Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1565730
MD5:7ac5198e128deda55eeeb6ccfc8b57ea
SHA1:96b58d89ddfedda3dc8daebb4391abe40843253e
SHA256:887a2e09a1e373ad3f5224a8464b0e5b4ebe4a344958c2d9c91cbd42a54f1241
Tags:exeuser-Bitsight
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7528 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7AC5198E128DEDA55EEEB6CCFC8B57EA)
    • schtasks.exe (PID: 7712 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 4944 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 2632 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["179.43.171.209"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x6f42:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x6fdf:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x70f4:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x6d7e:$cnc4: POST / HTTP/1.1
    00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
      00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x6f42:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x6fdf:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x70f4:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x6d7e:$cnc4: POST / HTTP/1.1
      00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
        Click to see the 1 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.file.exe.800000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
          0.2.file.exe.800000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0x7342:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0x73df:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0x74f4:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0x717e:$cnc4: POST / HTTP/1.1

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Startup Folder File Write
          Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 7528, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnk
          Sigma detected: Suspicious Schtasks From Env Var Folder
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7528, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe", ProcessId: 7712, ProcessName: schtasks.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-30T17:20:09.010710+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:19.643363+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:22.214594+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:30.299793+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:40.975938+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:51.611824+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:52.221493+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:57.300061+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:57.501283+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:57.702545+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:57.836221+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:58.523684+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:58.726283+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:58.927385+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:59.175390+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:59.429051+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:59.826371+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:00.220954+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:00.572970+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:00.684049+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:00.817675+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:01.674936+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:01.876034+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:02.026735+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:02.150407+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:02.475069+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:02.716808+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:02.798538+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:03.004746+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:03.280556+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:03.525261+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:03.606363+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:04.835903+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:05.283334+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:05.587885+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:05.788977+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:06.002525+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:06.144230+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:06.248777+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:06.470566+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:07.157688+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:07.358637+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:08.122943+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:08.308332+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:08.364889+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:08.432265+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:08.676654+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:08.878075+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:09.208438+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:09.350039+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:09.538230+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:09.677063+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:09.945229+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:10.135086+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:10.537834+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:10.722492+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:10.848447+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:11.139281+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:11.300906+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:11.420972+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:11.689039+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:11.977024+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:12.276870+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:12.599489+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:12.864702+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:13.468252+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:13.793135+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:13.914209+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:14.137117+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:14.235993+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:14.338261+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:14.990310+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:15.337206+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:15.792336+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.047084+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.265635+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.489747+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.586999+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.610277+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.706993+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:16.943682+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:17.192697+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:18.019409+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:18.173412+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:18.347796+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:18.989897+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:19.271106+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:19.581049+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:20.768322+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:20.915720+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:21.045838+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:21.169534+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:21.673838+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:21.950021+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:22.072285+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:22.151360+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:22.553728+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:22.678499+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:23.936828+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:24.138116+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:24.428499+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:24.583203+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:24.784286+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:25.035670+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:25.226072+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:25.359924+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:25.653275+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:26.659268+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:26.810089+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:27.055801+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:27.423442+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:27.594974+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:28.063602+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:28.385566+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:28.508667+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:30.012362+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:30.260786+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:30.341052+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:30.582762+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:30.749619+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:30.993442+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:31.247616+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:31.365092+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:31.566902+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:31.654341+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:31.771208+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:31.888216+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.008185+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.107607+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.356718+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.422992+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.543451+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.664643+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.744366+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:32.945541+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.046171+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.165624+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.408710+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.652707+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.730183+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.853771+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:33.931303+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.052507+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.273089+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.373996+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.494034+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.615675+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.699343+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.819404+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:34.937354+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.146673+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.185318+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.319611+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.386456+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.467917+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.587596+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:35.822725+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:36.222520+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:36.501709+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:36.741127+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:36.904853+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:36.984703+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:37.078518+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:37.185877+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:37.407888+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:37.670526+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:37.793084+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:38.681967+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:38.825002+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:39.373600+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:39.496390+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:39.616607+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:39.693286+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:39.817684+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:39.894018+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:40.143981+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:40.264621+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:40.388721+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:41.811656+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:42.012797+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:42.576102+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:42.697012+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:42.820984+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:42.942147+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:43.062207+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:43.142475+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:43.368377+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:43.816319+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:44.030788+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:44.154611+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:44.300168+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:44.866152+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:44.948367+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:45.069032+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:45.451221+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:52.236844+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:22:12.887645+010028528701Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-30T17:20:09.245403+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:19.645453+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:30.302783+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:40.977605+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:51.614357+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:57.390071+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:57.510176+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:57.801462+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:57.921504+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:58.614643+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:58.846503+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:59.253649+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:59.500582+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:20:59.872423+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:00.234009+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:00.496387+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:00.616370+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:00.771455+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:00.949361+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:01.705483+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:01.917490+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:02.039160+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:02.163768+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:02.518922+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:02.765160+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:03.008842+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:03.283530+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:03.452108+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:03.525609+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:03.609512+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:03.939473+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:04.082277+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:04.202510+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:04.838588+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:05.284859+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:05.822962+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:06.129911+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:06.248891+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:06.311705+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:06.471938+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:07.160354+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:07.366014+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:08.365000+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:08.391474+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:08.485097+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:09.209974+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:09.352971+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:09.809514+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:09.946512+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:10.814591+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:11.387887+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:11.690327+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:12.143642+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:12.278225+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:12.727657+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:12.866430+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:13.470601+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:13.877828+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:14.203520+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:14.265497+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:14.431464+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:15.012562+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:15.219611+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:15.339581+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:15.821799+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:16.064012+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:16.288236+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:16.505748+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:16.610319+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:16.632546+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:17.280955+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:18.026519+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:18.176484+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:18.348419+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:18.991945+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:19.280058+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:19.641471+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:19.835968+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:19.956405+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:20.968158+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:21.091430+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:21.341476+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:21.749806+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:22.235529+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:22.498972+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:23.131037+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:23.986641+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:24.189533+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:24.875730+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:25.038643+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:25.331980+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:25.499508+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:25.672941+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:26.734380+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:26.854602+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:27.151493+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:27.425408+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:28.072836+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:28.295589+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:28.385826+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:28.417526+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:28.601560+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:30.013234+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:30.341553+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:30.583589+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:31.037548+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:31.331551+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:31.570138+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:31.686962+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:31.806953+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:31.892544+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:32.015911+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:32.423040+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:32.745550+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:32.964190+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:33.474752+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:34.114406+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:34.292710+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:34.498249+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:34.619590+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:34.739784+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:34.984099+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:35.185386+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:35.305420+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:35.386537+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:35.891457+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:36.300524+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:36.510442+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:36.754633+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:36.984767+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:37.067523+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:37.192653+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:37.471596+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:37.682296+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:37.907377+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:38.915611+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:39.451317+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:39.615783+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:39.779486+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:39.895566+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:39.940572+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:40.158851+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:40.351694+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:40.472045+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:41.814292+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:42.013577+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:42.619959+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:42.740975+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:42.861091+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:43.143783+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:43.383783+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:43.829587+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:44.056667+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:21:44.948422+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          2024-11-30T17:22:12.165081+010028529231Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-30T17:20:22.214594+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:20:52.221493+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          2024-11-30T17:21:52.236844+010028528741Malware Command and Control Activity Detected179.43.171.2097000192.168.2.449730TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-30T17:20:59.992727+010028531931Malware Command and Control Activity Detected192.168.2.449730179.43.171.2097000TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: file.exeAvira: detected
          Found malware configuration
          Source: 00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["179.43.171.209"], "Port": 7000, "Aes key": "<123456789>", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
          Multi AV Scanner detection for submitted file
          Source: file.exeReversingLabs: Detection: 31%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Machine Learning detection for sample
          Source: file.exeJoe Sandbox ML: detected
          Sample uses string decryption to hide its real strings
          Source: 0.2.file.exe.800000.0.unpackString decryptor: 179.43.171.209
          Source: 0.2.file.exe.800000.0.unpackString decryptor: 7000
          Source: 0.2.file.exe.800000.0.unpackString decryptor: <123456789>
          Source: 0.2.file.exe.800000.0.unpackString decryptor: <Xwormmm>
          Source: 0.2.file.exe.800000.0.unpackString decryptor: XWorm V5.6
          Source: 0.2.file.exe.800000.0.unpackString decryptor: USB.exe
          Source: 0.2.file.exe.800000.0.unpackString decryptor: %AppData%
          Source: 0.2.file.exe.800000.0.unpackString decryptor: github.exe
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Binary string: e.PDBl source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Xml.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: file.exe, 00000000.00000002.3033379354.0000000001499000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdbdbib.pdb# source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\dll\mscorlib.pdbME source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.ni.pdbRSDS source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: lib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: n0C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: 5c561934e089\mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: C:\Windows\dll\mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdbRSDS source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: mscorlib.pdbL}2 source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: \mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Xml.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: ile.PDB source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp, file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: o.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Xml.ni.pdbRSDS# source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: Microsoft.VisualBasic.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: %%.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Windows.Forms.pdbxX source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp, WERB1AB.tmp.dmp.9.dr
          Source: Binary string: C:\Windows\dll\mscorlib.pdbHI source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb] source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Management.ni.pdbRSDSJ< source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Drawing.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Management.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbH source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Management.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.pdbMZ source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: symbols\dll\mscorlib.pdbLb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.ni.pdbRSDS source: WERB1AB.tmp.dmp.9.dr

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2855924 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49730 -> 179.43.171.209:7000
          Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 179.43.171.209:7000 -> 192.168.2.4:49730
          Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49730 -> 179.43.171.209:7000
          Source: Network trafficSuricata IDS: 2852874 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M2 : 179.43.171.209:7000 -> 192.168.2.4:49730
          Source: Network trafficSuricata IDS: 2853193 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.4:49730 -> 179.43.171.209:7000
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: 179.43.171.209
          Source: global trafficTCP traffic: 192.168.2.4:49730 -> 179.43.171.209:7000
          Source: Joe Sandbox ViewASN Name: PLI-ASCH PLI-ASCH
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: unknownTCP traffic detected without corresponding DNS query: 179.43.171.209
          Source: file.exe, 00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Amcache.hve.9.drString found in binary or memory: http://upx.sf.net

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 0.2.file.exe.800000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: 00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
          Source: 00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
          PE file contains section with special chars
          Source: file.exeStatic PE information: section name:
          Source: file.exeStatic PE information: section name: .idata
          Source: file.exeStatic PE information: section name:
          Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0536441F0_2_0536441F
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0536A1B00_2_0536A1B0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053610300_2_05361030
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0536E3700_2_0536E370
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0536BD700_2_0536BD70
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0536DD480_2_0536DD48
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053698E00_2_053698E0
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05364A680_2_05364A68
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053695980_2_05369598
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_053617680_2_05361768
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_091A27F80_2_091A27F8
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 2632
          Source: file.exe, 00000000.00000002.3032535505.000000000080A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegithub.exe4 vs file.exe
          Source: file.exe, 00000000.00000002.3033379354.00000000013AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs file.exe
          Source: file.exe, 00000000.00000002.3035063096.0000000004FA0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegithub.exe4 vs file.exe
          Source: file.exeBinary or memory string: OriginalFilenamegithub.exe4 vs file.exe
          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 0.2.file.exe.800000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: 00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
          Source: file.exeStatic PE information: Section: dvpnmyli ZLIB complexity 0.9949074161862864
          Source: classification engineClassification label: mal100.troj.evad.winEXE@5/6@0/1
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnkJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7720:120:WilError_03
          Source: C:\Users\user\Desktop\file.exeMutant created: NULL
          Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\aKo7AtdK4OEvATqs
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7528
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\885930dd-e236-4c80-b0f6-153ca64a3619Jump to behavior
          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: file.exeReversingLabs: Detection: 31%
          Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
          Source: file.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
          Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
          Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 2632
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"Jump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: avicap32.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: msvfw32.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F5FB2C77-0E2F-4A16-A381-3E560C68BC83}\InProcServer32Jump to behavior
          Source: github.lnk.0.drLNK file: ..\..\..\..\..\github.exe
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: file.exeStatic file information: File size 1723904 > 1048576
          Source: file.exeStatic PE information: Raw size of dvpnmyli is bigger than: 0x100000 < 0x19c000
          Source: Binary string: e.PDBl source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Xml.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: file.exe, 00000000.00000002.3033379354.0000000001499000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdbdbib.pdb# source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\dll\mscorlib.pdbME source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.ni.pdbRSDS source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: lib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: n0C:\Windows\mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: 5c561934e089\mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: C:\Windows\dll\mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdbRSDS source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: mscorlib.pdbL}2 source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: \mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Xml.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: ile.PDB source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp, file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: o.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Xml.ni.pdbRSDS# source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: Microsoft.VisualBasic.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: %%.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Windows.Forms.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Windows.Forms.pdbxX source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp, WERB1AB.tmp.dmp.9.dr
          Source: Binary string: C:\Windows\dll\mscorlib.pdbHI source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: file.exe, 00000000.00000002.3036935350.00000000083A0000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdb] source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Management.ni.pdbRSDSJ< source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Drawing.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Management.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbH source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: mscorlib.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Management.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.pdbMZ source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: symbols\dll\mscorlib.pdbLb source: file.exe, 00000000.00000002.3036846303.000000000823A000.00000004.00000010.00020000.00000000.sdmp
          Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.ni.pdb source: WERB1AB.tmp.dmp.9.dr
          Source: Binary string: System.Core.ni.pdbRSDS source: WERB1AB.tmp.dmp.9.dr

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.800000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dvpnmyli:EW;lhlewnhz:EW;.taggant:EW; vs :ER;.rsrc:W;
          Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
          Source: file.exeStatic PE information: real checksum: 0x1ab3ef should be: 0x1adb14
          Source: file.exeStatic PE information: section name:
          Source: file.exeStatic PE information: section name: .idata
          Source: file.exeStatic PE information: section name:
          Source: file.exeStatic PE information: section name: dvpnmyli
          Source: file.exeStatic PE information: section name: lhlewnhz
          Source: file.exeStatic PE information: section name: .taggant
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_05365CB8 push eax; retf 0_2_05365CB9
          Source: file.exeStatic PE information: section name: entropy: 7.928832262074926
          Source: file.exeStatic PE information: section name: dvpnmyli entropy: 7.95384464177905

