET700049822179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:54.837177992 CET498227000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:56.565857887 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:56.685826063 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:56.685868979 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:56.807171106 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:56.996773005 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:56.999542952 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:57.119756937 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:57.207114935 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:51:57.209270000 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:51:57.330082893 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:52:21.838589907 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:52:21.893279076 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:52:32.276911020 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:52:32.401437044 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:52:32.711224079 CET700049730179.43.171.209192.168.2.4
                    Nov 30, 2024 16:52:32.752695084 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:52:32.819768906 CET497307000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:02.315644026 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:02.435962915 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:02.436054945 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:02.516680956 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:02.636619091 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:17.177335024 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:17.297744036 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:17.594429970 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:17.613504887 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:17.735054016 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:21.847240925 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:21.893419027 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:31.847031116 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:32.159068108 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:32.471577883 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:32.711682081 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:32.711745977 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:32.711774111 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:33.003664017 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:33.049820900 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:33.053965092 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:33.173935890 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:46.518778086 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:46.639273882 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:46.931469917 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:46.933156967 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:53:47.053333044 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:51.857063055 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:53:51.909118891 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:54:01.191049099 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:54:01.312175989 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:54:01.603960037 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:54:01.606203079 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:54:01.727617979 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:54:02.831372976 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:54:02.951658010 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:54:03.244082928 CET700050015179.43.171.209192.168.2.4
                    Nov 30, 2024 16:54:03.244858980 CET500157000192.168.2.4179.43.171.209
                    Nov 30, 2024 16:54:03.364990950 CET700050015179.43.171.209192.168.2.4

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:10:49:53
                    Start date:30/11/2024
                    Path:C:\Users\user\Desktop\file.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Users\user\Desktop\file.exe"
                    Imagebase:0x1f0000
                    File size:52'736 bytes
                    MD5 hash:EFD5937F50C21B5CE660D67F3F995821
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1654527369.00000000001F8000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.3233150482.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:1
                    Start time:10:49:55
                    Start date:30/11/2024
                    Path:C:\Windows\System32\schtasks.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
                    Imagebase:0x7ff76f990000
                    File size:235'008 bytes
                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:2
                    Start time:10:49:55
                    Start date:30/11/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:3
                    Start time:10:49:56
                    Start date:30/11/2024
                    Path:C:\Users\user\AppData\Roaming\github.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Users\user\AppData\Roaming\github.exe
                    Imagebase:0x760000
                    File size:52'736 bytes
                    MD5 hash:EFD5937F50C21B5CE660D67F3F995821
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\github.exe, Author: Joe Security
                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\github.exe, Author: ditekSHen
                    Antivirus matches:
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 55%, ReversingLabs
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:4
                    Start time:10:50:01
                    Start date:30/11/2024
                    Path:C:\Users\user\AppData\Roaming\github.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Users\user\AppData\Roaming\github.exe
                    Imagebase:0x7a0000
                    File size:52'736 bytes
                    MD5 hash:EFD5937F50C21B5CE660D67F3F995821
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:8
                    Start time:10:51:00
                    Start date:30/11/2024
                    Path:C:\Users\user\AppData\Roaming\github.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Users\user\AppData\Roaming\github.exe
                    Imagebase:0xa50000
                    File size:52'736 bytes
                    MD5 hash:EFD5937F50C21B5CE660D67F3F995821
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:12
                    Start time:10:51:59
                    Start date:30/11/2024
                    Path:C:\Windows\System32\WerFault.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\WerFault.exe -u -p 4464 -s 1548
                    Imagebase:0x7ff6a45c0000
                    File size:570'736 bytes
                    MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:13
                    Start time:10:52:00
                    Start date:30/11/2024
                    Path:C:\Users\user\AppData\Roaming\github.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Users\user\AppData\Roaming\github.exe
                    Imagebase:0x6d0000
                    File size:52'736 bytes
                    MD5 hash:EFD5937F50C21B5CE660D67F3F995821
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:15
                    Start time:10:53:00
                    Start date:30/11/2024
                    Path:C:\Users\user\AppData\Roaming\github.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Users\user\AppData\Roaming\github.exe
                    Imagebase:0x260000
                    File size:52'736 bytes
                    MD5 hash:EFD5937F50C21B5CE660D67F3F995821
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000F.00000002.4134757107.0000000002571000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:16
                    Start time:10:53:01
                    Start date:30/11/2024
                    Path:C:\Windows\System32\schtasks.exe
                    Wow64 process (32bit):false
                    Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
                    Imagebase:0x7ff76f990000
                    File size:235'008 bytes
                    MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:17
                    Start time:10:53:01
                    Start date:30/11/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:21.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:47.6%
                      Total number of Nodes:21
                      Total number of Limit Nodes:0
                      execution_graph 6601 7ffd9b8b11da 6604 7ffd9b8b11df 6601->6604 6602 7ffd9b8b179b VirtualProtect 6603 7ffd9b8b17e1 6602->6603 6604->6602 6605 7ffd9b8b1679 6604->6605 6596 7ffd9b8b1814 6597 7ffd9b8b181d 6596->6597 6598 7ffd9b8b17ce VirtualProtect 6597->6598 6600 7ffd9b8b183b 6597->6600 6599 7ffd9b8b17e1 6598->6599 6583 7ffd9b8b2cb1 6584 7ffd9b8b2cdf 6583->6584 6587 7ffd9b8b11c8 6584->6587 6586 7ffd9b8b2cf8 6590 7ffd9b8b11d1 6587->6590 6588 7ffd9b8b179b VirtualProtect 6589 7ffd9b8b17e1 6588->6589 6589->6586 6590->6588 6591 7ffd9b8b1105 6590->6591 6591->6586 6592 7ffd9b8b0de2 6593 7ffd9b8b1740 VirtualProtect 6592->6593 6595 7ffd9b8b17e1 6593->6595

                      Executed Functions

                      Function 00007FFD9B8B11DA Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 681memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 7ffd9b8b11da-7ffd9b8b122d 5 7ffd9b8b1246 0->5 6 7ffd9b8b122f-7ffd9b8b1233 0->6 7 7ffd9b8b1248-7ffd9b8b134c call 7ffd9b8b0dd8 * 2 5->7 8 7ffd9b8b1239-7ffd9b8b1244 6->8 9 7ffd9b8b1714-7ffd9b8b1729 6->9 33 7ffd9b8b134e-7ffd9b8b1367 7->33 34 7ffd9b8b1373-7ffd9b8b137d 7->34 8->7 13 7ffd9b8b172b-7ffd9b8b1732 9->13 14 7ffd9b8b1733-7ffd9b8b17df VirtualProtect 9->14 13->14 21 7ffd9b8b17e7-7ffd9b8b180f 14->21 22 7ffd9b8b17e1 14->22 22->21 35 7ffd9b8b1369-7ffd9b8b136b 33->35 36 7ffd9b8b13be-7ffd9b8b13c1 33->36 37 7ffd9b8b145c-7ffd9b8b14a2 34->37 40 7ffd9b8b136d-7ffd9b8b1371 35->40 41 7ffd9b8b1382-7ffd9b8b1383 35->41 38 7ffd9b8b13cc-7ffd9b8b13db 36->38 39 7ffd9b8b13c3-7ffd9b8b13c5 36->39 58 7ffd9b8b1547-7ffd9b8b15a6 37->58 59 7ffd9b8b14a8-7ffd9b8b150b 37->59 45 7ffd9b8b144e-7ffd9b8b1456 38->45 43 7ffd9b8b13c7-7ffd9b8b13ca 39->43 44 7ffd9b8b13dd 39->44 46 7ffd9b8b1386-7ffd9b8b1394 40->46 41->46 47 7ffd9b8b13e0-7ffd9b8b13f8 43->47 44->47 45->37 48 7ffd9b8b1512-7ffd9b8b1524 45->48 50 7ffd9b8b1396-7ffd9b8b1399 46->50 51 7ffd9b8b139b-7ffd9b8b139c 46->51 52 7ffd9b8b1538-7ffd9b8b1542 47->52 53 7ffd9b8b13fe-7ffd9b8b1448 47->53 48->33 55 7ffd9b8b139f-7ffd9b8b13b9 50->55 51->55 52->45 53->45 56 7ffd9b8b1529-7ffd9b8b1533 53->56 55->45 56->53 58->58 60 7ffd9b8b15a8-7ffd9b8b164d 58->60 59->59 61 7ffd9b8b150d 59->61 62 7ffd9b8b1659-7ffd9b8b1677 call 7ffd9b8b0dd8 60->62 63 7ffd9b8b164f 60->63 61->60 66 7ffd9b8b1695-7ffd9b8b1699 62->66 67 7ffd9b8b1679-7ffd9b8b1694 call 7ffd9b8b0de8 62->67 63->62 69 7ffd9b8b16e6-7ffd9b8b1701 66->69 70 7ffd9b8b169b-7ffd9b8b16a3 69->70 71 7ffd9b8b1703-7ffd9b8b1713 69->71 70->9 73 7ffd9b8b16a5-7ffd9b8b16e4 70->73 73->69
                      APIs
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID: @
                      • API String ID: 544645111-2766056989
                      • Opcode ID: ed0782c267b4d63cc8109a7907f9c96f7bbc43c0725518b759a59973a12f6db1
                      • Instruction ID: a3078a36b28dd84fb6df66f9e041c26a2198b19d995975570af1a129cf49e829
                      • Opcode Fuzzy Hash: ed0782c267b4d63cc8109a7907f9c96f7bbc43c0725518b759a59973a12f6db1
                      • Instruction Fuzzy Hash: 9022EF31A28B4A8FD71CDF58C4919B5B7E1FF99300F15427EE09A87692DB34B852CB81
                      Function 00007FFD9B8BB2F9 Relevance: 2.4, Strings: 1, Instructions: 1170COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 115 7ffd9b8bb2f9-7ffd9b8bb333 117 7ffd9b8bb335-7ffd9b8bb340 call 7ffd9b8b0f58 115->117 118 7ffd9b8bb37d 115->118 122 7ffd9b8bb345-7ffd9b8bb375 call 7ffd9b8b2760 117->122 120 7ffd9b8bb38f-7ffd9b8bb394 118->120 121 7ffd9b8bb37f-7ffd9b8bb38b 118->121 123 7ffd9b8bb396-7ffd9b8bb3e6 call 7ffd9b8ba270 120->123 124 7ffd9b8bb3f0-7ffd9b8bb405 120->124 121->120 135 7ffd9b8bb377-7ffd9b8bb37c 122->135 136 7ffd9b8bb3eb 122->136 149 7ffd9b8bbfa0-7ffd9b8bbfae 123->149 129 7ffd9b8bb407-7ffd9b8bb419 call 7ffd9b8b0f68 124->129 130 7ffd9b8bb41e-7ffd9b8bb433 124->130 129->149 139 7ffd9b8bb466-7ffd9b8bb47b 130->139 140 7ffd9b8bb435-7ffd9b8bb461 130->140 135->118 136->124 146 7ffd9b8bb48e-7ffd9b8bb4a3 139->146 147 7ffd9b8bb47d-7ffd9b8bb489 call 7ffd9b8b8c10 139->147 140->149 154 7ffd9b8bb4a5-7ffd9b8bb4a8 146->154 155 7ffd9b8bb4e9-7ffd9b8bb4fe 146->155 147->149 154->136 157 7ffd9b8bb4ae-7ffd9b8bb4b9 154->157 160 7ffd9b8bb500-7ffd9b8bb503 155->160 161 7ffd9b8bb53f-7ffd9b8bb554 155->161 157->136 159 7ffd9b8bb4bf-7ffd9b8bb4e4 call 7ffd9b8b0f40 call 7ffd9b8b8c10 157->159 159->149 160->136 162 7ffd9b8bb509-7ffd9b8bb514 160->162 168 7ffd9b8bb556-7ffd9b8bb559 161->168 169 7ffd9b8bb581-7ffd9b8bb596 161->169 162->136 164 7ffd9b8bb51a-7ffd9b8bb53a call 7ffd9b8b0f40 call 7ffd9b8b2ee8 162->164 164->149 168->136 172 7ffd9b8bb55f-7ffd9b8bb57c call 7ffd9b8b0f40 call 7ffd9b8b2ef0 168->172 178 7ffd9b8bb59c-7ffd9b8bb5fc call 7ffd9b8b0ec8 169->178 179 7ffd9b8bb682-7ffd9b8bb697 169->179 172->149 178->136 218 7ffd9b8bb602-7ffd9b8bb63a call 7ffd9b8b8c20 178->218 187 7ffd9b8bb6b6-7ffd9b8bb6cb 179->187 188 7ffd9b8bb699-7ffd9b8bb69c 179->188 194 7ffd9b8bb6ed-7ffd9b8bb702 187->194 195 7ffd9b8bb6cd-7ffd9b8bb6d0 187->195 188->136 191 7ffd9b8bb6a2-7ffd9b8bb6b1 call 7ffd9b8b2ec8 188->191 191->149 204 7ffd9b8bb704-7ffd9b8bb71d 194->204 205 7ffd9b8bb722-7ffd9b8bb737 194->205 195->136 199 7ffd9b8bb6d6-7ffd9b8bb6e8 call 7ffd9b8b2ec8 195->199 199->149 204->149 209 7ffd9b8bb757-7ffd9b8bb76c 205->209 210 7ffd9b8bb739-7ffd9b8bb752 205->210 215 7ffd9b8bb78c-7ffd9b8bb7a1 209->215 216 7ffd9b8bb76e-7ffd9b8bb787 209->216 210->149 222 7ffd9b8bb7ca-7ffd9b8bb7df 215->222 223 7ffd9b8bb7a3-7ffd9b8bb7a6 215->223 216->149 218->136 235 7ffd9b8bb640-7ffd9b8bb67d call 7ffd9b8b8c30 218->235 227 7ffd9b8bb7e5-7ffd9b8bb85d 222->227 228 7ffd9b8bb87f-7ffd9b8bb894 222->228 223->136 224 7ffd9b8bb7ac-7ffd9b8bb7c5 223->224 224->149 227->136 264 7ffd9b8bb863-7ffd9b8bb87a 227->264 236 7ffd9b8bb896-7ffd9b8bb8a7 228->236 237 7ffd9b8bb8ac-7ffd9b8bb8c1 228->237 235->149 236->149 246 7ffd9b8bb8c7-7ffd9b8bb93f 237->246 247 