          Boot Survival

          barindex
          Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
          Uses schtasks.exe or at.exe to add and modify task schedules
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnkJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnkJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
          Tries to detect sandboxes / dynamic malware analysis system (registry check)
          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 985F31 second address: 985F44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FAD68536506h 0x0000000a jl 00007FAD68536506h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 979F05 second address: 979F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FAD6938CD1Ch 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jmp 00007FAD6938CD1Fh 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FAD6938CD1Bh 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 984F5F second address: 984F69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FAD68536506h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9852BF second address: 9852C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FAD6938CD16h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9857DE second address: 9857E3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9857E3 second address: 9857F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FAD6938CD16h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9857F1 second address: 9857F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9893F5 second address: 9893F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9893F9 second address: 98940F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jng 00007FAD68536514h 0x0000000e push eax 0x0000000f push edx 0x00000010 js 00007FAD68536506h 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98940F second address: 98942D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov edx, 50A55E00h 0x0000000c push 00000000h 0x0000000e mov ecx, dword ptr [ebp+13A82DD1h] 0x00000014 push C849453Ah 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98942D second address: 98943B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98943B second address: 98943F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98943F second address: 9894A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 add dword ptr [esp], 37B6BB46h 0x0000000e clc 0x0000000f push 00000003h 0x00000011 mov si, B912h 0x00000015 push 00000000h 0x00000017 or dx, 8446h 0x0000001c push 00000003h 0x0000001e mov edx, 577E69C1h 0x00000023 call 00007FAD68536509h 0x00000028 jmp 00007FAD6853650Eh 0x0000002d push eax 0x0000002e jmp 00007FAD68536510h 0x00000033 mov eax, dword ptr [esp+04h] 0x00000037 jmp 00007FAD6853650Eh 0x0000003c mov eax, dword ptr [eax] 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 jbe 00007FAD68536506h 0x00000047 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9894A7 second address: 9894B4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAD6938CD16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9894B4 second address: 9894D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FAD68536510h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9894D2 second address: 989541 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007FAD6938CD18h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 or dword ptr [ebp+13A81A32h], eax 0x0000002a lea ebx, dword ptr [ebp+13BFB2A2h] 0x00000030 jo 00007FAD6938CD32h 0x00000036 call 00007FAD6938CD29h 0x0000003b mov edx, ecx 0x0000003d pop ecx 0x0000003e xchg eax, ebx 0x0000003f jc 00007FAD6938CD28h 0x00000045 push eax 0x00000046 push edx 0x00000047 jo 00007FAD6938CD16h 0x0000004d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989541 second address: 989545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989545 second address: 98956D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007FAD6938CD28h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9897E6 second address: 98985C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pop eax 0x00000008 mov ecx, 69FD7F9Eh 0x0000000d push 00000003h 0x0000000f mov dh, 78h 0x00000011 mov dword ptr [ebp+13A81B10h], eax 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push ecx 0x0000001c call 00007FAD68536508h 0x00000021 pop ecx 0x00000022 mov dword ptr [esp+04h], ecx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc ecx 0x0000002f push ecx 0x00000030 ret 0x00000031 pop ecx 0x00000032 ret 0x00000033 push 00000003h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FAD68536508h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Ah 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f jnp 00007FAD68536508h 0x00000055 mov edi, eax 0x00000057 mov dword ptr [ebp+13A82DD1h], esi 0x0000005d call 00007FAD68536509h 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 98985C second address: 989860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 989860 second address: 98987C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007FAD6853650Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8EC1 second address: 9A8F12 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FAD6938CD1Eh 0x00000008 pushad 0x00000009 jo 00007FAD6938CD16h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 jmp 00007FAD6938CD1Ch 0x0000001e jmp 00007FAD6938CD29h 0x00000023 pop edi 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 jng 00007FAD6938CD16h 0x0000002e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8F12 second address: 9A8F2B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536513h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8F2B second address: 9A8F32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 96FFD1 second address: 96FFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FAD68536510h 0x00000011 jmp 00007FAD68536512h 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6FA9 second address: 9A6FAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A6FAD second address: 9A6FB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A70F3 second address: 9A70F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A70F7 second address: 9A70FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A70FD second address: 9A7121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007FAD6938CD1Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FAD6938CD20h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7121 second address: 9A7143 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FAD68536506h 0x0000000e jmp 00007FAD68536514h 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7143 second address: 9A714F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A714F second address: 9A7155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7155 second address: 9A7159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7159 second address: 9A715D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A715D second address: 9A717C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FAD6938CD23h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A717C second address: 9A7180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7180 second address: 9A7184 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7404 second address: 9A740A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A740A second address: 9A740E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A75C0 second address: 9A75E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6853650Dh 0x00000007 ja 00007FAD68536506h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007FAD68536506h 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A79E3 second address: 9A79ED instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAD6938CD1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A79ED second address: 9A7A0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 jmp 00007FAD68536515h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7A0D second address: 9A7A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7A12 second address: 9A7A18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7CF6 second address: 9A7CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A7E4B second address: 9A7E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jng 00007FAD68536506h 0x0000000c pop esi 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99E486 second address: 99E48A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BBBD second address: 97BBC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FAD68536506h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BBC9 second address: 97BBCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BBCD second address: 97BBEC instructions: 0x00000000 rdtsc 0x00000002 js 00007FAD68536506h 0x00000008 jno 00007FAD68536506h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007FAD6853650Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BBEC second address: 97BBF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BBF2 second address: 97BC16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jmp 00007FAD68536511h 0x0000000f pop edi 0x00000010 jno 00007FAD68536508h 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BC16 second address: 97BC22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FAD6938CD16h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97BC22 second address: 97BC28 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A85B4 second address: 9A85D6 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FAD6938CD16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FAD6938CD1Ch 0x0000000f pop ebx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 js 00007FAD6938CD16h 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A85D6 second address: 9A85FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6853650Ah 0x00000007 jmp 00007FAD68536515h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8774 second address: 9A8784 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FAD6938CD16h 0x0000000a ja 00007FAD6938CD16h 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8784 second address: 9A878E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A878E second address: 9A8792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8792 second address: 9A8796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9A8A50 second address: 9A8A65 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007FAD6938CD16h 0x0000000d jbe 00007FAD6938CD16h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AD423 second address: 9AD427 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AD427 second address: 9AD432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AD432 second address: 9AD43A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AD43A second address: 9AD440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AE9D9 second address: 9AE9DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9AE9DD second address: 9AE9EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FAD6938CD1Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B06A5 second address: 9B06E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD68536513h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push ecx 0x0000000f je 00007FAD68536506h 0x00000015 jmp 00007FAD68536518h 0x0000001a pop ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B06E5 second address: 9B06FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD6938CD21h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97F18E second address: 97F192 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97F192 second address: 97F1BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 pushad 0x0000000a js 00007FAD6938CD18h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007FAD6938CD24h 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 97F1BC second address: 97F1C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B3667 second address: 9B366C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B25BD second address: 9B25C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B36E0 second address: 9B36E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B36E4 second address: 9B36EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B77BA second address: 9B77BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B77BE second address: 9B77D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FAD6853650Fh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B77D7 second address: 9B7811 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FAD6938CD29h 0x0000000f jmp 00007FAD6938CD27h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7811 second address: 9B781B instructions: 0x00000000 rdtsc 0x00000002 jo 00007FAD68536506h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7C17 second address: 9B7C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7C1B second address: 9B7C3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007FAD68536506h 0x00000012 jmp 00007FAD68536512h 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B7E10 second address: 9B7E14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BA139 second address: 9BA13D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BA966 second address: 9BA9C0 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAD6938CD1Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d pushad 0x0000000e mov cx, 2F04h 0x00000012 pushad 0x00000013 jmp 00007FAD6938CD22h 0x00000018 sbb ebx, 6C92B71Fh 0x0000001e popad 0x0000001f popad 0x00000020 nop 0x00000021 pushad 0x00000022 jl 00007FAD6938CD18h 0x00000028 pushad 0x00000029 push esi 0x0000002a pop esi 0x0000002b jmp 00007FAD6938CD22h 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BA9C0 second address: 9BA9C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BADA6 second address: 9BADAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BAF10 second address: 9BAF6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD68536511h 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FAD68536508h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a xchg eax, ebx 0x0000002b jmp 00007FAD68536518h 0x00000030 push eax 0x00000031 push edx 0x00000032 push esi 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BB474 second address: 9BB478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBDF0 second address: 9BBDF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBDF4 second address: 9BBE12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD25h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBE12 second address: 9BBE87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FAD68536508h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 mov di, si 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007FAD68536508h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000014h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 pushad 0x00000045 mov dword ptr [ebp+13A82F03h], esi 0x0000004b jnc 00007FAD68536506h 0x00000051 popad 0x00000052 mov dword ptr [ebp+13A81997h], eax 0x00000058 xchg eax, ebx 0x00000059 jnp 00007FAD6853650Ah 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 je 00007FAD6853650Ch 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BBE87 second address: 9BBE8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BE542 second address: 9BE546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BE546 second address: 9BE54A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C0600 second address: 9C060A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FAD68536506h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C060A second address: 9C0688 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD23h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FAD6938CD18h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 00000014h 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 add edi, dword ptr [ebp+13A838E7h] 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push eax 0x00000031 call 00007FAD6938CD18h 0x00000036 pop eax 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc eax 0x00000044 push eax 0x00000045 ret 0x00000046 pop eax 0x00000047 ret 0x00000048 mov dword ptr [ebp+13BF8E55h], edx 0x0000004e push 00000000h 0x00000050 mov esi, dword ptr [ebp+13BF6F0Fh] 0x00000056 mov dword ptr [ebp+13A830F1h], ecx 0x0000005c push eax 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 jng 00007FAD6938CD16h 0x00000067 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C0688 second address: 9C068C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD808 second address: 9BD80D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C068C second address: 9C0692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BD80D second address: 9BD813 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C0692 second address: 9C0698 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C0698 second address: 9C069C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C1B4C second address: 9C1B51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C1B51 second address: 9C1B65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD6938CD20h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C1B65 second address: 9C1BDB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536515h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007FAD68536508h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 sub dword ptr [ebp+13C182CFh], edi 0x0000002e push 00000000h 0x00000030 mov si, 00A3h 0x00000034 call 00007FAD68536518h 0x00000039 mov esi, 114EED45h 0x0000003e pop edi 0x0000003f push 00000000h 0x00000041 mov si, 9347h 0x00000045 xchg eax, ebx 0x00000046 push ecx 0x00000047 push eax 0x00000048 push edx 0x00000049 jne 00007FAD68536506h 0x0000004f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C3AB2 second address: 9C3AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD6938CD1Eh 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C6B3B second address: 9C6B3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C7BF6 second address: 9C7BFF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C7BFF second address: 9C7C05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C7C05 second address: 9C7C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007FAD6938CD18h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 clc 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007FAD6938CD18h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 00000019h 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 mov bh, AEh 0x00000042 mov dword ptr [ebp+13A81AC1h], eax 0x00000048 push 00000000h 0x0000004a sub ebx, dword ptr [ebp+13A82A3Ah] 0x00000050 jno 00007FAD6938CD18h 0x00000056 xchg eax, esi 0x00000057 push eax 0x00000058 push edx 0x00000059 ja 00007FAD6938CD18h 0x0000005f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5DE2 second address: 9C5DE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5DE9 second address: 9C5E0B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAD6938CD23h 0x00000008 jmp 00007FAD6938CD1Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 je 00007FAD6938CD28h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5E0B second address: 9C5E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5E0F second address: 9C5E13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C5E13 second address: 9C5EAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007FAD68536508h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 movsx ebx, si 0x00000024 push dword ptr fs:[00000000h] 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 push esi 0x00000033 jg 00007FAD6853650Ch 0x00000039 pop ebx 0x0000003a mov eax, dword ptr [ebp+13A815A9h] 0x00000040 mov dword ptr [ebp+13A820C9h], edi 0x00000046 push FFFFFFFFh 0x00000048 push 00000000h 0x0000004a push eax 0x0000004b call 00007FAD68536508h 0x00000050 pop eax 0x00000051 mov dword ptr [esp+04h], eax 0x00000055 add dword ptr [esp+04h], 0000001Ch 0x0000005d inc eax 0x0000005e push eax 0x0000005f ret 0x00000060 pop eax 0x00000061 ret 0x00000062 or bh, FFFFFFD8h 0x00000065 nop 0x00000066 ja 00007FAD6853650Ah 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f jc 00007FAD6853650Ch 0x00000075 jnl 00007FAD68536506h 0x0000007b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C8BEA second address: 9C8C61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007FAD6938CD18h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 push 00000000h 0x00000024 mov edi, dword ptr [ebp+13BF7BA1h] 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007FAD6938CD18h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 call 00007FAD6938CD1Ah 0x0000004b sbb bx, 7FF1h 0x00000050 pop ebx 0x00000051 xchg eax, esi 0x00000052 push ebx 0x00000053 pushad 0x00000054 jg 00007FAD6938CD16h 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C8E93 second address: 9C8E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C8E97 second address: 9C8E9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9C9E42 second address: 9C9E48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CBC30 second address: 9CBCA2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007FAD6938CD18h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 push 00000000h 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007FAD6938CD18h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 00000018h 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 mov bl, 5Eh 0x00000042 push 00000000h 0x00000044 jmp 00007FAD6938CD27h 0x00000049 push eax 0x0000004a jl 00007FAD6938CD20h 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CEB89 second address: 9CEB9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536510h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFBB7 second address: 9CFC2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007FAD6938CD16h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 call 00007FAD6938CD29h 0x00000016 jmp 00007FAD6938CD1Ch 0x0000001b pop ebx 0x0000001c push 00000000h 0x0000001e mov bl, 61h 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007FAD6938CD18h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c sub dword ptr [ebp+13A82D0Fh], ecx 0x00000042 xchg eax, esi 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FAD6938CD1Eh 0x0000004c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFC2B second address: 9CFC2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFC2F second address: 9CFC35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFC35 second address: 9CFC45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9CFD92 second address: 9CFE1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FAD6938CD16h 0x00000009 jnl 00007FAD6938CD16h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 mov dword ptr [esp], eax 0x00000015 pushad 0x00000016 cld 0x00000017 popad 0x00000018 push dword ptr fs:[00000000h] 0x0000001f mov dword ptr [ebp+13BF8E1Dh], eax 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007FAD6938CD18h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 0000001Bh 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 mov di, ADB6h 0x0000004a mov eax, dword ptr [ebp+13A80029h] 0x00000050 mov dword ptr [ebp+13A83066h], ebx 0x00000056 push FFFFFFFFh 0x00000058 js 00007FAD6938CD1Ch 0x0000005e mov edi, dword ptr [ebp+13A832DAh] 0x00000064 nop 0x00000065 jbe 00007FAD6938CD24h 0x0000006b jmp 00007FAD6938CD1Eh 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 jno 00007FAD6938CD18h 0x00000079 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1AF3 second address: 9D1AF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1AF7 second address: 9D1B01 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FAD6938CD16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1B01 second address: 9D1B3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 movzx ebx, di 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push edx 0x00000011 call 00007FAD68536508h 0x00000016 pop edx 0x00000017 mov dword ptr [esp+04h], edx 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc edx 0x00000024 push edx 0x00000025 ret 0x00000026 pop edx 0x00000027 ret 0x00000028 push 00000000h 0x0000002a mov dword ptr [ebp+13A8391Dh], edx 0x00000030 xchg eax, esi 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pop edx 0x00000036 pop eax 0x00000037 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1B3D second address: 9D1B43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D2A8C second address: 9D2A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007FAD68536506h 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D1C8B second address: 9D1C92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D3CA3 second address: 9D3CAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FAD68536506h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D769A second address: 9D76BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD29h 0x00000007 jg 00007FAD6938CD16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D76BD second address: 9D76C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9D76C3 second address: 9D76CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FAD6938CD16h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9E5DC5 second address: 9E5DCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ED9CB second address: 9ED9F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007FAD6938CD16h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FAD6938CD2Ch 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9ED9F6 second address: 9EDA36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FAD68536506h 0x00000009 jmp 00007FAD68536516h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 jmp 00007FAD68536512h 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 pop ebx 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDA36 second address: 9EDA41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FAD6938CD16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9EDA41 second address: 9EDA67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b je 00007FAD68536521h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FAD68536513h 0x00000018 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F26BC second address: 9F26C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F26C0 second address: 9F26DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FAD68536508h 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FAD68536506h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F26DB second address: 9F26E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F26E1 second address: 9F26E6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1BEB second address: 9F1BF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1BF1 second address: 9F1BF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1BF5 second address: 9F1BFB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1D5B second address: 9F1D5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F1D5F second address: 9F1D6C instructions: 0x00000000 rdtsc 0x00000002 js 00007FAD6938CD16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F2179 second address: 9F21A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FAD6853650Ah 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 jmp 00007FAD68536516h 0x00000016 popad 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FAB5C second address: 9FABA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007FAD6938CD1Fh 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007FAD6938CD16h 0x0000001e jmp 00007FAD6938CD24h 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9455 second address: 9F945B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F945B second address: 9F945F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9729 second address: 9F972F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F972F second address: 9F9733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9733 second address: 9F975E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007FAD6853651Dh 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F98D9 second address: 9F98F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD6938CD23h 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F98F1 second address: 9F990E instructions: 0x00000000 rdtsc 0x00000002 jno 00007FAD6853650Eh 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F990E second address: 9F9916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9916 second address: 9F993C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FAD68536521h 0x0000000b jmp 00007FAD68536515h 0x00000010 jnp 00007FAD68536506h 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9AA4 second address: 9F9AA9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9AA9 second address: 9F9ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b jnl 00007FAD68536506h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9ABC second address: 9F9AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9AC4 second address: 9F9AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD68536511h 0x00000009 je 00007FAD68536506h 0x0000000f jmp 00007FAD6853650Ah 0x00000014 popad 0x00000015 ja 00007FAD6853650Eh 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9F9EE0 second address: 9F9EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FAD6938CD1Ch 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99EFA2 second address: 99EFAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 pop esi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 99EFAE second address: 99EFB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA97E second address: 9FA984 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FA984 second address: 9FA996 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FAD6938CD1Ch 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF038 second address: 9FF06C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAD68536506h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FAD68536508h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jo 