7ffd9b8bb961-7ffd9b8bb976 237->247 246->136 278 7ffd9b8bb945-7ffd9b8bb95c 246->278 253 7ffd9b8bb978-7ffd9b8bb989 247->253 254 7ffd9b8bb98e-7ffd9b8bb9a3 247->254 253->149 262 7ffd9b8bb9d5-7ffd9b8bb9ea 254->262 263 7ffd9b8bb9a5-7ffd9b8bb9d0 call 7ffd9b8b1a60 call 7ffd9b8ba270 254->263 271 7ffd9b8bbac7-7ffd9b8bbadc 262->271 272 7ffd9b8bb9f0-7ffd9b8bbac2 call 7ffd9b8b1a60 call 7ffd9b8ba270 262->272 263->149 264->149 280 7ffd9b8bbba3-7ffd9b8bbbb8 271->280 281 7ffd9b8bbae2-7ffd9b8bbae5 271->281 272->149 278->149 290 7ffd9b8bbbcc-7ffd9b8bbbe1 280->290 291 7ffd9b8bbbba-7ffd9b8bbbc7 call 7ffd9b8ba270 280->291 283 7ffd9b8bbb98-7ffd9b8bbb9d 281->283 284 7ffd9b8bbaeb-7ffd9b8bbaf6 281->284 294 7ffd9b8bbb9e 283->294 284->283 285 7ffd9b8bbafc-7ffd9b8bbb96 call 7ffd9b8b1a60 call 7ffd9b8ba270 284->285 285->294 299 7ffd9b8bbc58-7ffd9b8bbc6d 290->299 300 7ffd9b8bbbe3-7ffd9b8bbbf4 290->300 291->149 294->149 308 7ffd9b8bbc6f-7ffd9b8bbc72 299->308 309 7ffd9b8bbcad-7ffd9b8bbcc2 299->309 300->136 306 7ffd9b8bbbfa-7ffd9b8bbc02 call 7ffd9b8b0f38 300->306 315 7ffd9b8bbc07-7ffd9b8bbc0a 306->315 308->136 312 7ffd9b8bbc78-7ffd9b8bbca3 call 7ffd9b8b0f30 call 7ffd9b8b0f40 call 7ffd9b8b2ea0 308->312 317 7ffd9b8bbcfe-7ffd9b8bbd13 309->317 318 7ffd9b8bbcc4-7ffd9b8bbcf9 call 7ffd9b8b9f00 call 7ffd9b8b3eb0 call 7ffd9b8b2ea8 309->318 352 7ffd9b8bbca8 312->352 319 7ffd9b8bbc36-7ffd9b8bbc53 call 7ffd9b8b0f38 call 7ffd9b8b0f40 call 7ffd9b8b2ea0 315->319 320 7ffd9b8bbc0c-7ffd9b8bbc31 call 7ffd9b8ba270 315->320 334 7ffd9b8bbd27-7ffd9b8bbd3c 317->334 335 7ffd9b8bbd15-7ffd9b8bbd22 call 7ffd9b8b2eb0 317->335 318->149 319->149 320->149 334->149 355 7ffd9b8bbd42-7ffd9b8bbd49 334->355 335->149 352->149 358 7ffd9b8bbd5c-7ffd9b8bbe76 call 7ffd9b8b8c50 call 7ffd9b8b8c60 call 7ffd9b8b8c70 call 7ffd9b8b8c80 call 7ffd9b8b2be8 call 7ffd9b8b8c90 call 7ffd9b8b8c60 call 7ffd9b8b8c70 355->358 359 7ffd9b8bbd4b-7ffd9b8bbd55 call 7ffd9b8b8c40 355->359 395 7ffd9b8bbe78-7ffd9b8bbe7c 358->395 396 7ffd9b8bbee7-7ffd9b8bbef6 358->396 359->358 397 7ffd9b8bbe7e-7ffd9b8bbedd call 7ffd9b8b8ca0 call 7ffd9b8b8cb0 395->397 398 7ffd9b8bbefd-7ffd9b8bbf9f call 7ffd9b8b1a60 call 7ffd9b8b0f48 call 7ffd9b8ba270 395->398 396->398 397->396 398->149
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 0803e71e6ccbcb560bce6677cb3ffce9933944d2adb4aa6a9e0349257842935e
                      • Instruction ID: ac652ff03439fd8c903356c02dc90d8823c7ff365cc0bf852fdca6e95983416f
                      • Opcode Fuzzy Hash: 0803e71e6ccbcb560bce6677cb3ffce9933944d2adb4aa6a9e0349257842935e
                      • Instruction Fuzzy Hash: 86829320F1D91E4BEBA8EB788465A7976D2EF9C300F514579D01EC32D7DE28E9428B81
                      Function 00007FFD9B8B0F28 Relevance: 2.1, Strings: 1, Instructions: 869COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 424 7ffd9b8b0f28-7ffd9b8b1c4f 432 7ffd9b8b1c58-7ffd9b8b1c5c 424->432 433 7ffd9b8b1c51-7ffd9b8b1c56 424->433 434 7ffd9b8b1c5f-7ffd9b8b1c79 432->434 433->434 436 7ffd9b8b1c7b-7ffd9b8b1cad 434->436 437 7ffd9b8b1cb3-7ffd9b8b1cf9 434->437 444 7ffd9b8b1cfa-7ffd9b8b1d40 436->444 445 7ffd9b8b1caf-7ffd9b8b1cb1 436->445 450 7ffd9b8b1d46-7ffd9b8b1e75 call 7ffd9b8b0e50 * 8 call 7ffd9b8b0f60 444->450 451 7ffd9b8b248a-7ffd9b8b24d1 444->451 445->436 445->437 492 7ffd9b8b1e77 450->492 493 7ffd9b8b1e7e-7ffd9b8b1eea call 7ffd9b8b0368 call 7ffd9b8b0378 450->493 492->493 503 7ffd9b8b1eec-7ffd9b8b1ef6 493->503 504 7ffd9b8b1efd-7ffd9b8b1f0d 493->504 503->504 507 7ffd9b8b1f35-7ffd9b8b1f55 504->507 508 7ffd9b8b1f0f-7ffd9b8b1f2e call 7ffd9b8b0368 504->508 514 7ffd9b8b1f57-7ffd9b8b1f61 call 7ffd9b8b0388 507->514 515 7ffd9b8b1f66-7ffd9b8b1fca call 7ffd9b8b10a0 507->515 508->507 514->515 525 7ffd9b8b206a-7ffd9b8b20f8 515->525 526 7ffd9b8b1fd0-7ffd9b8b2065 515->526 546 7ffd9b8b20ff-7ffd9b8b21d4 call 7ffd9b8b1118 525->546 526->546 560 7ffd9b8b21d6-7ffd9b8b2209 546->560 561 7ffd9b8b2222-7ffd9b8b2255 546->561 560->561 568 7ffd9b8b220b-7ffd9b8b2218 560->568 572 7ffd9b8b2257-7ffd9b8b2278 561->572 573 7ffd9b8b227a-7ffd9b8b22aa 561->573 568->561 571 7ffd9b8b221a-7ffd9b8b2220 568->571 571->561 575 7ffd9b8b22b2-7ffd9b8b22e9 572->575 573->575 581 7ffd9b8b22eb-7ffd9b8b230c 575->581 582 7ffd9b8b230e-7ffd9b8b233e 575->582 583 7ffd9b8b2346-7ffd9b8b246a call 7ffd9b8b0398 call 7ffd9b8b0f00 581->583 582->583 604 7ffd9b8b2471-7ffd9b8b2489 583->604
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: 3AL_^
                      • API String ID: 0-1122132868
                      • Opcode ID: f7ff7e4a1845a87ef4884e828404fff337b2b0e0afe7f10642e38da66a3ffbbe
                      • Instruction ID: 2bbb1e78390a2fc050306b23efaafbed66b14b1b82825ad869f028cb5746b4b4
                      • Opcode Fuzzy Hash: f7ff7e4a1845a87ef4884e828404fff337b2b0e0afe7f10642e38da66a3ffbbe
                      • Instruction Fuzzy Hash: F542FB61B29A1D4BE758FB7C5865AB9BBD2FF9C300F444579E01EC32D6DE28A8018781
                      Function 00007FFD9B8B11C8 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 606 7ffd9b8b11c8-7ffd9b8b11d9 608 7ffd9b8b11db-7ffd9b8b122d 606->608 609 7ffd9b8b116e-7ffd9b8b117a 606->609 623 7ffd9b8b1246 608->623 624 7ffd9b8b122f-7ffd9b8b1233 608->624 613 7ffd9b8b1105-7ffd9b8bb2bb 609->613 614 7ffd9b8b117c-7ffd9b8b1187 609->614 620 7ffd9b8bb2c3-7ffd9b8bb2c9 613->620 621 7ffd9b8bb2be call 7ffd9b8b2e98 613->621 621->620 625 7ffd9b8b1248-7ffd9b8b1311 call 7ffd9b8b0dd8 623->625 626 7ffd9b8b1239-7ffd9b8b1244 624->626 627 7ffd9b8b1714-7ffd9b8b1729 624->627 646 7ffd9b8b1316-7ffd9b8b134c call 7ffd9b8b0dd8 625->646 626->625 631 7ffd9b8b172b-7ffd9b8b1732 627->631 632 7ffd9b8b1733-7ffd9b8b17df VirtualProtect 627->632 631->632 639 7ffd9b8b17e7-7ffd9b8b180f 632->639 640 7ffd9b8b17e1 632->640 640->639 651 7ffd9b8b134e-7ffd9b8b1367 646->651 652 7ffd9b8b1373-7ffd9b8b137d 646->652 653 7ffd9b8b1369-7ffd9b8b136b 651->653 654 7ffd9b8b13be-7ffd9b8b13c1 651->654 655 7ffd9b8b145c-7ffd9b8b14a2 652->655 658 7ffd9b8b136d-7ffd9b8b1371 653->658 659 7ffd9b8b1382-7ffd9b8b1383 653->659 656 7ffd9b8b13cc-7ffd9b8b13db 654->656 657 7ffd9b8b13c3-7ffd9b8b13c5 654->657 676 7ffd9b8b1547-7ffd9b8b15a6 655->676 677 7ffd9b8b14a8-7ffd9b8b150b 655->677 663 7ffd9b8b144e-7ffd9b8b1456 656->663 661 7ffd9b8b13c7-7ffd9b8b13ca 657->661 662 7ffd9b8b13dd 657->662 664 7ffd9b8b1386-7ffd9b8b1394 658->664 659->664 665 7ffd9b8b13e0-7ffd9b8b13f8 661->665 662->665 663->655 666 7ffd9b8b1512-7ffd9b8b1524 663->666 668 7ffd9b8b1396-7ffd9b8b1399 664->668 669 7ffd9b8b139b-7ffd9b8b139c 664->669 670 7ffd9b8b1538-7ffd9b8b1542 665->670 671 7ffd9b8b13fe-7ffd9b8b1448 665->671 666->651 673 7ffd9b8b139f-7ffd9b8b13b9 668->673 669->673 670->663 671->663 674 7ffd9b8b1529-7ffd9b8b1533 671->674 673->663 674->671 676->676 678 7ffd9b8b15a8-7ffd9b8b164d 676->678 677->677 679 7ffd9b8b150d 677->679 680 7ffd9b8b1659-7ffd9b8b1677 call 7ffd9b8b0dd8 678->680 681 7ffd9b8b164f 678->681 679->678 684 7ffd9b8b1695-7ffd9b8b1699 680->684 685 7ffd9b8b1679-7ffd9b8b1694 call 7ffd9b8b0de8 680->685 681->680 687 7ffd9b8b16e6-7ffd9b8b1701 684->687 688 7ffd9b8b169b-7ffd9b8b16a3 687->688 689 7ffd9b8b1703-7ffd9b8b1713 687->689 688->627 691 7ffd9b8b16a5-7ffd9b8b16e4 688->691 691->687
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: 9768b6116d1e8c292ff4c6cea10a4a0468151b0e1d09f71575cc26da15ff2c4a
                      • Instruction ID: d335d4f3ffcdd8d7a0da18cdbc016aecb54aa59157294cca9b190bfe31e5fe77
                      • Opcode Fuzzy Hash: 9768b6116d1e8c292ff4c6cea10a4a0468151b0e1d09f71575cc26da15ff2c4a
                      • Instruction Fuzzy Hash: 08D1C071A19B4A8FD35CDF68C4A1975B7E0FF58300F45027ED09A8B6A2DB34B951CB81
                      Function 00007FFD9B8BD015 Relevance: 1.5, Instructions: 1478COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 764 7ffd9b8bd015-7ffd9b8bd08c 774 7ffd9b8bd0ae-7ffd9b8bd3d5 764->774 775 7ffd9b8bd08e-7ffd9b8bd0ac 764->775 782 7ffd9b8bd3db-7ffd9b8bd405 774->782 783 7ffd9b8bde4d-7ffd9b8bde5b 774->783 775->774 786 7ffd9b8bd707-7ffd9b8bd70a 782->786 787 7ffd9b8bd40b-7ffd9b8bd426 782->787 788 7ffd9b8bde47-7ffd9b8bde4c 786->788 789 7ffd9b8bd710-7ffd9b8bd713 786->789 787->786 793 7ffd9b8bd42c-7ffd9b8bd485 787->793 788->783 789->782 790 7ffd9b8bd719 789->790 790->783 797 7ffd9b8bd48b-7ffd9b8bd4dc 793->797 798 7ffd9b8bd71e-7ffd9b8bd7f0 call 7ffd9b8b1a60 793->798 806 7ffd9b8bd7fc-7ffd9b8bd843 call 7ffd9b8b1a60 797->806 807 7ffd9b8bd4e2-7ffd9b8bd533 797->807 855 7ffd9b8bd7f7 798->855 827 7ffd9b8bd656 806->827 828 7ffd9b8bd849-7ffd9b8bd850 806->828 816 7ffd9b8bd9a5-7ffd9b8bd9e5 807->816 817 7ffd9b8bd539-7ffd9b8bd58a 807->817 816->827 842 7ffd9b8bd9eb-7ffd9b8bda4f 816->842 838 7ffd9b8bda6b-7ffd9b8bda77 817->838 839 7ffd9b8bd590-7ffd9b8bd5e1 817->839 835 7ffd9b8bd65b-7ffd9b8bd661 827->835 831 7ffd9b8bd856-7ffd9b8bd87d 828->831 832 7ffd9b8bd852-7ffd9b8bd854 828->832 833 7ffd9b8bd87f-7ffd9b8bd8f0 831->833 832->833 833->827 907 7ffd9b8bd8f6-7ffd9b8bd8fd 833->907 848 7ffd9b8bd664-7ffd9b8bd667 835->848 838->827 844 7ffd9b8bda7d-7ffd9b8bda8d 838->844 867 7ffd9b8bd5e7-7ffd9b8bd638 839->867 868 7ffd9b8bdb5e-7ffd9b8bdb9e 839->868 891 7ffd9b8bda5e-7ffd9b8bda66 call 7ffd9b8b2ea8 842->891 892 7ffd9b8bda51-7ffd9b8bda59 call 7ffd9b8b2eb0 842->892 844->783 859 7ffd9b8bda93-7ffd9b8bdad3 844->859 851 7ffd9b8bd66d-7ffd9b8bdc4f 848->851 852 7ffd9b8bd6f3-7ffd9b8bd6f7 848->852 851->783 860 7ffd9b8bdc55-7ffd9b8bdcb1 call 7ffd9b8b1a60 851->860 852->788 857 7ffd9b8bd6fd-7ffd9b8bd701 852->857 855->783 857->786 857->793 859->827 886 7ffd9b8bdad9-7ffd9b8bdaf3 859->886 860->827 918 7ffd9b8bdcb7-7ffd9b8bdce4 call 7ffd9b8bcb80 860->918 889 7ffd9b8bd63a-7ffd9b8bd646 867->889 890 7ffd9b8bd672-7ffd9b8bd6c3 867->890 868->827 901 7ffd9b8bdba4-7ffd9b8bdbab 868->901 886->827 905 7ffd9b8bdaf9-7ffd9b8bdb59 call 7ffd9b8bcb80 886->905 889->827 895 7ffd9b8bd648-7ffd9b8bd64f 889->895 890->852 924 7ffd9b8bd6c5-7ffd9b8bd6d1 890->924 891->783 892->783 895->835 903 7ffd9b8bd651-7ffd9b8bd654 895->903 908 7ffd9b8bdbad-7ffd9b8bdbb0 901->908 909 7ffd9b8bdbb2-7ffd9b8bdbda 901->909 903->848 905->783 910 7ffd9b8bd8ff-7ffd9b8bd902 907->910 911 7ffd9b8bd904-7ffd9b8bd92c 907->911 913 7ffd9b8bdbdc-7ffd9b8bdc43 call 7ffd9b8b2eb0 908->913 909->913 917 7ffd9b8bd92e-7ffd9b8bd9a0 call 7ffd9b8ba270 910->917 911->917 913->783 917->783 918->827 949 7ffd9b8bdcea-7ffd9b8bdd07 918->949 924->827 929 7ffd9b8bd6d3-7ffd9b8bd6da 924->929 935 7ffd9b8bd6dc-7ffd9b8bd6df 929->935 936 7ffd9b8bd6e1-7ffd9b8bd6e7 929->936 940 7ffd9b8bd6ea-7ffd9b8bd6ed 935->940 936->940 940->852 945 7ffd9b8bdd97-7ffd9b8bdd9e 940->945 945->783 950 7ffd9b8bdda4-7ffd9b8bde45 call 7ffd9b8b1a60 call 7ffd9b8b2ea8 945->950 949->827 958 7ffd9b8bdd0d-7ffd9b8bdd2a 949->958 950->783 958->827 966 7ffd9b8bdd30-7ffd9b8bdd92 call 7ffd9b8b2ea8 958->966 966->783