00007FAD68536506h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 pop eax 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 push eax 0x00000026 jmp 00007FAD6853650Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF06C second address: 9FF071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF071 second address: 9FF07B instructions: 0x00000000 rdtsc 0x00000002 je 00007FAD6853650Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF2FB second address: 9FF302 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF302 second address: 9FF30C instructions: 0x00000000 rdtsc 0x00000002 js 00007FAD68536520h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF30C second address: 9FF327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD6938CD24h 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FF5EC second address: 9FF5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FED88 second address: 9FED92 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAD6938CD16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFA89 second address: 9FFA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFBD6 second address: 9FFBDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFBDE second address: 9FFBE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFBE4 second address: 9FFC07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FAD6938CD29h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFC07 second address: 9FFC0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFD63 second address: 9FFD67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFD67 second address: 9FFD6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFD6D second address: 9FFD93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FAD6938CD16h 0x00000009 jmp 00007FAD6938CD28h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9FFD93 second address: 9FFD97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A000A3 second address: A000A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04270 second address: A04274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04274 second address: A04278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B8F22 second address: 9B8F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B8F26 second address: 9B8F40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B8F40 second address: 9B8F5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD68536516h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B8FCA second address: 9B8FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B8FD0 second address: 9B9009 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], esi 0x0000000b mov edi, dword ptr [ebp+13A82DD1h] 0x00000011 nop 0x00000012 push edi 0x00000013 push ebx 0x00000014 jmp 00007FAD68536519h 0x00000019 pop ebx 0x0000001a pop edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jnl 00007FAD68536506h 0x00000025 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B9009 second address: 9B900D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B9332 second address: 9B933C instructions: 0x00000000 rdtsc 0x00000002 jc 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B9992 second address: 9B9997 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B9997 second address: 9B99E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jno 00007FAD6853651Bh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jmp 00007FAD68536514h 0x00000017 mov eax, dword ptr [eax] 0x00000019 pushad 0x0000001a pushad 0x0000001b jmp 00007FAD6853650Ah 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B99E2 second address: 9B99EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FAD6938CD16h 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B99EF second address: 9B9A06 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FAD6853650Ah 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04691 second address: A0469B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FAD6938CD16h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0495B second address: A0498B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAD6853650Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FAD68536516h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0498B second address: A049A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD27h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04F13 second address: A04F26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD6853650Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04F26 second address: A04F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A04F2C second address: A04F51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FAD6853650Fh 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jp 00007FAD68536508h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B6CB second address: A0B6E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 jl 00007FAD6938CD16h 0x0000000b pop esi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007FAD6938CD3Eh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B41D second address: A0B421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B421 second address: A0B427 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B427 second address: A0B431 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0B431 second address: A0B435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0E5BD second address: A0E5EB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536519h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FAD6853650Eh 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0E5EB second address: A0E612 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FAD6938CD27h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jl 00007FAD6938CD16h 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0E612 second address: A0E616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0DEC3 second address: A0DEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD6938CD29h 0x00000009 pop esi 0x0000000a jmp 00007FAD6938CD26h 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A0E2FB second address: A0E301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A13D6C second address: A13D70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A13013 second address: A13029 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007FAD68536506h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FAD68536508h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A13029 second address: A13037 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FAD6938CD18h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A13037 second address: A13041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FAD68536506h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1318E second address: A13194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A13194 second address: A131A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FAD6853650Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A131A9 second address: A131AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A131AD second address: A131EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6853650Eh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007FAD6853650Dh 0x00000012 jo 00007FAD68536519h 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1345D second address: A1347F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007FAD6938CD28h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A135C4 second address: A135C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A135C8 second address: A135D6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FAD6938CD32h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A138AF second address: A138C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jmp 00007FAD68536511h 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A138C9 second address: A138CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A17F6C second address: A17F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A17F70 second address: A17F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FAD6938CD1Dh 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007FAD6938CD24h 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1828D second address: A18291 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A18291 second address: A182B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FAD6938CD16h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FAD6938CD1Ah 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A182B3 second address: A182B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A182B7 second address: A182BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A183FC second address: A18402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A18402 second address: A1840C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1840C second address: A18422 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 js 00007FAD68536506h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007FAD68536506h 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B96A8 second address: 9B96AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9B96AC second address: 9B96BC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A188E0 second address: A188E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A188E6 second address: A188EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A188EA second address: A1890A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FAD6938CD1Fh 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1BCE1 second address: A1BCE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1BCE9 second address: A1BCED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A1BCED second address: A1BD0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536516h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007FAD68536506h 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23301 second address: A23346 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD28h 0x00000007 jns 00007FAD6938CD16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FAD6938CD22h 0x00000014 pushad 0x00000015 jmp 00007FAD6938CD1Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23346 second address: A23358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push edx 0x00000008 jc 00007FAD68536506h 0x0000000e pop edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2366E second address: A23674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23674 second address: A23683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007FAD68536506h 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A23683 second address: A23689 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27D51 second address: A27D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27D58 second address: A27D76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FAD6938CD29h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27D76 second address: A27D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26F61 second address: A26F66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A26F66 second address: A26F72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FAD68536506h 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A270BF second address: A270CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007FAD6938CD16h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A270CF second address: A270D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A270D5 second address: A270FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnl 00007FAD6938CD18h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FAD6938CD28h 0x00000012 popad 0x00000013 push edx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27246 second address: A2725E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FAD6853650Eh 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A2725E second address: A27273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD6938CD21h 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27685 second address: A27698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 ja 00007FAD6853650Eh 0x0000000b jo 00007FAD68536506h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27951 second address: A27956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A27AB0 second address: A27AD2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536517h 0x00000007 pushad 0x00000008 jnl 00007FAD68536506h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A31EFC second address: A31F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FAD6938CD16h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A31F06 second address: A31F0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32066 second address: A320B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD22h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FAD6938CD3Eh 0x0000000f jmp 00007FAD6938CD28h 0x00000014 jmp 00007FAD6938CD20h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A320B0 second address: A320B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A320B4 second address: A320C0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A320C0 second address: A320C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A320C4 second address: A320CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A320CE second address: A320DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD6853650Ch 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32651 second address: A32667 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD1Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32667 second address: A32681 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD68536516h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32681 second address: A32687 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32687 second address: A3268E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32BD1 second address: A32BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A32BD7 second address: A32BDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B18C second address: A3B1C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD20h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FAD6938CD24h 0x00000010 jmp 00007FAD6938CD1Ah 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3B1C0 second address: A3B1C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3ABCE second address: A3ABD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3ABD2 second address: A3ABDC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3ABDC second address: A3ABE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A3AE9F second address: A3AEA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 973458 second address: 97347B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FAD6938CD16h 0x0000000a jmp 00007FAD6938CD21h 0x0000000f je 00007FAD6938CD1Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A46668 second address: A4666E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A467AF second address: A467B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A467B5 second address: A467BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A467BB second address: A467C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FAD6938CD16h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A467C5 second address: A467C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4942D second address: A49441 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007FAD6938CD1Bh 0x0000000d pop eax 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FCC second address: A48FE8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FAD68536512h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FE8 second address: A48FEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A48FEC second address: A48FF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4B9D9 second address: A4B9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4B9DE second address: A4BA1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FAD68536506h 0x00000009 jmp 00007FAD68536511h 0x0000000e pushad 0x0000000f popad 0x00000010 jbe 00007FAD68536506h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FAD68536513h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4BA1B second address: A4BA2D instructions: 0x00000000 rdtsc 0x00000002 jl 00007FAD6938CD16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jng 00007FAD6938CD1Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4BA2D second address: A4BA36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A4F523 second address: A4F527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53B16 second address: A53B1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53B1B second address: A53B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53B21 second address: A53B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A53B25 second address: A53B5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD26h 0x00000007 jmp 00007FAD6938CD1Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007FAD6938CD1Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A525C8 second address: A525D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FAD68536506h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A525D2 second address: A525D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A6703B second address: A67053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FAD68536513h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A65A2D second address: A65A31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A65A31 second address: A65A49 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FAD6853650Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A65F95 second address: A65FC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FAD6938CD29h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FAD6938CD1Eh 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A66159 second address: A66167 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A66D70 second address: A66D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A69DEE second address: A69E0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FAD68536510h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A69E0D second address: A69E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FAD6938CD1Ah 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A69ACF second address: A69ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A69ADB second address: A69B04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a je 00007FAD6938CD16h 0x00000010 jmp 00007FAD6938CD21h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B32 second address: A72B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B36 second address: A72B49 instructions: 0x00000000 rdtsc 0x00000002 je 00007FAD6938CD16h 0x00000008 jnc 00007FAD6938CD16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B49 second address: A72B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FAD68536506h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A72B59 second address: A72B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75DC0 second address: A75DC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75DC7 second address: A75DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75DD4 second address: A75DE2 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ecx 0x0000000e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75BDA second address: A75BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75BE0 second address: A75C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FAD68536518h 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FAD6853650Eh 0x00000012 pop edx 0x00000013 push esi 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b jnp 00007FAD68536506h 0x00000021 jmp 00007FAD68536515h 0x00000026 push edx 0x00000027 pop edx 0x00000028 popad 0x00000029 jmp 00007FAD68536512h 0x0000002e rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A75C47 second address: A75C5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FAD6938CD1Ch 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A844B1 second address: A844C4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FAD68536506h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8B1AC second address: A8B1B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8BB1C second address: A8BB39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push ebx 0x00000008 jmp 00007FAD68536513h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8EFC4 second address: A8EFE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FAD6938CD16h 0x0000000a jmp 00007FAD6938CD1Fh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8EA5F second address: A8EA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A92D87 second address: A92D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FAD6938CD16h 0x0000000a popad 0x0000000b rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8FF8F second address: A8FF93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8FF93 second address: A8FFB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FAD6938CD28h 0x00000010 popad 0x00000011 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8FFB7 second address: A8FFBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8ED21 second address: A8ED38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FAD6938CD22h 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: A8ED38 second address: A8ED4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007FAD68536506h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCCE7 second address: 9BCCED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9BCCED second address: 9BCCFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FAD6853650Bh 0x00000009 rdtsc
          Tries to evade debugger and weak emulator (self modifying code)
          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 811A15 instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 9D9F2E instructions caused by: Self-modifying code
          Source: C:\Users\user\Desktop\file.exeMemory allocated: 51B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: 5390000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: 51B0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
          Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 4314Jump to behavior
          Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 5507Jump to behavior
          Source: C:\Users\user\Desktop\file.exe TID: 7776Thread sleep time: -25825441703193356s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\file.exe TID: 7788Thread sleep count: 4314 > 30Jump to behavior
          Source: C:\Users\user\Desktop\file.exe TID: 7788Thread sleep count: 5507 > 30Jump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: file.exe, file.exe, 00000000.00000002.3032574616.0000000000990000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
          Source: Amcache.hve.9.drBinary or memory string: VMware
          Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
          Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
          Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
          Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
          Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
          Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
          Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
          Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
          Source: Amcache.hve.9.drBinary or memory string: vmci.sys
          Source: file.exe, 00000000.00000002.3033379354.000000000144B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
          Source: Amcache.hve.9.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
          Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
          Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
          Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
          Source: Amcache.hve.9.drBinary or memory string: VMware20,1
          Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
          Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
          Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
          Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
          Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
          Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
          Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
          Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
          Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
          Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
          Source: file.exe, 00000000.00000002.3032574616.0000000000990000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
          Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Hides threads from debuggers
          Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
          Tries to detect sandboxes and other dynamic analysis tools (window names)
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
          Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
          Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
          Source: C:\Users\user\Desktop\file.exeFile opened: SICE
          Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\file.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"Jump to behavior
          Source: file.exe, 00000000.00000002.3035777047.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000053CA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>1997436
          Source: file.exe, file.exe, 00000000.00000002.3035777047.000000000547D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000053E7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: file.exe, 00000000.00000002.3035777047.000000000547D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000053E7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managert-^q
          Source: file.exe, 00000000.00000002.3035777047.000000000547D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q'PING!<Xwormmm>Program Manager<Xwormmm>0Te^qL
          Source: file.exe, 00000000.00000002.3035777047.000000000547D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000054A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @\^q@\^q'PING!<Xwormmm>Program Manager<Xwormmm>0
          Source: file.exe, 00000000.00000002.3035777047.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000053CA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: @\^q@\^q-PING!<Xwormmm>Program Manager<Xwormmm>1997436
          Source: file.exe, 00000000.00000002.3035777047.000000000547D000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000054FE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000054A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
          Source: file.exe, 00000000.00000002.3035777047.00000000054A4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q'PING!<Xwormmm>Program Manager<Xwormmm>0Te^qhPJ
          Source: file.exe, 00000000.00000002.3035777047.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.3035777047.00000000053CA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q-PING!<Xwormmm>Program Manager<Xwormmm>1997436Te^q
          Source: file.exe, 00000000.00000002.3035777047.00000000054FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q'PING!<Xwormmm>Program Manager<Xwormmm>0Te^q$
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
          Source: Amcache.hve.9.drBinary or memory string: msmpeng.exe
          Source: Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
          Source: Amcache.hve.9.drBinary or memory string: MsMpEng.exe
          Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected XWorm
          Source: Yara matchFile source: 0.2.file.exe.800000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7528, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected XWorm
          Source: Yara matchFile source: 0.2.file.exe.800000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: file.exe PID: 7528, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
          Windows Management Instrumentation          		1
          Scheduled Task/Job          		12
          Process Injection          		1
          Masquerading          		OS Credential Dumping751
          Security Software Discovery          		Remote Services1
          Archive Collected Data          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts2
          Command and Scripting Interpreter          		2
          Registry Run Keys / Startup Folder          		1
          Scheduled Task/Job          		1
          Disable or Modify Tools          		LSASS Memory2
          Process Discovery          		Remote Desktop ProtocolData from Removable Media1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          Scheduled Task/Job          		1
          DLL Side-Loading          		2
          Registry Run Keys / Startup Folder          		361
          Virtualization/Sandbox Evasion          		Security Account Manager361
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive1
          Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
          DLL Side-Loading          		12
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
          Obfuscated Files or Information          		LSA Secrets1
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
          Software Packing          		Cached Domain Credentials214
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe32%ReversingLabs
          file.exe100%AviraHEUR/AGEN.1313526
          file.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          179.43.171.2090%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          179.43.171.209true
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://upx.sf.netAmcache.hve.9.drfalse
            		high
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namefile.exe, 00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              179.43.171.209
              		unknownPanama
              		51852PLI-ASCHtrue