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aafd7b3b6d0daee3480a0f228074f1aa6b4ea0a2bcbfdebf9a277e96279a8ab0
                      • Instruction ID: 33fa51736bd70ac95a3ed501ece68e657d85f75666a490421a77e95df7e90af1
                      • Opcode Fuzzy Hash: aafd7b3b6d0daee3480a0f228074f1aa6b4ea0a2bcbfdebf9a277e96279a8ab0
                      • Instruction Fuzzy Hash: 1972F920B1DA198FF758AB789869678B7D2FF9C300F15457EE41DC32D6DE24A8418BC2
                      Function 00007FFD9B8BC8F0 Relevance: .6, Instructions: 624COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 97ca93de3b5b834bcb7e0c07147d68f427e4c51c8ad2c1b0eb01e8c39a9a3234
                      • Instruction ID: fceb4d56c7a6c728904dcb7d02ea89b54f5d3fc05d27a7d7c14d43feb655c5d1
                      • Opcode Fuzzy Hash: 97ca93de3b5b834bcb7e0c07147d68f427e4c51c8ad2c1b0eb01e8c39a9a3234
                      • Instruction Fuzzy Hash: 6C321D70E1951D8BDB69EB64C4A5BF9B3B1FF09304F1145BAD01EA3296CE35AA81CF40
                      Function 00007FFD9B8BC8B0 Relevance: .6, Instructions: 563COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 93042f5e93ca0437f8c75e894d2e245f913f22ce599d2271c25bc3c9663efe43
                      • Instruction ID: 678084fba87bf246cae5497249702d79de5b32ab664798a926d85eac98877100
                      • Opcode Fuzzy Hash: 93042f5e93ca0437f8c75e894d2e245f913f22ce599d2271c25bc3c9663efe43
                      • Instruction Fuzzy Hash: C1122171E0991D8FEBA8DB68C8A4BB877E1FF58310F1105B9D05ED32A5DA34A981CF41
                      Function 00007FFD9B8B7B1A Relevance: .4, Instructions: 449COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e7a81ab291a624fd8aa3a5e09ce0e2648e4d694b10e81499427680c2d60d3999
                      • Instruction ID: 79f6f79868563f8f5af01404d98de6fa08103673529b4f62890c6a4d23ebe0b1
                      • Opcode Fuzzy Hash: e7a81ab291a624fd8aa3a5e09ce0e2648e4d694b10e81499427680c2d60d3999
                      • Instruction Fuzzy Hash: 98E19430A09A4D8FEBA8DF28D865BF937D1FF58310F14426EE84DC7295DB34A9458B81
                      Function 00007FFD9B8B8C55 Relevance: .4, Instructions: 434COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: acae1377befead6744da5a0bc24a0c9d1e2913f0da2ddf8b6f0785dff02af765
                      • Instruction ID: 78b2e8eab12ce434ec29cf33710f0208ab7ec53f2447274eeee256e91e90edd5
                      • Opcode Fuzzy Hash: acae1377befead6744da5a0bc24a0c9d1e2913f0da2ddf8b6f0785dff02af765
                      • Instruction Fuzzy Hash: 12E19230A09A4D8FEBA8DF68C8657E977D1FF58310F14426AE80DC76A5DF34A9418BC1
                      Function 00007FFD9B8BE20D Relevance: .2, Instructions: 188COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8878c72f9c6a94edb7ea1bad82dd129c9e4367f00f89d686ef31511f89ad786a
                      • Instruction ID: 72e2d1e447c85f5e2a03689b9d010c546430e11cd66a8d2faf969326b7713254
                      • Opcode Fuzzy Hash: 8878c72f9c6a94edb7ea1bad82dd129c9e4367f00f89d686ef31511f89ad786a
                      • Instruction Fuzzy Hash: 3551DE70E1951D8FDB98EFA8C4A5AACBBF1FF59301F111569D01EE72A2CA34A941CF40
                      Function 00007FFD9B8B0DE2 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 692 7ffd9b8b0de2-7ffd9b8b17df VirtualProtect 696 7ffd9b8b17e7-7ffd9b8b180f 692->696 697 7ffd9b8b17e1 692->697 697->696
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: bb2412e0f129fabd5c71594ee724acd6210095a61870afb2ee45add3208cd2e5
                      • Instruction ID: 2d2e4f5c04aeda76a734826a5d4f64ba6f1b267ab460125b36665340bd401b81
                      • Opcode Fuzzy Hash: bb2412e0f129fabd5c71594ee724acd6210095a61870afb2ee45add3208cd2e5
                      • Instruction Fuzzy Hash: 4831E830A0CA1C8FDB1CEF99D845AF977E5EB59321F00422FD04AD3291CB706852CB85
                      Function 00007FFD9B8B1814 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 698 7ffd9b8b1814-7ffd9b8b181b 699 7ffd9b8b1826-7ffd9b8b1839 698->699 700 7ffd9b8b181d-7ffd9b8b1825 698->700 701 7ffd9b8b183b-7ffd9b8b18f2 699->701 702 7ffd9b8b17ce-7ffd9b8b17df VirtualProtect 699->702 700->699 703 7ffd9b8b17e7-7ffd9b8b180f 702->703 704 7ffd9b8b17e1 702->704 704->703
                      Memory Dump Source
                      • Source File: 00000000.00000002.3236701555.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7ffd9b8b0000_file.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0c17092ab7d69e2a0f6137cf1c8b28da930b94f03faa91a11b378af2557817ba
                      • Instruction ID: c94c4497ea72ac0b163f1763b3646553336ff994fda3a42dc0ac4b208ec2dd4f
                      • Opcode Fuzzy Hash: 0c17092ab7d69e2a0f6137cf1c8b28da930b94f03faa91a11b378af2557817ba
                      • Instruction Fuzzy Hash: 01310A31B4D50E4FD31CAB6CA4655E8BFA1FB95311B8041A5E05A837CBEE74A412C7D2