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1565730
              Start date and time:2024-11-30 17:19:04 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 59s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:11
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:file.exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@5/6@0/1
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 20.42.73.29
              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtDeviceIoControlFile calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtSetInformationFile calls found.
              • VT rate limit hit for: file.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              11:19:54API Interceptor2715057x Sleep call for process: file.exe modified
              11:22:11API Interceptor1x Sleep call for process: WerFault.exe modified
              16:19:56Task SchedulerRun new task: github path: C:\Users\user\AppData\Roaming\github.exe
              16:19:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnk

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              179.43.171.209file.exeGet hashmaliciousXWormBrowse

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                PLI-ASCHfile.exeGet hashmaliciousXWormBrowse
                • 179.43.171.209
                H4IoDDh3Rv.exeGet hashmaliciousAveMaria, PrivateLoader, UACMeBrowse
                • 176.223.112.134
                wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                • 179.43.171.197
                o4QEzeCniw.exeGet hashmaliciousUnknownBrowse
                • 179.43.182.252
                http://software.oldversion.com/download.php?f=YTo1OntzOjQ6InRpbWUiO2k6MTczMTQ4OTAwMjtzOjI6ImlkIjtpOjEzODk4O3M6NDoiZmlsZSI7czo0MzoicGRmY3JlYXRvci0xLTYtMi1QREZDcmVhdG9yLTFfNl8yX3NldHVwLmV4ZSI7czozOiJ1cmwiO3M6NTA6Imh0dHA6Ly93d3cub2xkdmVyc2lvbi5jb20vd2luZG93cy9wZGZjcmVhdG9yLTEtNi0yIjtzOjQ6InBhc3MiO3M6MzI6IjMwYzExNzY3MTEwNWY3MjhjYjA0YzU2ZjkzYTc1YTRjIjt9Get hashmaliciousUnknownBrowse
                • 81.17.20.50
                Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                • 179.43.180.122
                Exploit Detector LIST (2).batGet hashmaliciousUnknownBrowse
                • 179.43.180.122
                Payload 94.75 (3).225.exeGet hashmaliciousUnknownBrowse
                • 190.211.254.101
                Payload 94.75.225.exeGet hashmaliciousUnknownBrowse
                • 190.211.254.192
                file.exeGet hashmaliciousWhiteSnake StealerBrowse
                • 81.17.25.195

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_e03c1446a791a6774320993325b3bfe7a93ee1_8bc8969b_23543bc7-22dc-4eef-847c-da056f5b3b50\Report.wer

                Download File
                Process:C:\Windows\SysWOW64\WerFault.exe
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):65536
                Entropy (8bit):1.287231271048851
                Encrypted:false
                SSDEEP:192:h7xXBpZvlsyOf0BU/fI3juavt8CHzozuiFqZ24IO8HVB:9HPemBU/Yj9+i8zuiFqY4IO87
                MD5:7F052F60F822A68E76607F33E4FEF5E9
                SHA1:09AAE9D84378C720BDD1B8CC6DB3891C2AC85234
                SHA-256:D70B1B9E930D6172B6FE18438D44F057F47F4E74710B2D7035DB2492B868CF17
                SHA-512:772077CAB1E436AB85D802830D7690EFFC78717AB653CBA6D9CD74314E0A2B386C82F039FB25D66A711B6D40D13774980937B5035C1B2F84DFAEF43D8E8C3EB1
                Malicious:true
                Reputation:low
                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.4.5.7.3.0.4.2.2.4.6.1.5.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.4.5.7.3.0.5.5.0.5.8.6.7.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.3.5.4.3.b.c.7.-.2.2.d.c.-.4.e.e.f.-.8.4.7.c.-.d.a.0.5.6.f.5.b.3.b.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.6.4.8.b.7.e.d.-.d.2.5.0.-.4.9.8.9.-.b.d.7.8.-.5.9.5.d.3.c.2.8.e.f.1.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.g.i.t.h.u.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.6.8.-.0.0.0.1.-.0.0.1.4.-.4.1.6.d.-.3.0.b.0.4.3.4.3.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.d.b.1.f.5.e.c.8.4.6.3.4.e.a.0.3.a.7.9.a.6.5.e.9.8.c.e.4.7.d.0.a.0.0.0.0.0.0.0.0.!.0.0.0.0.9.6.b.5.8.d.8.9.d.d.f.e.d.d.a.3.d.c.8.d.a.e.b.b.4.3.9.1.a.b.e.4.0.8.4.3.2.5.3.e.!.f.i.l.

                C:\ProgramData\Microsoft\Windows\WER\Temp\WERB1AB.tmp.dmp

                Download File
                Process:C:\Windows\SysWOW64\WerFault.exe
                File Type:Mini DuMP crash report, 14 streams, Sat Nov 30 16:21:44 2024, 0x1205a4 type
                Category:dropped
                Size (bytes):514162
                Entropy (8bit):2.761887453438018
                Encrypted:false
                SSDEEP:3072:Y6gYfZh78I4uEq2EELTgkt/7yYrT2xTM0NBTr:rPP8I4lE6TgS/7yYri
                MD5:1ADFD95264F08C0814120AFADD0042DA
                SHA1:7E056964E5D5D3BDE68FBFD170812BD37D2FEA90
                SHA-256:D3738C75C5973AA1A03E3E0F08AE5F5E8C3ADC7AC526D411BB10EF9534AF9020
                SHA-512:159F0386A6FD4441804BD596E3A431BE9EE8D85BC4B65DEB7727CCDE631C88B19E1148862EB9CF9C2F34C9C5F22EFCEBD786A252C68DEFC9F304124704ECE7EE
                Malicious:false
                Reputation:low
                Preview:MDMP..a..... ........;Kg............D...........$%..L.......$+.............T.......8...........T...........HY..*...........p4..........\6..............................................................................eJ.......6......GenuineIntel............T.......h...);Kg....1........................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                C:\ProgramData\Microsoft\Windows\WER\Temp\WERB5C3.tmp.WERInternalMetadata.xml

                Download File
                Process:C:\Windows\SysWOW64\WerFault.exe
                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):8390
                Entropy (8bit):3.6911639209534237
                Encrypted:false
                SSDEEP:192:R6l7wVeJ4CH6vOwe6Y9kSUd+zgmfZDR2prl89bH4jsfaVlOm:R6lXJP6v46Y+SUd+zgmf7pH4Ifa/X
                MD5:DF8621B40975DAE735DAF9838AAA7064
                SHA1:4393D7C94260278D79B4821FAED5065789FBCB78
                SHA-256:9CCE4A67E7DB76C5634AC6A0F423F52A6B2EC5220D30198830B5197F95566E35
                SHA-512:F59AF4F8705AC55FAC3DD7C255D01215A892C529BD6A1C188F8150AF974CE53E1C28A0A1B385C383741A4EDE590FE1EC823AEE8E8883DD48EC172D4519E02873
                Malicious:false
                Reputation:low
                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.2.8.<./.P.i.

                C:\ProgramData\Microsoft\Windows\WER\Temp\WERB5F3.tmp.xml

                Download File
                Process:C:\Windows\SysWOW64\WerFault.exe
                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):4710
                Entropy (8bit):4.434149525201229
                Encrypted:false
                SSDEEP:48:cvIwWl8zsZ4Jg77aI94zWpW8VY/Ym8M4JR6xFV+q8vN6GKyGeTNd:uIjfwI7aC7VzJ4ZKEGKleTNd
                MD5:7D0D91C323C8BE71AF57C7B2481E342A
                SHA1:1C78F64AED70F4C932798C76DDDAEFBDFD237022
                SHA-256:4186A6C11FC87870646DF63718E17D9B11142FE2E9E360C45D7DA07717A85D72
                SHA-512:E7A16E43D032B12FA583C8B812E0D8069BAF26EBFE0D45AF85C8536541FC8486C38A64404C49FCBFF4A4D7C09B0B4743A324DF18928308296C765420DB7FE1D6
                Malicious:false
                Reputation:low
                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="611004" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\github.lnk

                Download File
                Process:C:\Users\user\Desktop\file.exe
                File Type:MS Windows shortcut, Item id list present, Has Relative path, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                Category:dropped
                Size (bytes):806
                Entropy (8bit):3.0313025183053437
                Encrypted:false
                SSDEEP:12:8gl0hsXowAOcQ/tz0/CSLS0KvEAIeEAwgTCNfBT/v4t2YZ/elFlSJm:8iLDWL2vLXLwVpdqy
                MD5:62E1588ED39BC434699F221C98E7F416
                SHA1:2453CC7C2512ACA85F49AEF138F12C4CA77E9E1E
                SHA-256:F05794F6003167AE87863074F82A3CB39087CA01617FD4F95E2A22BF9AD5D459
                SHA-512:6EFF872D3DA31495A3FCA14FF64C18018691CCD3180B7BBD4FF505247787A42B96FE33F2197AFB40F6D7A54ABAF644334843504C9DD0FD182CB9CCA3C9FEEBA6
                Malicious:false
                Reputation:low
                Preview:L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....`.2...........github.exe..F............................................g.i.t.h.u.b...e.x.e.............\.....\.....\.....\.....\.g.i.t.h.u.b...e.x.e.............y.............>.e.L.:..er.=y...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.................

                C:\Windows\appcompat\Programs\Amcache.hve

                Download File
                Process:C:\Windows\SysWOW64\WerFault.exe
                File Type:MS Windows registry file, NT/2000 or above
                Category:dropped
                Size (bytes):1835008
                Entropy (8bit):4.465471114235031
                Encrypted:false
                SSDEEP:6144:LIXfpi67eLPU9skLmb0b4bWSPKaJG8nAgejZMMhA2gX4WABl0uNPdwBCswSby:MXD94bWlLZMM6YFH1+y
                MD5:C7C8F5DF9FD6FEE76D89F33550F851AF
                SHA1:BBE95A9A2889290D45B58986929BAE7AAF5AA498
                SHA-256:A93A933615146DD3A0FD4A2373AC000D26990027BA60E2C4DBBB4FECEF69B83F
                SHA-512:6E8BA170DB9DF73EFD5ADCE4A1C8BE495689B72E130956E5D185BC966A58538975AF3DC076899D70AF363D2A9D046763FD5866AFA9EB97DBE000CD0F803B7E76
                Malicious:false
                Reputation:low
                Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmJs..CC..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                Static File Info

                General

                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                Entropy (8bit):7.9350018891587055
                TrID:
                • Win32 Executable (generic) a (10002005/4) 99.96%
                • Generic Win/DOS Executable (2004/3) 0.02%
                • DOS Executable Generic (2002/1) 0.02%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:file.exe
                File size:1'723'904 bytes
                MD5:7ac5198e128deda55eeeb6ccfc8b57ea
                SHA1:96b58d89ddfedda3dc8daebb4391abe40843253e
                SHA256:887a2e09a1e373ad3f5224a8464b0e5b4ebe4a344958c2d9c91cbd42a54f1241
                SHA512:806e4cbf2b47aff1e0bfb89fa13d55d10290c4cabb97e675808f3dbdcb7633d8fd97fc10619efd1c0ee8d11a0c15c0604ccfc32d9a60979542a5235087127818
                SSDEEP:49152:KQ4SuBDQC/lhGT3uXQqxxi0se9ZqMUO7kF:2S8QilVXBwgq
                TLSH:7B8533421A25B076C4B99AFF1346C3B0889972D19162A73BBEC9772C9B435DD73C2CE1
                File Content Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r0Kg.................~........... D.. ........@.. .......................`D...........@................................

                File Icon

                Icon Hash:90cececece8e8eb0

                Static PE Info

                General

                Entrypoint:0x842000
                Entrypoint Section:.taggant
                Digitally signed:false
                Imagebase:0x400000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                DLL Characteristics:DYNAMIC_BASE
                Time Stamp:0x674B3072 [Sat Nov 30 15:34:10 2024 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:4
                OS Version Minor:0
                File Version Major:4
                File Version Minor:0
                Subsystem Version Major:4
                Subsystem Version Minor:0
                Import Hash:2eabe9054cad5152567f0699947a2c5b

                Entrypoint Preview

                Instruction
                jmp 00007FAD68512A6Ah
                cvttps2pi mm3, qword ptr [edx]
                add byte ptr [eax], al
                add byte ptr [eax], al
                add cl, ch
                add byte ptr [eax], ah
                add byte ptr [eax], al
                add byte ptr [eax], cl
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [edx], ah
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [esi], al
                or al, byte ptr [eax]
                add byte ptr [ecx], al
                or al, byte ptr [eax]
                add byte ptr [0000000Ah], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [edx+ecx], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add dword ptr [eax+00000000h], eax
                add byte ptr [eax], al
                adc byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add eax, 0000000Ah
                add byte ptr [eax], al
                add byte ptr [eax], dh
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [eax], al
                add byte ptr [edi], bl
                add byte ptr [eax+000000FEh], ah

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0xc0550x69.idata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x438.rsrc
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0xc1f80x8.idata
                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                0x20000x80000x400055c153089f9a7a78462ab56439b612f1False0.98553466796875data7.928832262074926IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .rsrc0xa0000x4380x40099ed269b050e92fb505662e7e6fedeb3False0.5791015625data4.924615289563029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .idata 0xc0000x20000x200ef799d04f0bcc64d595195637d8ea585False0.1484375data0.9342685949460681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                0xe0000x2960000x2003262c01ac9917ea82b264fa0ea117009unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                dvpnmyli0x2a40000x19c0000x19c0008d6c99c8db547d9cd0564b159d05143fFalse0.9949074161862864data7.95384464177905IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                lhlewnhz0x4400000x20000x400684b11b2f8e2f5387216d33c1e1e4b6aFalse0.7861328125data6.145502119326234IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                .taggant0x4420000x40000x2200de3ab96900c192c50dee7304fb69fbeaFalse0.06364889705882353DOS executable (COM)0.795610140776652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                Resources

                NameRVASizeTypeLanguageCountryZLIB Complexity
                RT_VERSION0x43fc3c0x244data0.4706896551724138
                RT_MANIFEST0x43fe800x152ASCII text, with CRLF line terminators0.6479289940828402