                      Execution Graph

                      Execution Coverage:13.8%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:8
                      Total number of Limit Nodes:1
                      execution_graph 1332 7ffd9b890de2 1333 7ffd9b891740 VirtualProtect 1332->1333 1335 7ffd9b8917e1 1333->1335 1327 7ffd9b891814 1328 7ffd9b89181d 1327->1328 1329 7ffd9b8917cc VirtualProtect 1328->1329 1331 7ffd9b89183b 1328->1331 1330 7ffd9b8917e1 1329->1330

                      Callgraph

                      • Executed
                      • Not Executed
                      • Opacity -> Relevance
                      • Disassembly available
                      callgraph 0 Function_007656F6 1 Function_00763BF4 2 Function_00007FFD9B890CF7 3 Function_00007FFD9B8918F9 56 Function_00007FFD9B890F20 3->56 4 Function_00007FFD9B890E7A 5 Function_00007FFD9B8908FA 6 Function_00007FFD9B890DF2 7 Function_00007FFD9B8910F2 11 Function_00007FFD9B890DE8 7->11 59 Function_00007FFD9B890DD8 7->59 8 Function_00763BF8 9 Function_00763C64 10 Function_00007FFD9B890368 21 Function_00007FFD9B890F18 11->21 25 Function_00007FFD9B890F10 11->25 12 Function_00007FFD9B891B6A 13 Function_00007FFD9B890E6A 14 Function_007656EE 15 Function_00007FFD9B890F60 16 Function_00007FFD9B890EE0 17 Function_00007FFD9B890DE2 18 Function_00763C57 19 Function_00007FFD9B890398 20 Function_00007FFD9B891118 20->11 20->59 22 Function_007646D3 23 Function_00007FFD9B890E9A 24 Function_00007FFD9B89250D 26 Function_00007FFD9B890392 27 Function_00764558 28 Function_00007FFD9B891814 29 Function_00007FFD9B892785 30 Function_00007FFD9B892585 30->21 30->25 31 Function_00007FFD9B890208 32 Function_00007FFD9B890E8A 33 Function_00007FFD9B890F8B 34 Function_007656C1 35 Function_00007FFD9B89000C 36 Function_007656CE 37 Function_00007FFD9B8926FE 38 Function_00007FFD9B890D80 41 Function_00007FFD9B890BB8 38->41 39 Function_00007FFD9B890F00 40 Function_00007FFD9B891038 42 Function_00764BB0 43 Function_00007FFD9B89012D 44 Function_00007FFD9B8900AD 45 Function_00007FFD9B890FAD 46 Function_00007FFD9B891BAE 46->10 46->15 46->19 46->20 46->39 54 Function_00007FFD9B8910A0 46->54 63 Function_00007FFD9B890E50 46->63 47 Function_00007FFD9B890DB0 48 Function_00007FFD9B890D31 49 Function_007657A4 50 Function_00007FFD9B890F28 51 Function_007656A3 52 Function_00007FFD9B890EAA 53 Function_00007FFD9B890F1D 54->11 54->59 55 Function_00007FFD9B890D20 57 Function_00763428 58 Function_00007FFD9B890924 59->21 59->25 60 Function_00007FFD9B890E5C 61 Function_00007FFD9B89014D 62 Function_00763B1F 63->21 63->25 64 Function_00007FFD9B8906D0 65 Function_00007FFD9B8924D2 66 Function_00007FFD9B8910D3 67 Function_00763B99 68 Function_00007FFD9B892745 69 Function_00007FFD9B890E48 70 Function_00007FFD9B892548 71 Function_00007FFD9B890EC9 72 Function_00007FFD9B8908CA 73 Function_0076390F 74 Function_00007FFD9B891A41 74->31 74->50

                      Executed Functions

                      Function 00007FFD9B890DE2 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 230 7ffd9b890de2-7ffd9b8917df VirtualProtect 235 7ffd9b8917e7-7ffd9b89180f 230->235 236 7ffd9b8917e1 230->236 236->235
                      APIs
                      Memory Dump Source
                      • Source File: 00000003.00000002.1685340024.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffd9b890000_github.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: a60ff1215a20864aaabaae0d865bfd73a192cc019f3bea0550f9ecc41948ad65
                      • Instruction ID: 045f63715b4bdba7c5bf3fa0c3f33ad4dad4ee28622d1648fc6615d6dae2f167
                      • Opcode Fuzzy Hash: a60ff1215a20864aaabaae0d865bfd73a192cc019f3bea0550f9ecc41948ad65
                      • Instruction Fuzzy Hash: 6031C830A0CA1C9FDB1CEF99D8496F9BBE5EB59321F00422FD04AD3291CB706856CB95
                      Function 00007FFD9B891814 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 237 7ffd9b891814-7ffd9b89181b 238 7ffd9b891826-7ffd9b891839 237->238 239 7ffd9b89181d-7ffd9b891825 237->239 240 7ffd9b89183b-7ffd9b8918f2 238->240 241 7ffd9b8917cc-7ffd9b8917df VirtualProtect 238->241 239->238 242 7ffd9b8917e7-7ffd9b89180f 241->242 243 7ffd9b8917e1 241->243 243->242
                      Memory Dump Source
                      • Source File: 00000003.00000002.1685340024.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_3_2_7ffd9b890000_github.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d2ba5cac53117a5df6e724e3b651f5fb204cd27e7599a03a2bd9241805c186da
                      • Instruction ID: eb88e9cd67ab9d320d0304707c2cc7027b70f7371bdd51857520742814a5271d
                      • Opcode Fuzzy Hash: d2ba5cac53117a5df6e724e3b651f5fb204cd27e7599a03a2bd9241805c186da
                      • Instruction Fuzzy Hash: FD312C3574C60A5FD74CE768A8626A9BFA1EF49310F8041ADD45CC37CBDF7864068762

                      Execution Graph

                      Execution Coverage:14.1%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:8
                      Total number of Limit Nodes:1
                      execution_graph 1313 7ffd9b890de2 1314 7ffd9b891740 VirtualProtect 1313->1314 1316 7ffd9b8917e1 1314->1316 1308 7ffd9b891814 1309 7ffd9b89181d 1308->1309 1310 7ffd9b8917cc VirtualProtect 1309->1310 1312 7ffd9b89183b 1309->1312 1311 7ffd9b8917e1 1310->1311

                      Callgraph

                      • Executed
                      • Not Executed
                      • Opacity -> Relevance
                      • Disassembly available
                      callgraph 0 Function_00007FFD9B890CF7 1 Function_00007FFD9B8918F9 43 Function_00007FFD9B890F20 1->43 2 Function_00007FFD9B890E7A 3 Function_00007FFD9B8908FA 4 Function_00007FFD9B890DF2 5 Function_00007FFD9B8910F2 7 Function_00007FFD9B890DE8 5->7 45 Function_00007FFD9B890DD8 5->45 6 Function_00007FFD9B890368 15 Function_00007FFD9B890F18 7->15 18 Function_00007FFD9B890F10 7->18 8 Function_00007FFD9B891B6A 9 Function_00007FFD9B890E6A 10 Function_00007FFD9B890F60 11 Function_00007FFD9B890EE0 12 Function_00007FFD9B890DE2 13 Function_00007FFD9B890398 14 Function_00007FFD9B891118 14->7 14->45 16 Function_00007FFD9B890E9A 17 Function_00007FFD9B89250D 19 Function_00007FFD9B890392 20 Function_00007FFD9B891814 21 Function_00007FFD9B892785 22 Function_00007FFD9B892585 22->15 22->18 23 Function_00007FFD9B890208 24 Function_00007FFD9B890E8A 25 Function_00007FFD9B890F8B 26 Function_00007FFD9B89000C 27 Function_00007FFD9B8926FE 28 Function_00007FFD9B890D80 31 Function_00007FFD9B890BB8 28->31 29 Function_00007FFD9B890F00 30 Function_00007FFD9B891038 32 Function_00007FFD9B89012D 33 Function_00007FFD9B8900AD 34 Function_00007FFD9B890FAD 35 Function_00007FFD9B891BAE 35->6 35->10 35->13 35->14 35->29 41 Function_00007FFD9B8910A0 35->41 48 Function_00007FFD9B890E50 35->48 36 Function_00007FFD9B890DB0 37 Function_00007FFD9B890D31 38 Function_00007FFD9B890F28 39 Function_00007FFD9B890EAA 40 Function_00007FFD9B890F1D 41->7 41->45 42 Function_00007FFD9B890D20 44 Function_00007FFD9B890924 45->15 45->18 46 Function_00007FFD9B890E5C 47 Function_00007FFD9B89014D 48->15 48->18 49 Function_00007FFD9B8906D0 50 Function_00007FFD9B8924D2 51 Function_00007FFD9B8910D3 52 Function_00007FFD9B892745 53 Function_00007FFD9B890E48 54 Function_00007FFD9B892548 55 Function_00007FFD9B890EC9 56 Function_00007FFD9B8908CA 57 Function_00007FFD9B891A41 57->23 57->38