                Imports

                DLLImport
                kernel32.dlllstrcpy

                Network Behavior

                Suricata IDS Alerts

                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                2024-11-30T17:20:08.583016+01002855924ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:09.010710+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:09.245403+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:19.643363+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:19.645453+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:22.214594+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:22.214594+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:30.299793+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:30.302783+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:40.975938+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:40.977605+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:51.611824+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:51.614357+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:52.221493+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:52.221493+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:57.300061+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:57.390071+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:57.501283+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:57.510176+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:57.702545+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:57.801462+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:57.836221+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:57.921504+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:58.523684+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:58.614643+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:58.726283+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:58.846503+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:58.927385+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:59.175390+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:59.253649+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:59.429051+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:59.500582+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:59.826371+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:20:59.872423+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:20:59.992727+01002853193ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:00.220954+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:00.234009+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:00.496387+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:00.572970+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:00.616370+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:00.684049+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:00.771455+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:00.817675+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:00.949361+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:01.674936+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:01.705483+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:01.876034+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:01.917490+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:02.026735+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:02.039160+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:02.150407+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:02.163768+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:02.475069+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:02.518922+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:02.716808+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:02.765160+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:02.798538+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:03.004746+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:03.008842+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:03.280556+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:03.283530+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:03.452108+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:03.525261+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:03.525609+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:03.606363+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:03.609512+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:03.939473+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:04.082277+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:04.202510+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:04.835903+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:04.838588+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:05.283334+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:05.284859+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:05.587885+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:05.788977+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:05.822962+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:06.002525+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:06.129911+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:06.144230+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:06.248777+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:06.248891+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:06.311705+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:06.470566+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:06.471938+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:07.157688+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:07.160354+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:07.358637+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:07.366014+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:08.122943+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:08.308332+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:08.364889+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:08.365000+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:08.391474+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:08.432265+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:08.485097+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:08.676654+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:08.878075+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:09.208438+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:09.209974+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:09.350039+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:09.352971+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:09.538230+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:09.677063+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:09.809514+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:09.945229+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:09.946512+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:10.135086+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:10.537834+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:10.722492+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:10.814591+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:10.848447+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:11.139281+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:11.300906+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:11.387887+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:11.420972+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:11.689039+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:11.690327+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:11.977024+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:12.143642+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:12.276870+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:12.278225+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:12.599489+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:12.727657+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:12.864702+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:12.866430+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:13.468252+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:13.470601+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:13.793135+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:13.877828+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:13.914209+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:14.137117+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:14.203520+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:14.235993+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:14.265497+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:14.338261+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:14.431464+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:14.990310+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:15.012562+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:15.219611+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:15.337206+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:15.339581+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:15.792336+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:15.821799+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:16.047084+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:16.064012+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:16.265635+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:16.288236+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:16.489747+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:16.505748+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:16.586999+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:16.610277+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:16.610319+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:16.632546+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:16.706993+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:16.943682+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:17.192697+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:17.280955+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:18.019409+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:18.026519+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:18.173412+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:18.176484+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:18.347796+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:18.348419+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:18.989897+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:18.991945+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:19.271106+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:19.280058+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:19.581049+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:19.641471+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:19.835968+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:19.956405+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:20.768322+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:20.915720+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:20.968158+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:21.045838+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:21.091430+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:21.169534+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:21.341476+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:21.673838+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:21.749806+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:21.950021+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:22.072285+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:22.151360+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:22.235529+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:22.498972+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:22.553728+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:22.678499+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:23.131037+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:23.936828+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:23.986641+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:24.138116+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:24.189533+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:24.428499+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:24.583203+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:24.784286+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:24.875730+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:25.035670+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:25.038643+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:25.226072+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:25.331980+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:25.359924+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:25.499508+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:25.653275+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:25.672941+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:26.659268+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:26.734380+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:26.810089+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:26.854602+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:27.055801+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:27.151493+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:27.423442+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:27.425408+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:27.594974+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:28.063602+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:28.072836+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:28.295589+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:28.385566+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:28.385826+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:28.417526+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:28.508667+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:28.601560+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:30.012362+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:30.013234+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:30.260786+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:30.341052+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:30.341553+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:30.582762+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:30.583589+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:30.749619+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:30.993442+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.037548+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:31.247616+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.331551+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:31.365092+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.566902+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.570138+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:31.654341+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.686962+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:31.771208+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.806953+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:31.888216+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:31.892544+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:32.008185+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.015911+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:32.107607+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.356718+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.422992+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.423040+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:32.543451+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.664643+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.744366+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.745550+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:32.945541+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:32.964190+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:33.046171+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:33.165624+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:33.408710+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:33.474752+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:33.652707+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:33.730183+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:33.853771+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:33.931303+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.052507+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.114406+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:34.273089+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.292710+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:34.373996+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.494034+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.498249+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:34.615675+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.619590+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:34.699343+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.739784+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:34.819404+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.937354+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:34.984099+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:35.146673+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.185318+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.185386+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:35.305420+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:35.319611+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.386456+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.386537+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:35.467917+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.587596+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.822725+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:35.891457+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:36.222520+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:36.300524+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:36.501709+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:36.510442+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:36.741127+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:36.754633+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:36.904853+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:36.984703+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:36.984767+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:37.067523+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:37.078518+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:37.185877+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:37.192653+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:37.407888+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:37.471596+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:37.670526+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:37.682296+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:37.793084+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:37.907377+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:38.681967+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:38.825002+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:38.915611+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:39.373600+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:39.451317+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:39.496390+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:39.615783+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:39.616607+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:39.693286+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:39.779486+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:39.817684+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:39.894018+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:39.895566+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:39.940572+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:40.143981+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:40.158851+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:40.264621+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:40.351694+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:40.388721+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:40.472045+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:41.811656+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:41.814292+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:42.012797+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:42.013577+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:42.576102+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:42.619959+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:42.697012+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:42.740975+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:42.820984+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:42.861091+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:42.942147+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:43.062207+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:43.142475+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:43.143783+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:43.368377+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:43.383783+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:43.816319+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:43.829587+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:44.030788+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:44.056667+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:44.154611+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:44.300168+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:44.866152+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:44.948367+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:44.948422+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:21:45.069032+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:45.451221+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:52.236844+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:21:52.236844+01002852874ETPRO MALWARE Win32/XWorm CnC PING Command Inbound M21179.43.171.2097000192.168.2.449730TCP
                2024-11-30T17:22:12.165081+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449730179.43.171.2097000TCP
                2024-11-30T17:22:12.887645+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1179.43.171.2097000192.168.2.449730TCP

                Network Port Distribution

                TCP Packets

                TimestampSource PortDest PortSource IPDest IP
                Nov 30, 2024 17:19:57.577586889 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:19:57.701719046 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:19:57.701924086 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:19:57.839016914 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:19:57.964528084 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:08.583015919 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:08.709357977 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:09.010710001 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:09.065313101 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:09.245403051 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:09.366086960 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:19.222011089 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:19.342288017 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:19.643362999 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:19.645452976 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:19.765765905 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:22.214593887 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:22.255938053 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:29.878207922 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:29.998410940 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:30.299793005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:30.302783012 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:30.422804117 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:40.534327984 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:40.660999060 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:40.975938082 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:40.977605104 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:41.097594023 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:51.190617085 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:51.310652971 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:51.611824036 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:51.614356995 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:51.735913038 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:52.221493006 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:52.268562078 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:56.878978014 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:56.998909950 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:56.999001026 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.182224989 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.269470930 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.300060987 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.346663952 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.389451981 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.390070915 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.501282930 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.510123014 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.510175943 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.634987116 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.702544928 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.753055096 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.801461935 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.836220980 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.877908945 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:57.921432018 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:57.921504021 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.041939974 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.042668104 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.162928104 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.300704002 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.425280094 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.488316059 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.523684025 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.565395117 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.614597082 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.614643097 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.726283073 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.726334095 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.735033989 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.846451998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.846503019 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.927385092 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.927449942 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:58.967267036 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:58.967317104 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.047419071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.047470093 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.087462902 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.087507010 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.168067932 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.175390005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.221646070 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.251477957 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.253648996 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.377053022 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.377172947 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.429050922 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.471666098 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.500423908 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.500581980 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.578430891 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.624973059 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.625102043 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.672741890 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.721709013 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.751588106 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.751879930 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.826370955 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.872083902 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.872422934 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:20:59.992470980 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:20:59.992727041 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.113028049 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.113466024 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.220953941 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.233896971 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.234009027 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.353967905 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.354017973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.422310114 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.477452993 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.496387005 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.572969913 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.573021889 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.616309881 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.616369963 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.684048891 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.694207907 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.736346006 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.737282038 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.771455050 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.817675114 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.891750097 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:00.940407991 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:00.949361086 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.069854021 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.253633022 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.373909950 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.409468889 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.531256914 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.585094929 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.674936056 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.675124884 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.705051899 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.705482960 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.796308041 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.796365976 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:01.825531960 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.876034021 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.916980982 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:01.917490005 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.026735067 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.026782036 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.039064884 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.039160013 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.150407076 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.150573015 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.150729895 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.163641930 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.163768053 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.273921967 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.274050951 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.286483049 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.352132082 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.394068003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.397491932 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.475069046 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.477770090 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.517486095 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.518922091 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.597280979 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.597781897 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.640053034 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.640331984 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.716808081 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.716886997 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.765108109 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.765160084 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.798537970 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.798599958 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.883435965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.883481026 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:02.891995907 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:02.925041914 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.004745960 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.008769035 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.008841991 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.128825903 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.128879070 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.248820066 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.280555964 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.283529997 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.450207949 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.452107906 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.525260925 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.525609016 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.606363058 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.609512091 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.699460030 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.726281881 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.729460001 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:03.831057072 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:03.939472914 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.059382915 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.082277060 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.202447891 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.202510118 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.322628975 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.322681904 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.442656994 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.442707062 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.564346075 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.564388037 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.687771082 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.835902929 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:04.838587999 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:04.958686113 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.034487009 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.082154989 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.143563986 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.154576063 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.154649019 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.276478052 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.283334017 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.284858942 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.447674990 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.581449986 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.587884903 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.701514006 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.701746941 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.788976908 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.789041042 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.822797060 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.822962046 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:05.910151005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:05.943064928 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.002525091 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.003144026 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.129868984 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.129910946 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.144229889 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.248776913 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.248891115 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.311467886 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.311705112 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.373995066 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.431710005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.470566034 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.471937895 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.639494896 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.639642000 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.759629011 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:06.759722948 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:06.879834890 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.157687902 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.160353899 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:07.280440092 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.358637094 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.366014004 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:07.481894970 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.489166021 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.489259958 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:07.616039991 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.616096973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:07.741647005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.745515108 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:07.865649939 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.865808964 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:07.986885071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:07.986943960 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.107192039 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.107291937 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.122942924 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.267611980 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.271437883 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.271588087 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.308331966 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.308407068 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.364888906 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.365000010 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.391428947 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.391474009 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.432265043 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.484934092 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.485096931 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.511378050 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.565936089 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.605087042 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.605158091 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.676654100 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.676940918 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.727776051 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.727824926 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.801342010 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.850678921 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.862799883 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:08.878074884 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:08.940469980 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.027586937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.027628899 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.148642063 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.208437920 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.209974051 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.337083101 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.350039005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.352971077 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.523488998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.523547888 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.538229942 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.641495943 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.644023895 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.644083977 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.677062988 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.807532072 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.809514046 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:09.933784962 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.945229053 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:09.946511984 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.111525059 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.111814022 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.135086060 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.231833935 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.231904984 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.270443916 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.395503998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.395615101 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.521217108 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.523699045 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.537833929 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.643559933 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.687433958 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.687555075 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.722491980 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.814327955 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.814590931 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.848447084 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.940429926 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:10.979450941 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:10.979501963 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.015749931 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.099632978 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.099677086 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.139281034 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.237317085 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.267451048 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.267503977 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.300905943 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.346709967 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.387583017 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.387887001 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.420972109 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.534241915 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.555485964 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.555532932 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.675654888 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.689038992 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.690326929 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.855529070 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.855592012 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.976038933 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:11.976134062 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:11.977024078 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.034183025 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.143450975 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.143641949 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.263664961 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.276870012 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.278224945 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.443538904 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.443605900 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.464962959 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.534179926 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.563771009 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.563816071 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.599488974 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.643558979 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.727530003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.727657080 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:12.849040985 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.864701986 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:12.866430044 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.031511068 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.031583071 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.151743889 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.151846886 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.271774054 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.347090006 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.468251944 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.468302011 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.470541000 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.470601082 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.591784954 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.591855049 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.593750954 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.669414997 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.669508934 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.711750031 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.713500977 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.791722059 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.791790962 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.793134928 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.846688986 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.877623081 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.877827883 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:13.913346052 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:13.914208889 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.034203053 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.034890890 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.034980059 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.137116909 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.137181044 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.203454971 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.203520060 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.235992908 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.263784885 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.265496969 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.331156015 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.338260889 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.431416988 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.431463957 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.465049982 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.465096951 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.555372953 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.555421114 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.580652952 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.639770985 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.639828920 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.677324057 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.759757042 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.759807110 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.883151054 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:14.883197069 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:14.990309954 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.012516975 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.012562037 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.135983944 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.218111038 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.219610929 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.337205887 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.337518930 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.339504957 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.339581013 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.456594944 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.457444906 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.459467888 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.459517956 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.579469919 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.579514027 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.699464083 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.701735973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.792335987 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.821748018 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.821799040 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:15.941682100 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:15.941816092 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.047084093 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.047146082 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.063955069 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.064012051 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.167992115 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.168045044 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.185589075 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.265635014 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.265691042 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.288192034 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.288235903 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.385592937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.385638952 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.408155918 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.489747047 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.505703926 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.505748034 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.586998940 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.610276937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.610318899 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.632505894 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.632545948 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.706993103 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.734307051 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.755551100 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:16.846694946 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:16.943681955 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:17.033792973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:17.192697048 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:17.280955076 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:17.400904894 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:17.400957108 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:17.526258945 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:17.597351074 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:17.717329979 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:17.717525959 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:17.844316959 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:17.845530987 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:17.972089052 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.019408941 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.026519060 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:18.146420002 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.173412085 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.176484108 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:18.347495079 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.347795963 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.348418951 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:18.470509052 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.566168070 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:18.688709021 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.849167109 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:18.970026970 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.989897013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:18.991945028 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:19.159451962 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.159545898 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:19.271106005 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.271163940 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:19.280006886 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.280057907 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:19.398488998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.406764984 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.581048965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.641470909 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:19.768414974 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.828824043 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.835968018 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:19.956355095 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:19.956404924 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.077833891 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.347217083 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.467251062 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.469526052 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.589545965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.589637041 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.714482069 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.717540979 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.768321991 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.809371948 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.843858957 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.843955994 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:20.915719986 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.968091011 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:20.968158007 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.045838118 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.091387987 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.091429949 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.169533968 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.169611931 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.217494965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.217550993 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.292007923 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.295455933 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.295799017 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.341356993 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.341475964 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.415640116 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.434271097 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.507558107 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.507853985 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.627867937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.628005981 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.673837900 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.677768946 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.748718023 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.749805927 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.798662901 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.799089909 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.829225063 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.911401033 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.911763906 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:21.920960903 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:21.950021029 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.072284937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.072722912 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.151360035 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.151694059 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.235466003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.235528946 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.271759033 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.273663044 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.331083059 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.352432013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.352478981 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.403429985 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.477165937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.498971939 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.553728104 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.620305061 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.643589973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:22.678498983 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:22.831082106 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.131036997 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.250915051 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.250962019 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.370897055 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.370949030 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.491168976 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.491247892 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.611238956 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.611449957 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.737853050 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.737896919 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.863898993 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.864056110 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:23.936827898 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.986584902 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:23.986640930 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.106966019 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.107089043 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.138115883 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.141526937 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.187933922 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.189532995 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.261490107 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.261691093 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.308348894 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.381822109 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.381877899 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.428498983 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.583203077 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.583270073 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.709180117 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.709245920 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.784286022 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.784341097 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.875494957 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.875730038 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.904870987 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:24.904928923 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:24.996181965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.025243044 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.035670042 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.038642883 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.211431026 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.211560965 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.226072073 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.331918001 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.331979990 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.359924078 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.481514931 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.499429941 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.499507904 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.533282042 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.620476007 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.643589973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.653275013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.672940969 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.839483976 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:25.839612961 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:25.959650993 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.238101006 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.358089924 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.358185053 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.481405020 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.487737894 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.608438969 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.608493090 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.659267902 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.734328032 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.734380007 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.810089111 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.854549885 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.854602098 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.935519934 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.935595036 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:26.974497080 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:26.974714994 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.055546999 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.055628061 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.055800915 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.143594027 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.151427031 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.151493073 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.175748110 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.175792933 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.273525000 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.273694038 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.393656969 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.423441887 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.425407887 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.587435007 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.587498903 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.594974041 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.643595934 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.707567930 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.707617044 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.827538013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.827668905 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:27.948021889 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:27.948086023 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.063601971 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.063846111 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.072571993 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.072835922 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.184221983 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.237025976 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.292218924 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.295588970 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.385565996 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.385826111 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.415618896 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.417526007 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.506531954 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.508666992 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.599508047 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:28.601560116 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:28.722161055 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:29.588907957 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:29.710875988 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:29.710920095 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:29.831629038 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:29.831693888 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:29.957403898 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.012362003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.013233900 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.137454033 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.137506962 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.258353949 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.258611917 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.260786057 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.341052055 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.341552973 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.423444986 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.425546885 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.463677883 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.548201084 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.582762003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.583589077 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.749619007 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.749675035 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.911438942 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.913532972 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:30.993442059 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:30.993494987 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.036310911 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.037548065 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.120279074 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.120330095 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.163675070 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.165535927 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.243037939 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.245544910 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.247616053 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.293652058 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.331504107 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.331551075 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.365092039 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.365370035 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.365544081 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.448750019 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.448798895 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.453077078 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.453182936 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.485822916 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.566901922 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.566977024 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.569937944 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.570137978 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.574227095 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.654340982 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.686893940 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.686961889 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.690097094 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.771208048 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.771265984 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.806898117 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.806952953 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.888216019 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.889544964 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.892482042 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:31.892544031 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:31.927551985 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.008184910 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.008266926 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.015866041 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.015911102 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.019325018 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.107606888 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.107717991 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.221811056 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.221863031 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.222367048 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.254878044 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.255089045 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.342175961 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.342233896 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.356718063 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.422991991 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.423039913 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.523413897 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.523466110 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.543113947 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.543451071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.591100931 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.664643049 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.665558100 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.744365931 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.745549917 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.835438013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.837543964 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.844774008 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.871295929 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.873543978 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.945540905 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.945589066 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:32.964126110 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:32.964190006 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.000113964 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.000159979 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.046170950 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.090923071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.090976000 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.165623903 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.165694952 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.273516893 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.273669958 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.347404957 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.347460985 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.393644094 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.408710003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.408777952 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.474685907 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.474751949 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.575428963 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.575521946 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.594624996 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.594857931 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.643604040 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.652707100 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.655553102 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.730182886 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.730268955 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.823401928 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.823457956 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.851092100 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.853770971 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.931303024 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.931380987 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:33.991420984 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:33.991481066 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.052506924 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.052552938 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.052826881 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.114244938 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.114406109 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.172564983 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.172621965 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.234405041 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.273088932 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.292623043 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.292710066 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.373996019 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.374047041 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.414328098 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.415586948 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.494034052 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.498039007 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.498249054 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.539397955 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.615674973 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.615730047 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.618292093 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.619590044 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.699342966 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.699846029 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.736011028 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.739784002 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.739991903 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.819403887 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.819487095 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.819793940 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.861835003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.861881971 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:34.937354088 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.940162897 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.984003067 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:34.984098911 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.020936012 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.143611908 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.146672964 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.146738052 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.185317993 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.185385942 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.305372953 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.305419922 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.319611073 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.319838047 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.386456013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.386537075 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.439901114 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.440148115 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.467916965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.532830954 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.551466942 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.551528931 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.560246944 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.587595940 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.587661982 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.707591057 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.707653999 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:35.822725058 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.891407013 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:35.891457081 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.016129971 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.016313076 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.023798943 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.143640041 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.179426908 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.179533005 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.222520113 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.223922968 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.300465107 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.300523996 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.337441921 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.337539911 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.387440920 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.387523890 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.423182964 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.463141918 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.463401079 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.501708984 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.510385036 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.510442019 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.583393097 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.583446980 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.630656004 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.703610897 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.741127014 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.754632950 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.904853106 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.904936075 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:36.984703064 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:36.984766960 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.067466021 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.067523003 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.078517914 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.105854988 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.105916023 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.185877085 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.185945034 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.192594051 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.192652941 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.232749939 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.407887936 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.471535921 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.471596003 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.591864109 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.670526028 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.682296038 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:37.793083906 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.809226036 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:37.907377005 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.030149937 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.254265070 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.380790949 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.380887032 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.501065969 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.501183987 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.623296976 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.623356104 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.681967020 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.682027102 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.748140097 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.748182058 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.806438923 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.806615114 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.825001955 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.825057030 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.915476084 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.915611029 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.928985119 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.929040909 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:38.933337927 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:38.933418989 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.038111925 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.052165031 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.052411079 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.057063103 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.129816055 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.129889965 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.172375917 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.175029993 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.239371061 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.239424944 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.249820948 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.249924898 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.295047998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.370856047 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.370913029 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.370959997 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.373600006 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.451086998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.451317072 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.496390104 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.496445894 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.615478992 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.615782976 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.616466045 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.616606951 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.693285942 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.693352938 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.779444933 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.779485941 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.814275026 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.814326048 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.817683935 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.894017935 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.895565987 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:39.939764977 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:39.940572023 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:40.063180923 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:40.143980980 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:40.158850908 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:40.264621019 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:40.331140995 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:40.351439953 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:40.351694107 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:40.388720989 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:40.440520048 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:40.471816063 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:40.472044945 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:40.591981888 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:41.363078117 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:41.483522892 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:41.483836889 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:41.629687071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:41.811655998 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:41.814291954 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:41.939143896 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.012797117 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.013576984 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.133666039 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.133714914 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.253612995 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.253757000 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.373953104 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.375606060 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.495769024 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.499768972 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.576102018 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.576159000 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.619700909 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.619959116 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.697011948 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.697241068 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.740923882 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.740974903 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.820983887 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.821145058 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.860965967 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.861090899 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:42.941164017 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.942147017 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:42.942212105 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.023433924 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.023668051 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.062206984 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.062236071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.142474890 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.142548084 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.143732071 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.143783092 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.262505054 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.262628078 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.263753891 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.368376970 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.369302988 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.382853031 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.383783102 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.489665985 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.489852905 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.504205942 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.583955050 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.584002972 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.614947081 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.615000010 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.690834999 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.709553003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.709600925 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.738415003 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.738456011 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.816318989 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.816402912 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.829541922 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.829586983 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.858372927 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.858542919 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.910795927 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.910865068 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.936407089 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.936578989 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:43.949737072 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.978538036 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:43.978583097 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.030787945 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.030855894 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.030888081 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.056612968 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.056667089 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.098795891 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.098890066 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.150743961 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.150793076 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.154611111 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.224184990 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.224251986 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.232139111 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.300168037 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.300261021 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.425527096 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.425601959 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.544764996 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.544821024 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.626744032 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.626861095 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.746854067 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.747287989 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.866152048 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.866240978 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:44.948367119 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:44.948421955 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:45.068799019 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:45.069031954 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:45.187438965 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:45.187484026 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:45.451220989 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:45.645545006 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:21:52.236844063 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:21:52.284293890 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:22:12.165081024 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:22:12.459487915 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:22:12.460537910 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:22:12.586471081 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:22:12.824214935 CET497307000192.168.2.4179.43.171.209
                Nov 30, 2024 17:22:12.887645006 CET700049730179.43.171.209192.168.2.4
                Nov 30, 2024 17:22:12.887706995 CET497307000192.168.2.4179.43.171.209

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                High Level Behavior Distribution

                Click to dive into process behavior distribution

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:11:19:53
                Start date:30/11/2024
                Path:C:\Users\user\Desktop\file.exe
                Wow64 process (32bit):true
                Commandline:"C:\Users\user\Desktop\file.exe"
                Imagebase:0x800000
                File size:1'723'904 bytes
                MD5 hash:7AC5198E128DEDA55EEEB6CCFC8B57EA
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Yara matches:
                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.3032446698.0000000000802000.00000040.00000001.01000000.00000003.sdmp, Author: ditekSHen
                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000003.1666415670.0000000004FA0000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.3035777047.0000000005391000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                Reputation:low
                Has exited:true

                General

                Target ID:1
                Start time:11:19:56
                Start date:30/11/2024
                Path:C:\Windows\SysWOW64\schtasks.exe
                Wow64 process (32bit):true
                Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "github" /tr "C:\Users\user\AppData\Roaming\github.exe"
                Imagebase:0xa70000
                File size:187'904 bytes
                MD5 hash:48C2FE20575769DE916F48EF0676A965
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:2
                Start time:11:19:56
                Start date:30/11/2024
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff7699e0000
                File size:862'208 bytes
                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                General

                Target ID:9
                Start time:11:21:44
                Start date:30/11/2024
                Path:C:\Windows\SysWOW64\WerFault.exe
                Wow64 process (32bit):true
                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 2632
                Imagebase:0x170000
                File size:483'680 bytes
                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                Disassembly

                Reset < >

                  Execution Graph

                  Execution Coverage:16.6%
                  Dynamic/Decrypted Code Coverage:100%
                  Signature Coverage:0%
                  Total number of Nodes:51
                  Total number of Limit Nodes:6
                  execution_graph 14453 5365cc8 14454 5365ccc 14453->14454 14457 5365e40 14454->14457 14463 5365f58 14454->14463 14458 5365e7c 14457->14458 14459 5365f7f 14458->14459 14469 5366313 14458->14469 14473 53663e0 14458->14473 14477 53663f0 14458->14477 14459->14454 14464 5365f2f 14463->14464 14465 5365f7f 14464->14465 14466 5366313 3 API calls 14464->14466 14467 53663f0 3 API calls 14464->14467 14468 53663e0 3 API calls 14464->14468 14465->14454 14466->14464 14467->14464 14468->14464 14471 536631d 14469->14471 14470 536637d 14471->14470 14481 5366c50 14471->14481 14474 53663ef 14473->14474 14476 5366c50 3 API calls 14474->14476 14475 53664f6 14476->14475 14478 5366415 14477->14478 14480 5366c50 3 API calls 14478->14480 14479 53664f6 14480->14479 14482 5366c75 14481->14482 14486 536b6a0 14482->14486 14490 536b691 14482->14490 14483 5366ed0 14483->14470 14487 536b6c5 14486->14487 14494 536b938 14487->14494 14488 536b727 14488->14483 14491 536b6c5 14490->14491 14493 536b938 3 API calls 14491->14493 14492 536b727 14492->14483 14493->14492 14498 536b970 14494->14498 14506 536b980 14494->14506 14495 536b956 14495->14488 14499 536b9b5 14498->14499 14500 536b98d 14498->14500 14514 536b27c 14499->14514 14500->14495 14503 536b9d6 14503->14495 14504 536ba9e GlobalMemoryStatusEx 14505 536bace 14504->14505 14505->14495 14507 536b9b5 14506->14507 14508 536b98d 14506->14508 14509 536b27c GlobalMemoryStatusEx 14507->14509 14508->14495 14510 536b9d2 14509->14510 14511 536b9d6 14510->14511 14512 536ba9e GlobalMemoryStatusEx 14510->14512 14511->14495 14513 536bace 14512->14513 14513->14495 14515 536b283 GlobalMemoryStatusEx 14514->14515 14517 536b9d2 14515->14517 14517->14503 14517->14504