                      Executed Functions

                      Function 00007FFD9B890DE2 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 230 7ffd9b890de2-7ffd9b8917df VirtualProtect 235 7ffd9b8917e7-7ffd9b89180f 230->235 236 7ffd9b8917e1 230->236 236->235
                      APIs
                      Memory Dump Source
                      • Source File: 00000004.00000002.1740013453.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_7ffd9b890000_github.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: a60ff1215a20864aaabaae0d865bfd73a192cc019f3bea0550f9ecc41948ad65
                      • Instruction ID: 045f63715b4bdba7c5bf3fa0c3f33ad4dad4ee28622d1648fc6615d6dae2f167
                      • Opcode Fuzzy Hash: a60ff1215a20864aaabaae0d865bfd73a192cc019f3bea0550f9ecc41948ad65
                      • Instruction Fuzzy Hash: 6031C830A0CA1C9FDB1CEF99D8496F9BBE5EB59321F00422FD04AD3291CB706856CB95
                      Function 00007FFD9B891814 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 237 7ffd9b891814-7ffd9b89181b 238 7ffd9b891826-7ffd9b891839 237->238 239 7ffd9b89181d-7ffd9b891825 237->239 240 7ffd9b89183b-7ffd9b8918f2 238->240 241 7ffd9b8917cc-7ffd9b8917df VirtualProtect 238->241 239->238 242 7ffd9b8917e7-7ffd9b89180f 241->242 243 7ffd9b8917e1 241->243 243->242
                      Memory Dump Source
                      • Source File: 00000004.00000002.1740013453.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_7ffd9b890000_github.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 831ecc45174d7068e4292fd2e757da84f102311ce3280ca77c030a79a32e2252
                      • Instruction ID: 251b782a21adbb0a3c7e08d2783d9a0baa2900a98502c65b6fc46099876d3bc8
                      • Opcode Fuzzy Hash: 831ecc45174d7068e4292fd2e757da84f102311ce3280ca77c030a79a32e2252
                      • Instruction Fuzzy Hash: 9631EA3174D64A5FE30CAB58E462AB4BFA1EF45350F8042A9D45CC37CBDA38A5068752

                      Execution Graph

                      Execution Coverage:14%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:8
                      Total number of Limit Nodes:1
                      execution_graph 1323 7ffd9b8a0de2 1324 7ffd9b8a1740 VirtualProtect 1323->1324 1326 7ffd9b8a17e1 1324->1326 1318 7ffd9b8a1814 1319 7ffd9b8a181d 1318->1319 1320 7ffd9b8a17cd VirtualProtect 1319->1320 1322 7ffd9b8a183b 1319->1322 1321 7ffd9b8a17e1 1320->1321

                      Callgraph

                      • Executed
                      • Not Executed
                      • Opacity -> Relevance
                      • Disassembly available
                      callgraph 0 Function_00007FFD9B8A0CF7 1 Function_00007FFD9B8A0E7A 2 Function_00007FFD9B8A08FA 3 Function_00007FFD9B8A18F9 44 Function_00007FFD9B8A0F20 3->44 4 Function_00007FFD9B8A0DF2 5 Function_00007FFD9B8A10F2 7 Function_00007FFD9B8A0DE8 5->7 46 Function_00007FFD9B8A0DD8 5->46 6 Function_00007FFD9B8A0368 13 Function_00007FFD9B8A0F18 7->13 18 Function_00007FFD9B8A0F10 7->18 8 Function_00007FFD9B8A1B6A 9 Function_00007FFD9B8A0E6A 10 Function_00007FFD9B8A0F60 11 Function_00007FFD9B8A0EE0 12 Function_00007FFD9B8A0DE2 14 Function_00007FFD9B8A1118 14->7 14->46 15 Function_00007FFD9B8A0398 16 Function_00007FFD9B8A0E9A 17 Function_00007FFD9B8A250D 19 Function_00007FFD9B8A0392 20 Function_00007FFD9B8A1814 21 Function_00007FFD9B8A2785 22 Function_00007FFD9B8A2585 22->13 22->18 23 Function_00007FFD9B8A0208 24 Function_00007FFD9B8A000A 25 Function_00007FFD9B8A0E8A 26 Function_00007FFD9B8A0F8B 27 Function_00007FFD9B8A26FE 28 Function_00007FFD9B8A0D80 31 Function_00007FFD9B8A0BB8 28->31 29 Function_00007FFD9B8A0F00 30 Function_00007FFD9B8A1038 32 Function_00007FFD9B8A1BAE 32->6 32->10 32->14 32->15 32->29 43 Function_00007FFD9B8A10A0 32->43 49 Function_00007FFD9B8A0E50 32->49 33 Function_00007FFD9B8A012D 34 Function_00007FFD9B8A00AD 35 Function_00007FFD9B8A0FAD 36 Function_00007FFD9B8A0DB0 37 Function_00007FFD9B8A0D31 38 Function_00007FFD9B8A0F28 39 Function_00007FFD9B8A0EAA 40 Function_00007FFD9B8A019D 41 Function_00007FFD9B8A0F1D 42 Function_00007FFD9B8A0D20 43->7 43->46 45 Function_00007FFD9B8A0924 46->13 46->18 47 Function_00007FFD9B8A0E5C 48 Function_00007FFD9B8A014D 49->13 49->18 50 Function_00007FFD9B8A06D0 51 Function_00007FFD9B8A24D2 52 Function_00007FFD9B8A10D3 53 Function_00007FFD9B8A2745 54 Function_00007FFD9B8A0E48 55 Function_00007FFD9B8A2548 56 Function_00007FFD9B8A08CA 57 Function_00007FFD9B8A0EC9 58 Function_00007FFD9B8A1A41 58->23 58->38