                  Executed Functions

                  Function 05364A68 Relevance: 6.7, Strings: 5, Instructions: 483COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 0 5364a68-5364aa6 1 5364acb-5364ae8 call 5363958 0->1 2 5364aa8-5364aaf 0->2 10 5364af3-5364b04 1->10 11 5364aea-5364af0 1->11 3 5365365-5365370 2->3 4 5364ab5-5364ac0 call 5360150 2->4 12 5365377-53653eb 3->12 4->1 14 5364bb2-5364bd5 10->14 15 5364b0a-5364b1a call 53639b8 10->15 11->10 63 53653f2-536545e 12->63 23 5364e22-5364e4f 14->23 24 5364bdb-5364be8 14->24 20 5364b77-5364b7a 15->20 21 5364b1c-5364b35 15->21 25 5364b7c-5364b83 20->25 26 5364b88-5364b9a 20->26 34 5365465-5365488 21->34 35 5364b3b-5364b40 21->35 31 5364f35-5364f5b call 5363a58 23->31 32 5364e55-5364e63 23->32 24->23 36 5364bee-5364bf4 24->36 25->23 26->34 37 5364ba0-5364bad 26->37 45 5364f60 31->45 32->31 48 5364e69-5364e76 32->48 51 5365491-536549f 34->51 52 536548a-536548f 34->52 35->23 38 5364b46-5364b72 35->38 41 5364bf6-5364bf8 36->41 42 5364bfa-5364c06 36->42 37->23 38->23 46 5364c08-5364c17 41->46 42->46 53 5365356-536535d 45->53 46->12 58 5364c1d-5364c21 46->58 64 5365360 48->64 65 5364e7c-5364e7f 48->65 66 53654f7-53654fc 51->66 67 53654a1-53654b1 51->67 56 5365503-5365505 52->56 62 5364c27-5364c2e 58->62 58->63 62->63 70 5364c34-5364c3b 62->70 63->34 64->3 65->64 71 5364e85-5364ea2 65->71 66->56 67->66 68 53654b3-53654c3 67->68 68->66 73 53654c5-53654d5 68->73 74 5364d30-5364d37 70->74 75 5364c41-5364c48 70->75 94 5364ea4-5364eaa 71->94 95 5364ee5-5364f0f 71->95 73->66 77 53654d7-53654e5 73->77 74->23 79 5364d3d-5364d61 74->79 75->34 80 5364c4e-5364c69 75->80 77->66 88 53654e7-53654ed 77->88 89 5364d63-5364d69 79->89 90 5364d9a-5364dae 79->90 91 5364c6f-5364c89 80->91 92 5364c6b-5364c6d 80->92 96 53654f1 88->96 97 53654ef 88->97 98 5364d6f-5364d7b 89->98 99 5364d6b-5364d6d 89->99 114 5364db2-5364dbe 90->114 115 5364db0 90->115 100 5364c8b-5364c99 91->100 92->100 94->34 101 5364eb0-5364eb6 94->101 95->53 130 5364f15-5364f21 95->130 107 53654f3-53654f5 96->107 97->107 109 5364d7d-5364d86 98->109 99->109 104 5364cbe-5364cee 100->104 105 5364c9b-5364caa 100->105 102 5364eb8-5364ebb 101->102 103 5364ec9-5364ed1 call 5360150 101->103 102->34 112 5364ec1-5364ec7 102->112 120 5364ed8-5364edb 103->120 105->104 129 5364cac-5364cbc 105->129 107->66 113 53654fe 107->113 109->90 128 5364d88-5364d98 109->128 112->120 113->56 124 5364dc0-5364dd2 114->124 115->124 120->64 127 5364ee1-5364ee3 120->127 135 5364e0c-5364e1f 124->135 127->94 127->95 128->90 140 5364dd4-5364e0a 128->140 129->104 141 5364cf1-5364d2d 129->141 130->31 142 5364f23 130->142 135->23 140->135 142->53
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: ,bbq$@b^q$]$$^q$;^q
                  • API String ID: 0-811305235
                  • Opcode ID: 42ebb64f70a92b88713e971750cd9706239ddd974e681bc4035c18a66aaf52c7
                  • Instruction ID: fa7eb758642e9419ec3cc693bbbcd0ced05727ff7100a03c86ced67df673b9bd
                  • Opcode Fuzzy Hash: 42ebb64f70a92b88713e971750cd9706239ddd974e681bc4035c18a66aaf52c7
                  • Instruction Fuzzy Hash: 82025D34B002188FDB15DF28D894BAE7BB6BF89701F1484A9E9099B395CF71DC81CB91
                  Function 0536E370 Relevance: 5.4, Strings: 4, Instructions: 438COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 487 536e370-536e3a6 612 536e3a8 call 536e370 487->612 613 536e3a8 call 536dd48 487->613 488 536e3ae-536e3b4 489 536e3b6-536e3ba 488->489 490 536e404-536e408 488->490 493 536e3bc-536e3c1 489->493 494 536e3c9-536e3d0 489->494 491 536e41f-536e433 490->491 492 536e40a-536e419 490->492 500 536e43b-536e442 491->500 497 536e445-536e44f 492->497 498 536e41b-536e41d 492->498 493->494 495 536e4a6-536e4e3 494->495 496 536e3d6-536e3dd 494->496 509 536e4e5-536e4eb 495->509 510 536e4ee-536e50e 495->510 496->490 499 536e3df-536e3e3 496->499 501 536e451-536e457 497->501 502 536e459-536e45d 497->502 498->500 503 536e3e5-536e3ea 499->503 504 536e3f2-536e3f9 499->504 506 536e465-536e49f 501->506 502->506 507 536e45f 502->507 503->504 504->495 508 536e3ff-536e402 504->508 506->495 507->506 508->500 509->510 515 536e515-536e51c 510->515 516 536e510 510->516 519 536e51e-536e529 515->519 518 536e8a4-536e8ad 516->518 520 536e8b5-536e8c7 519->520 521 536e52f-536e542 519->521 526 536e544-536e552 521->526 527 536e558-536e573 521->527 526->527 532 536e82c-536e833 526->532 530 536e597-536e59a 527->530 531 536e575-536e57b 527->531 536 536e6f4-536e6fa 530->536 537 536e5a0-536e5a3 530->537 533 536e584-536e587 531->533 534 536e57d 531->534 532->518 535 536e835-536e837 532->535 539 536e5ba-536e5c0 533->539 540 536e589-536e58c 533->540 534->533 534->536 538 536e7e6-536e7e9 534->538 534->539 541 536e846-536e84c 535->541 542 536e839-536e83e 535->542 536->538 543 536e700-536e705 536->543 537->536 544 536e5a9-536e5af 537->544 549 536e8b0 538->549 550 536e7ef-536e7f5 538->550 551 536e5c6-536e5c8 539->551 552 536e5c2-536e5c4 539->552 545 536e626-536e62c 540->545 546 536e592 540->546 541->520 547 536e84e-536e853 541->547 542->541 543->538 544->536 548 536e5b5 544->548 545->538 555 536e632-536e638 545->555 546->538 553 536e855-536e85a 547->553 554 536e898-536e89b 547->554 548->538 549->520 556 536e7f7-536e7ff 550->556 557 536e81a-536e81e 550->557 558 536e5d2-536e5db 551->558 552->558 553->549 561 536e85c 553->561 554->549 560 536e89d-536e8a2 554->560 562 536e63e-536e640 555->562 563 536e63a-536e63c 555->563 556->520 564 536e805-536e814 556->564 557->532 559 536e820-536e826 557->559 565 536e5ee-536e616 558->565 566 536e5dd-536e5e8 558->566 559->519 559->532 560->518 560->535 567 536e863-536e868 561->567 568 536e64a-536e661 562->568 563->568 564->527 564->557 586 536e61c-536e621 565->586 587 536e70a-536e740 call 536e999 565->587 566->538 566->565 571 536e88a-536e88c 567->571 572 536e86a-536e86c 567->572 579 536e663-536e67c 568->579 580 536e68c-536e6b3 568->580 571->549 575 536e88e-536e891 571->575 576 536e86e-536e873 572->576 577 536e87b-536e881 572->577 575->554 576->577 577->520 578 536e883-536e888 577->578 578->571 582 536e85e-536e861 578->582 579->587 590 536e682-536e687 579->590 580->549 592 536e6b9-536e6bc 580->592 582->549 582->567 586->587 593 536e742-536e746 587->593 594 536e74d-536e755 587->594 590->587 592->549 595 536e6c2-536e6eb 592->595 596 536e765-536e769 593->596 597 536e748-536e74b 593->597 594->549 598 536e75b-536e760 594->598 595->587 610 536e6ed-536e6f2 595->610 599 536e76b-536e771 596->599 600 536e788-536e78c 596->600 597->594 597->596 598->538 599->600 602 536e773-536e77b 599->602 603 536e796-536e7b2 600->603 604 536e78e-536e794 600->604 602->549 605 536e781-536e786 602->605 607 536e7bb-536e7bf 603->607 604->603 604->607 605->538 607->538 608 536e7c1-536e7dd 607->608 608->538 610->587 612->488 613->488
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: (o^q$(o^q$,bq$,bq
                  • API String ID: 0-879173519
                  • Opcode ID: 79e51a05a9161fd04d1ec10e0cb811bafdb832d3f50932f6ba129ac35777140e
                  • Instruction ID: baf60846e0a6f4257459c399f3a74cc5a5d5f95e58ebf8a96db2114248fb10c2
                  • Opcode Fuzzy Hash: 79e51a05a9161fd04d1ec10e0cb811bafdb832d3f50932f6ba129ac35777140e
                  • Instruction Fuzzy Hash: 2E027E38A00209DFDB15CFA8C984AAEBBBAFF48300F14C469E415EB265DB74DD49DB51
                  Function 091A27F8 Relevance: 4.6, Strings: 3, Instructions: 837COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 692 91a27f8-91a27f9 693 91a27fb-91a2813 692->693 694 91a2814 692->694 693->694 696 91a27be 694->696 697 91a2816-91a2834 694->697 696->692 700 91a283a-91a2840 697->700 979 91a2846 call 91a3518 700->979 980 91a2846 call 91a3528 700->980 701 91a284c-91a2855 702 91a285b-91a286f 701->702 703 91a3411-91a3436 701->703 706 91a28bc-91a28cd 702->706 707 91a2871-91a28a1 702->707 726 91a343b-91a3442 703->726 712 91a28cf-91a28e2 706->712 713 91a28e7-91a28f8 706->713 718 91a28a8 707->718 712->726 719 91a28fa-91a2922 713->719 720 91a2927-91a2938 713->720 981 91a28aa call 536c406 718->981 982 91a28aa call 536c410 718->982 719->726 727 91a293a-91a2946 720->727 728 91a294b-91a295c 720->728 723 91a28af-91a28b7 723->726 727->726 733 91a2999-91a29aa 728->733 734 91a295e-91a2964 728->734 739 91a29ac-91a29b2 733->739 740 91a29e3-91a29f4 733->740 734->703 736 91a296a-91a2970 734->736 736->703 738 91a2976-91a2994 736->738 738->726 739->703 741 91a29b8-91a29be 739->741 746 91a2a1f-91a2a30 740->746 747 91a29f6-91a29fc 740->747 741->703 743 91a29c4-91a29de 741->743 743->726 754 91a2aea-91a2afb 746->754 755 91a2a36-91a2a85 746->755 747->703 749 91a2a02-91a2a1a 747->749 749->726 760 91a2b19-91a2b2a 754->760 761 91a2afd-91a2b03 754->761 755->703 780 91a2a8b-91a2ab7 call 91a2644 755->780 767 91a2b4b-91a2b5c 760->767 768 91a2b2c-91a2b32 760->768 761->703 763 91a2b09-91a2b14 761->763 763->726 774 91a2b5e-91a2b70 767->774 775 91a2b75-91a2b86 767->775 768->703 771 91a2b38-91a2b46 768->771 771->726 774->726 781 91a2b88-91a2b9a 775->781 782 91a2b9f-91a2bb0 775->782 780->703 801 91a2abd-91a2ae5 call 91a2654 780->801 781->726 786 91a2bc9-91a2bda 782->786 787 91a2bb2-91a2bc4 782->787 791 91a2bfc-91a2c0d 786->791 792 91a2bdc-91a2be2 786->792 787->726 799 91a2c9a-91a2cab 791->799 800 91a2c13-91a2c7f 791->800 792->703 794 91a2be8-91a2bf7 792->794 794->726 806 91a2cad-91a2cba 799->806 807 91a2cd5-91a2ce6 799->807 800->703 834 91a2c85-91a2c95 800->834 801->726 806->726 814 91a2cec-91a2d58 807->814 815 91a2d73-91a2d84 807->815 814->703 850 91a2d5e-91a2d6e 814->850 822 91a2dae-91a2dbf 815->822 823 91a2d86-91a2d93 815->823 828 91a2dc1-91a2de1 822->828 829 91a2de6-91a2df7 822->829 823->726 828->726 835 91a2dfd-91a2ead 829->835 836 91a2eb2-91a2ec3 829->836 834->726 835->726 844 91a2ec9-91a2ecf 836->844 845 91a2ffc-91a300d 836->845 847 91a2f64-91a2ff7 844->847 848 91a2ed5-91a2edb 844->848 855 91a301f-91a3030 845->855 856 91a300f-91a301a 845->856 847->726 848->847 851 91a2ee1-91a2f5f 848->851 850->726 851->726 863 91a309d-91a30ae 855->863 864 91a3032-91a3046 855->864 856->726 874 91a30f2-91a3103 863->874 875 91a30b0-91a30b6 863->875 864->703 873 91a304c-91a3057 864->873 885 91a3059-91a3077 873->885 886 91a307c-91a3098 873->886 883 91a3142-91a3153 874->883 884 91a3105-91a313d 874->884 875->703 877 91a30bc-91a30cc 875->877 877->703 890 91a30d2-91a30ed 877->890 897 91a3166-91a3177 883->897 898 91a3155-91a3161 883->898 884->726 885->726 886->726 890->726 897->726 911 91a317d-91a3184 897->911 898->726 916 91a31aa-91a33e9 call 91a2664 call 91a2674 call 91a2684 call 91a2694 call 91a26a4 call 91a2674 call 91a2684 call 91a26b4 call 91a26c4 911->916 917 91a3186-91a3197 call 91a1b6c 911->917 916->726 917->916 979->701 980->701 981->723 982->723
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: -3$ -3$Te^q
                  • API String ID: 0-3587138022
                  • Opcode ID: b9b6a6f522c15eea79c3f4dc70144ed62b5affd6217b38a3f32ed7e7b35718f8
                  • Instruction ID: 4dcbd5df02b0be3f623eb15b4b065499e6e3483dedea41fa8851098a5ba3bd78
                  • Opcode Fuzzy Hash: b9b6a6f522c15eea79c3f4dc70144ed62b5affd6217b38a3f32ed7e7b35718f8
                  • Instruction Fuzzy Hash: 7152A434B103108FDB0AEB74D859B2E77A7AF88704F15891CE9169B3A4DF36DC428B91
                  Function 0536441F Relevance: 4.4, Strings: 3, Instructions: 618COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: Hbq$Hbq$]
                  • API String ID: 0-65184884
                  • Opcode ID: 828b099d202c30f0d60921188d43be58fd822bcb2b53906eab8fdb1f54d0b1c7
                  • Instruction ID: dad78b08e09e8d2941a2f45a247fc453186080f1dcc5099d40867f18b8d184b0
                  • Opcode Fuzzy Hash: 828b099d202c30f0d60921188d43be58fd822bcb2b53906eab8fdb1f54d0b1c7
                  • Instruction Fuzzy Hash: 3522AD30B002189FDF15DF68D894BAE7BA7BF88700F148469E506AB394CE75CD41CBA6
                  Function 05361030 Relevance: 4.2, Strings: 3, Instructions: 491COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 1288 5361030-5361053 1289 5361658-5361752 1288->1289 1290 5361059-5361182 1288->1290 1337 5361184 1290->1337 1338 536118b-53611e4 call 5360290 call 53602a0 1290->1338 1337->1338 1348 53611e6-53611ee 1338->1348 1349 53611f5-5361204 1338->1349 1348->1349 1352 5361226-5361289 1349->1352 1353 5361206-5361220 call 5360290 1349->1353 1446 5361289 call 5362260 1352->1446 1447 5361289 call 5362250 1352->1447 1448 5361289 call 53622cc 1352->1448 1353->1352 1364 536128f-5361299 1366 536129f-5361319 1364->1366 1367 536131b-536138d 1364->1367 1384 5361395-536142f call 536081c 1366->1384 1367->1384 1397 5361435-5361459 call 53629aa 1384->1397 1398 53615aa-53615bd 1384->1398 1401 53614a7-53614d0 1397->1401 1402 536145b-5361462 1397->1402 1408 53615c2-536163f 1398->1408 1414 53614e7-53614fa 1401->1414 1415 53614d2-53614e5 1401->1415 1402->1398 1404 5361468-5361480 1402->1404 1413 5361488-536148a 1404->1413 1444 5361646-5361657 1408->1444 1416 53614a2-53614a5 1413->1416 1417 536148c-5361492 1413->1417 1419 5361502-536152e 1414->1419 1452 53614fc call 536441f 1414->1452 1453 53614fc call 536446f 1414->1453 1415->1419 1416->1401 1421 5361496-5361498 1417->1421 1422 5361494 1417->1422 1429 5361545-5361558 1419->1429 1430 5361530-5361543 1419->1430 1421->1416 1422->1416 1432 5361560-536157d 1429->1432 1430->1432 1450 536157f call 5365518 1432->1450 1451 536157f call 5365508 1432->1451 1437 5361585-53615a8 call 53602b0 1437->1408 1446->1364 1447->1364 1448->1364 1450->1437 1451->1437 1452->1419 1453->1419
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: $^q$$^q$$^q
                  • API String ID: 0-831282457
                  • Opcode ID: 7a4e28013a3bdcbe65cb4171953e8341e6b6e15f61aa4eddb8f519e2cc3f7641
                  • Instruction ID: d60781e41f62ead0d99f22376e7eae358e6a9b7f508bcbee56bee62adae8dcaf
                  • Opcode Fuzzy Hash: 7a4e28013a3bdcbe65cb4171953e8341e6b6e15f61aa4eddb8f519e2cc3f7641
                  • Instruction Fuzzy Hash: 8302C6307202049FEB099B74D959B6E7BA7FF88700F108528E506DB3A8DF769C468B91
                  Function 0536DD48 Relevance: 3.0, Strings: 2, Instructions: 511COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: (o^q$Hbq
                  • API String ID: 0-662517225
                  • Opcode ID: d87c7ffa60eaabaf8764722a217e41fb05cbfd6d14fd86de9a4bb2167511764d
                  • Instruction ID: 69413f59018a8ba26dfd97a09abaaff00dd3c6df4f8ba3f29f806d49f76bab66
                  • Opcode Fuzzy Hash: d87c7ffa60eaabaf8764722a217e41fb05cbfd6d14fd86de9a4bb2167511764d
                  • Instruction Fuzzy Hash: 5012AC74B002198FDB15DFA9C854AAEBBFABF88300F14C569E405EB394DF349946CB91
                  Function 0536BD70 Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                  Download Yara Rule