                      Executed Functions

                      Function 00007FFD9B8A0DE2 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 230 7ffd9b8a0de2-7ffd9b8a17df VirtualProtect 235 7ffd9b8a17e7-7ffd9b8a180f 230->235 236 7ffd9b8a17e1 230->236 236->235
                      APIs
                      Memory Dump Source
                      • Source File: 00000008.00000002.2331150117.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_7ffd9b8a0000_github.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: d0d015a1a3ffc42edd828b877279f612afb778c277c03b0002b3c41482d71060
                      • Instruction ID: 8a254119301cbb674f62d85fed2d32308b5e796cdc21c5965cdf4e6b4e0092af
                      • Opcode Fuzzy Hash: d0d015a1a3ffc42edd828b877279f612afb778c277c03b0002b3c41482d71060
                      • Instruction Fuzzy Hash: 7D31C830A0CA1C8FDB1CEF99D8456F977E5EB59321F10422FD04AD3291DB706856CB95
                      Function 00007FFD9B8A1814 Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 237 7ffd9b8a1814-7ffd9b8a181b 238 7ffd9b8a1826-7ffd9b8a1839 237->238 239 7ffd9b8a181d-7ffd9b8a1825 237->239 240 7ffd9b8a183b-7ffd9b8a18f2 238->240 241 7ffd9b8a17cd-7ffd9b8a17df VirtualProtect 238->241 239->238 242 7ffd9b8a17e7-7ffd9b8a180f 241->242 243 7ffd9b8a17e1 241->243 243->242
                      Memory Dump Source
                      • Source File: 00000008.00000002.2331150117.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_7ffd9b8a0000_github.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f15611bd5201b378f949523523371d83bf06163959422b658456b16874de457
                      • Instruction ID: 005d57436d79199b8d26a769e58261abe3070f3ee1e76ed201be89270fa8f535
                      • Opcode Fuzzy Hash: 7f15611bd5201b378f949523523371d83bf06163959422b658456b16874de457
                      • Instruction Fuzzy Hash: 5831CA7174D64A8FD70CEB78E461AB4BFA1EF45350F8041A5D059837CAEF386452C7A2

                      Execution Graph

                      Execution Coverage:14%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:8
                      Total number of Limit Nodes:1
                      execution_graph 1314 7ffd9b890de2 1315 7ffd9b891740 VirtualProtect 1314->1315 1317 7ffd9b8917e1 1315->1317 1309 7ffd9b891814 1310 7ffd9b89181d 1309->1310 1311 7ffd9b8917cc VirtualProtect 1310->1311 1313 7ffd9b89183b 1310->1313 1312 7ffd9b8917e1 1311->1312

                      Callgraph

                      • Executed
                      • Not Executed
                      • Opacity -> Relevance
                      • Disassembly available
                      callgraph 0 Function_00007FFD9B890CF7 1 Function_00007FFD9B8918F9 43 Function_00007FFD9B890F20 1->43 2 Function_00007FFD9B890E7A 3 Function_00007FFD9B8908FA 4 Function_00007FFD9B890DF2 5 Function_00007FFD9B8910F2 7 Function_00007FFD9B890DE8 5->7 45 Function_00007FFD9B890DD8 5->45 6 Function_00007FFD9B890368 15 Function_00007FFD9B890F18 7->15 18 Function_00007FFD9B890F10 7->18 8 Function_00007FFD9B891B6A 9 Function_00007FFD9B890E6A 10 Function_00007FFD9B890F60 11 Function_00007FFD9B890EE0 12 Function_00007FFD9B890DE2 13 Function_00007FFD9B890398 14 Function_00007FFD9B891118 14->7 14->45 16 Function_00007FFD9B890E9A 17 Function_00007FFD9B89250D 19 Function_00007FFD9B890392 20 Function_00007FFD9B891814 21 Function_00007FFD9B892785 22 Function_00007FFD9B892585 22->15 22->18 23 Function_00007FFD9B890208 24 Function_00007FFD9B890E8A 25 Function_00007FFD9B890F8B 26 Function_00007FFD9B89000C 27 Function_00007FFD9B8926FE 28 Function_00007FFD9B890D80 31 Function_00007FFD9B890BB8 28->31 29 Function_00007FFD9B890F00 30 Function_00007FFD9B891038 32 Function_00007FFD9B89012D 33 Function_00007FFD9B8900AD 34 Function_00007FFD9B890FAD 35 Function_00007FFD9B891BAE 35->6 35->10 35->13 35->14 35->29 41 Function_00007FFD9B8910A0 35->41 48 Function_00007FFD9B890E50 35->48 36 Function_00007FFD9B890DB0 37 Function_00007FFD9B890D31 38 Function_00007FFD9B890F28 39 Function_00007FFD9B890EAA 40 Function_00007FFD9B890F1D 41->7 41->45 42 Function_00007FFD9B890D20 44 Function_00007FFD9B890924 45->15 45->18 46 Function_00007FFD9B890E5C 47 Function_00007FFD9B89014D 48->15 48->18 49 Function_00007FFD9B8906D0 50 Function_00007FFD9B8924D2 51 Function_00007FFD9B8910D3 52 Function_00007FFD9B892745 53 Function_00007FFD9B890E48 54 Function_00007FFD9B892548 55 Function_00007FFD9B890EC9 56 Function_00007FFD9B8908CA 57 Function_00007FFD9B891A41 57->23 57->38

                      Executed Functions

                      Function 00007FFD9B890DE2 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 230 7ffd9b890de2-7ffd9b8917df VirtualProtect 235 7ffd9b8917e7-7ffd9b89180f 230->235 236 7ffd9b8917e1 230->236 236->235
                      APIs
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2929707388.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_7ffd9b890000_github.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: a60ff1215a20864aaabaae0d865bfd73a192cc019f3bea0550f9ecc41948ad65
                      • Instruction ID: 045f63715b4bdba7c5bf3fa0c3f33ad4dad4ee28622d1648fc6615d6dae2f167
                      • Opcode Fuzzy Hash: a60ff1215a20864aaabaae0d865bfd73a192cc019f3bea0550f9ecc41948ad65
                      • Instruction Fuzzy Hash: 6031C830A0CA1C9FDB1CEF99D8496F9BBE5EB59321F00422FD04AD3291CB706856CB95
                      Function 00007FFD9B891814 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 237 7ffd9b891814-7ffd9b89181b 238 7ffd9b891826-7ffd9b891839 237->238 239 7ffd9b89181d-7ffd9b891825 237->239 240 7ffd9b89183b-7ffd9b8918f2 238->240 241 7ffd9b8917cc-7ffd9b8917df VirtualProtect 238->241 239->238 242 7ffd9b8917e7-7ffd9b89180f 241->242 243 7ffd9b8917e1 241->243 243->242
                      Memory Dump Source
                      • Source File: 0000000D.00000002.2929707388.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_13_2_7ffd9b890000_github.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 189480a4955279c1d5443d85850eb2e69e14b6f7840711cd803cc134eb06c7dd
                      • Instruction ID: 9424242c6c7328ad865133a6490e481d6d19df7c2396a41a20fab6c816d526c1
                      • Opcode Fuzzy Hash: 189480a4955279c1d5443d85850eb2e69e14b6f7840711cd803cc134eb06c7dd
                      • Instruction Fuzzy Hash: A9312C3574D64A5FD30CEB58A861AA4BFA1EF45350F8041A9D05CC37CBDF7C64068762

                      Execution Graph

                      Execution Coverage:18.4%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:3
                      Total number of Limit Nodes:0
                      execution_graph 4506 7ffd9bad0de2 4507 7ffd9bad1740 VirtualProtect 4506->4507 4509 7ffd9bad17e1 4507->4509

                      Executed Functions

                      Function 00007FFD9BAD0DE2 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 574 7ffd9bad0de2-7ffd9bad17df VirtualProtect 578 7ffd9bad17e7-7ffd9bad180f 574->578 579 7ffd9bad17e1 574->579 579->578
                      APIs
                      Memory Dump Source
                      • Source File: 0000000F.00000002.4136719326.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_15_2_7ffd9bad0000_github.jbxd
                      Similarity
                      • API ID: ProtectVirtual
                      • String ID:
                      • API String ID: 544645111-0
                      • Opcode ID: bb2412e0f129fabd5c71594ee724acd6210095a61870afb2ee45add3208cd2e5
                      • Instruction ID: c0c0ffcedef49ee6d2fccb8acce69bff7712049e52d7d2d07bd5c14df11a7069
                      • Opcode Fuzzy Hash: bb2412e0f129fabd5c71594ee724acd6210095a61870afb2ee45add3208cd2e5
                      • Instruction Fuzzy Hash: 8F31C831A0CA1C8FDB1CDF99D845AF9B7E5EBA9311F00422FD04AD3291DB706856CB95