                  Control-flow Graph

                  • Executed
                  • Not Executed
                  control_flow_graph 1983 536bd70-536bd7f 1984 536bd81-536bd83 1983->1984 1985 536bd88-536bd98 1983->1985 1986 536c161-536c168 1984->1986 1988 536bd9e-536bdac 1985->1988 1989 536c169-536c1de 1985->1989 1988->1989 1992 536bdb2 1988->1992 1992->1989 1993 536c116-536c126 1992->1993 1994 536be15-536be25 1992->1994 1995 536bef3-536bf03 1992->1995 1996 536c031-536c041 1992->1996 1997 536be5f-536be6f 1992->1997 1998 536bfdf-536bfef 1992->1998 1999 536bf3d-536bf4d 1992->1999 2000 536bdb9-536bdc9 1992->2000 2001 536c0d9-536c0e9 1992->2001 2002 536bf80-536bf90 1992->2002 2003 536c14d-536c159 1992->2003 2004 536bea9-536beb9 1992->2004 2005 536c089-536c08f 1992->2005 2013 536c141-536c14b 1993->2013 2014 536c128-536c12e 1993->2014 2021 536be27-536be2d 1994->2021 2022 536be4a-536be5a 1994->2022 2015 536bf05-536bf0b 1995->2015 2016 536bf28-536bf38 1995->2016 2017 536c043-536c049 1996->2017 2018 536c06d-536c084 1996->2018 2027 536be94-536bea4 1997->2027 2028 536be71-536be77 1997->2028 2007 536c013-536c02c 1998->2007 2008 536bff1-536bff7 1998->2008 2023 536bf4f-536bf55 1999->2023 2024 536bf6b-536bf7b 1999->2024 2019 536bdf6-536be10 2000->2019 2020 536bdcb-536bdd1 2000->2020 2009 536c104-536c114 2001->2009 2010 536c0eb-536c0f1 2001->2010 2029 536bf92-536bf98 2002->2029 2030 536bfbf-536bfda 2002->2030 2003->1986 2011 536bede-536beee 2004->2011 2012 536bebb-536bec1 2004->2012 2025 536c093 2005->2025 2026 536c091 2005->2026 2007->1986 2032 536c005-536c00e 2008->2032 2033 536bff9-536bffb 2008->2033 2009->1986 2043 536c0f3-536c0f5 2010->2043 2044 536c0ff-536c102 2010->2044 2011->1986 2045 536bec3-536bec5 2012->2045 2046 536becf-536bed9 2012->2046 2013->1986 2047 536c130-536c132 2014->2047 2048 536c13c-536c13f 2014->2048 2049 536bf0d-536bf0f 2015->2049 2050 536bf19-536bf23 2015->2050 2016->1986 2034 536c057-536c068 2017->2034 2035 536c04b-536c04d 2017->2035 2018->1986 2019->1986 2036 536bdd3-536bdd5 2020->2036 2037 536bddf-536bdf1 2020->2037 2038 536be2f-536be31 2021->2038 2039 536be3b-536be45 2021->2039 2022->1986 2051 536bf57-536bf59 2023->2051 2052 536bf63-536bf66 2023->2052 2024->1986 2040 536c095-536c097 2025->2040 2026->2040 2027->1986 2041 536be85-536be8f 2028->2041 2042 536be79-536be7b 2028->2042 2054 536bfa6-536bfba 2029->2054 2055 536bf9a-536bf9c 2029->2055 2030->1986 2032->1986 2033->2032 2034->1986 2035->2034 2036->2037 2037->1986 2038->2039 2039->1986 2061 536c0a8-536c0d4 2040->2061 2062 536c099-536c0a3 2040->2062 2041->1986 2042->2041 2043->2044 2044->1986 2045->2046 2046->1986 2047->2048 2048->1986 2049->2050 2050->1986 2051->2052 2052->1986 2054->1986 2055->2054 2061->1986 2062->1986
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: LR^q$Xbq
                  • API String ID: 0-1504435008
                  • Opcode ID: 44fe0d87ed9e3c65cce3e8f09d292bcfc1fbff642d0608645f6b474945d7848d
                  • Instruction ID: ed4ed04c3e550eb80d05130e6189fcc04c1d0d8bcc7d07c209c786ef668d9af4
                  • Opcode Fuzzy Hash: 44fe0d87ed9e3c65cce3e8f09d292bcfc1fbff642d0608645f6b474945d7848d
                  • Instruction Fuzzy Hash: B3C16770F0421DCBDF185F6694582AEBEB6BF88B00F28985DD482EA648DF34CC558F65
                  Function 053698E0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: \Vam
                  • API String ID: 0-2269870599
                  • Opcode ID: bef7e20ae6e7489ff4535855acfeb27a23b84ea9338d242f3262b2fd6b72c627
                  • Instruction ID: 30d740aca2c21de8658f1486622fa631853b925c78b9ef3f5f06d5f009b63f89
                  • Opcode Fuzzy Hash: bef7e20ae6e7489ff4535855acfeb27a23b84ea9338d242f3262b2fd6b72c627
                  • Instruction Fuzzy Hash: D1B15C71E04209CFDB14CFA9C9957AEBBF2BF88354F14C12DD419A7298EBB49845CB81
                  Function 0536A1B0 Relevance: .3, Instructions: 266COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: f10a08709c86e8deba74102cee0128f5c189693600cffb3d3e8f0a21cdf02896
                  • Instruction ID: 494dd944b6a66e4048dd78a60d517c1fc1ec2450bf9e073f33d20542afea1c48
                  • Opcode Fuzzy Hash: f10a08709c86e8deba74102cee0128f5c189693600cffb3d3e8f0a21cdf02896
                  • Instruction Fuzzy Hash: 82B13A70E04209CFDB10CFA9D8957ADBBF2BF88314F24C52DD419A7298EB759895CB81
                  Function 091A0AA8 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: $^q$$^q
                  • API String ID: 0-355816377
                  • Opcode ID: 4a01732defc3a06ad517abe187053d1acbe96dd15c5c5ce1020b08dc7fcc146d
                  • Instruction ID: a943cb9af94899a4b6851ce09dd1fad655da83fdd8224e5e90e3fe645848fcee
                  • Opcode Fuzzy Hash: 4a01732defc3a06ad517abe187053d1acbe96dd15c5c5ce1020b08dc7fcc146d
                  • Instruction Fuzzy Hash: 3331C6787042158FCB198F39C99563E7B65EB8A74DB19086AE052CB291EF24DCC1C752
                  Function 0536B980 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: c13dab9d573ee4da3f892029dda3a102ddef5ade1b7c47ba9c5124af120bea16
                  • Instruction ID: ff715934e05506673ebad67b54a1c55e758293b1b703682250af6fcd65a0929c
                  • Opcode Fuzzy Hash: c13dab9d573ee4da3f892029dda3a102ddef5ade1b7c47ba9c5124af120bea16
                  • Instruction Fuzzy Hash: DC41E072E047598FCB04CFB9D8542EEFBF1EF8A220F14866AD408E7251DB749845CBA1
                  Function 0536B2EA Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                  Download Yara Rule
                  APIs
                  • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0536B9D2), ref: 0536BABF
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID: GlobalMemoryStatus
                  • String ID:
                  • API String ID: 1890195054-0
                  • Opcode ID: 4c10d020a4050d20ce6ff34c4448d6ee65038714d84c6cc3e5f77673b12780e0
                  • Instruction ID: 791a709f42f80637b067b10965f0f3d8f3b69f23c36aca72fad718497d08af89
                  • Opcode Fuzzy Hash: 4c10d020a4050d20ce6ff34c4448d6ee65038714d84c6cc3e5f77673b12780e0
                  • Instruction Fuzzy Hash: 222135B6C0465ADFCB10CFAAC44469EFBF4FB08320F15816AD858A7245D378A944CFA1
                  Function 0536B27C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                  Download Yara Rule
                  APIs
                  • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0536B9D2), ref: 0536BABF
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID: GlobalMemoryStatus
                  • String ID:
                  • API String ID: 1890195054-0
                  • Opcode ID: a043e88b8056c352f364cf489f3a81a38d06bac576a065a4962dfcf5cd67c243
                  • Instruction ID: 6777469f76be304851c48d4c5c93ff837e966333f5d101e8e7f0c3e6e7b7fd5b
                  • Opcode Fuzzy Hash: a043e88b8056c352f364cf489f3a81a38d06bac576a065a4962dfcf5cd67c243
                  • Instruction Fuzzy Hash: F51103B5C046599BCB10CF9AC548B9EFBF4EB48320F14816AE918A7250D378A944CFA5
                  Function 0536BA50 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                  Download Yara Rule
                  APIs
                  • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,0536B9D2), ref: 0536BABF
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID: GlobalMemoryStatus
                  • String ID:
                  • API String ID: 1890195054-0
                  • Opcode ID: e80ada7ce9ac4992e597a3749bb1d86bc583d16d7bdadc71666260d28ce5c06b
                  • Instruction ID: 20fe876a6513414dd00e96101ac925f1a19242edee460958c96f1bf863698c7f
                  • Opcode Fuzzy Hash: e80ada7ce9ac4992e597a3749bb1d86bc583d16d7bdadc71666260d28ce5c06b
                  • Instruction Fuzzy Hash: B31144B6C006599FCB10CFAAC4447DEFBB0FF09320F14826AD818A7200D778A941CFA5
                  Function 091A1018 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: (o^q
                  • API String ID: 0-74704288
                  • Opcode ID: 740728961f48224a2c309720f6bf1f4d0b87e3fcc63e34c33e196d67c64a1829
                  • Instruction ID: 6f71756f76be9c5ab11a66ec1a272bc6ff82985b1bcc457bb6e450049422f402
                  • Opcode Fuzzy Hash: 740728961f48224a2c309720f6bf1f4d0b87e3fcc63e34c33e196d67c64a1829
                  • Instruction Fuzzy Hash: CA41DD35B042049FCB099F79D998AAE7BB6BFC8750F148469E906DB391CF349C02CB95
                  Function 091A0EF1 Relevance: .1, Instructions: 108COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 12b6b24bf5ba2f55b00c80dda043980688b28df12641db1e9d70a69c83bbac08
                  • Instruction ID: 360762328f70f3eacc1526e49f8dfb482942a9f6fcfe14bf9ceb4bbb0ec835d2
                  • Opcode Fuzzy Hash: 12b6b24bf5ba2f55b00c80dda043980688b28df12641db1e9d70a69c83bbac08
                  • Instruction Fuzzy Hash: AE312439B042009FDB248E68D995BAE7BB2EF8D314F14842AF516E7390CB35DC02C791
                  Function 091A3528 Relevance: .1, Instructions: 61COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 7478541fbce2fb7647b639b4413c4fa5fa439cf523eed64682233a51de4b65ec
                  • Instruction ID: cc84beb4efc08f8ba182946426408ece4c29b95cee100c0ad5a23d32cabb8cc2
                  • Opcode Fuzzy Hash: 7478541fbce2fb7647b639b4413c4fa5fa439cf523eed64682233a51de4b65ec
                  • Instruction Fuzzy Hash: 4611A334F002049BDB589E7D9C147BF76A6AF84754F048929E926D7380EB30CD0287D0
                  Function 091A1774 Relevance: .0, Instructions: 26COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: d05b3a4fdc7374350bfe81b890215ab42138dcc37d813ca6c3c5cb07e9342c27
                  • Instruction ID: fb65be8ec75bcae415c59bbcc866c5a72f94c2ff90ae1b6856e46e103f8f1f9d
                  • Opcode Fuzzy Hash: d05b3a4fdc7374350bfe81b890215ab42138dcc37d813ca6c3c5cb07e9342c27
                  • Instruction Fuzzy Hash: 79F020A5D4C3C0AEC7228BB888050627FB0D912265B8942CED0E68B462E6288803C742
                  Function 091A10C5 Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 731f91eb8ad10c8137ee2f78ec06d23557ddce1544244328009feac200ffc0b7
                  • Instruction ID: 11d51f1814c60284662e4a7061a857d80db5773b12feeff110716f9be3d958b0
                  • Opcode Fuzzy Hash: 731f91eb8ad10c8137ee2f78ec06d23557ddce1544244328009feac200ffc0b7
                  • Instruction Fuzzy Hash: 6ED0673AB40118DFCB149F99E8408DDFBB6FB98261B148116F915A3261CA319921DB94
                  Function 091A1731 Relevance: .0, Instructions: 16COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 3de685c293b783765e86c0ed55653696598b95e96abee5a2a6e0fa8603c011a6
                  • Instruction ID: 2d78841b5878bcf4f0b6d270cc2b2be120b3d8b3216cf1a8b2996a2646c73d21
                  • Opcode Fuzzy Hash: 3de685c293b783765e86c0ed55653696598b95e96abee5a2a6e0fa8603c011a6
                  • Instruction Fuzzy Hash: 6CE0C270C587C09ECB61CBBCC14509ABFF09A02235B4446DDD4FA8B946EB395453CB82
                  Function 091A1740 Relevance: .0, Instructions: 13COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: ba35340d5b078c81a1a769acb286d3038266048e5ef27fd427b3e5144d963488
                  • Instruction ID: 7fe67badffb58c1c6cf6af93d80a36f0288fc318657e38074e18a57f0487eeec
                  • Opcode Fuzzy Hash: ba35340d5b078c81a1a769acb286d3038266048e5ef27fd427b3e5144d963488
                  • Instruction Fuzzy Hash: 31D0C9B4D1430C9F8B80EFF8950516EBFF4BB04200F0145AAD819E3201FB348A118F92
                  Function 091A1709 Relevance: .0, Instructions: 11COMMON
                  Download Yara Rule
                  Memory Dump Source
                  • Source File: 00000000.00000002.3037710453.00000000091A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 091A0000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_91a0000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID:
                  • API String ID:
                  • Opcode ID: 02059b91e1e5d64bd451a4d36528f0ba7127d571fd579f7e8c022d7736c256b4
                  • Instruction ID: 2d8b220ace26d9ea7e265df94782ffdde2f7939053b1e1df8633cea16c3b3501
                  • Opcode Fuzzy Hash: 02059b91e1e5d64bd451a4d36528f0ba7127d571fd579f7e8c022d7736c256b4
                  • Instruction Fuzzy Hash: F4D0C92094D7D05FCB03AB788A281483FF19E4321530948DFD1D29B1B7D5389946D71A

                  Non-executed Functions

                  Function 05361768 Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: Xbq$$^q
                  • API String ID: 0-1593437937
                  • Opcode ID: e22b714c1f1611a4dea893ae6782b50e15931e670075484ac4b89169f51442dd
                  • Instruction ID: 203b17fde1b67ade6eae5a361bc05b21ea19ae1b56c8a8b69d1b56009197d52c
                  • Opcode Fuzzy Hash: e22b714c1f1611a4dea893ae6782b50e15931e670075484ac4b89169f51442dd
                  • Instruction Fuzzy Hash: 1F816474B103189BDB58DB79985967E7FB7BFC8710B14C52DE406E7288DE348802CB96
                  Function 05369598 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                  Download Yara Rule
                  Strings
                  Memory Dump Source
                  • Source File: 00000000.00000002.3035648531.0000000005360000.00000040.00000800.00020000.00000000.sdmp, Offset: 05360000, based on PE: false
                  Joe Sandbox IDA Plugin
                  • Snapshot File: hcaresult_0_2_5360000_file.jbxd
                  Similarity
                  • API ID:
                  • String ID: \Vam
                  • API String ID: 0-2269870599
                  • Opcode ID: c042b5f9a3dc242cfc364864cb74326602eb708a413fdab7682265a54177a935
                  • Instruction ID: 42db95ad18b38cd8837b1e5a2d52956618f631de6a5868e6ca4d5ac445d23648
                  • Opcode Fuzzy Hash: c042b5f9a3dc242cfc364864cb74326602eb708a413fdab7682265a54177a935
                  • Instruction Fuzzy Hash: A5913871E042099FDF14CFA9C9957ADBBF2BF88314F14C12DE409AB258EB749846CB91