Edit tour

Windows Analysis Report
MiGFg375KJ.exe

Overview

General Information

Sample name:	MiGFg375KJ.exe renamed because original name is a hash value
Original sample name:	7bd6448fe487d0b8998f8da1ea906eb43a26240e8fb47f1f56fb16d5447ec333.exe
Analysis ID:	1577164
MD5:	24c587128fec0ff6d2b02d8722c0c8c1
SHA1:	25bf1ef6182dd53388b2332bafadc592c9983e0f
SHA256:	7bd6448fe487d0b8998f8da1ea906eb43a26240e8fb47f1f56fb16d5447ec333
Tags:	92-255-57-155exeuser-JAMESWT_MHT
Infos:

Detection

XWorm

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected XWorm

.NET source code contains potential unpacker

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

MiGFg375KJ.exe (PID: 7292 cmdline: "C:\Users\user\Desktop\MiGFg375KJ.exe" MD5: 24C587128FEC0FF6D2B02D8722C0C8C1)

WerFault.exe (PID: 6300 cmdline: C:\Windows\system32\WerFault.exe -u -p 7292 -s 1976 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XWorm	Malware with wide range of capabilities ranging from RAT to ransomware.	No Attribution	https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ https://any.run/cybersecurity-blog/xworm-technical-analysis-of-a-new-malware-version/ https://blog.cyble.com/2022/08/19/evilcoder-project-selling-multiple-dangerous-tools-online/ https://cert.pl/en/posts/2023/10/deworming-the-xworm/ https://embee-research.ghost.io/infrastructure-analysis-with-dns-pivoting/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x6978:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0xc78c:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x69cc:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0xc844:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x6a5c:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0xc974:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x6814:$cnc4: POST / HTTP/1.1
Process Memory Space: MiGFg375KJ.exe PID: 7292	JoeSecurity_XWorm	Yara detected XWorm	Joe Security
Process Memory Space: MiGFg375KJ.exe PID: 7292	MALWARE_Win_AsyncRAT	Detects AsyncRAT	ditekSHen	0x83724:$s8: Win32_ComputerSystem 0x837c0:$s8: Win32_ComputerSystem 0x6f1c4:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 0x6f280:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 0x6f30a:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 0x6f092:$cnc4: POST / HTTP/1.1

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T08:15:25.148514+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:28.448509+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:36.280440+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:47.420925+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:58.442913+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:58.633619+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:09.701604+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:14.967533+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.158142+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.379708+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.490008+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.579230+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.750336+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:16.720222+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:16.911153+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:17.102121+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:17.172114+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:18.214710+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:18.451633+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.058825+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.249605+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.369426+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.991847+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:20.664056+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:20.814055+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.108710+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.295000+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.419355+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.528276+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.719231+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:22.063592+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:22.833306+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:23.024279+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:23.215199+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:23.662075+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:24.061134+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:24.984240+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.175082+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.374187+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.564935+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.842394+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:26.137839+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:26.329096+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:27.293948+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:27.686336+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.077832+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.558844+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.748999+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.940151+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.059904+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.172329+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.251124+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.371728+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.491370+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.703682+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.008897+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.305233+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.439464+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.617946+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.752448+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.133882+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.324792+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.560797+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.635446+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.751111+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.926772+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.061828+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.118040+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.252794+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.525544+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.821707+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.012701+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.203551+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.326631+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.631071+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.928838+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:35.139997+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:35.330812+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:35.642453+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:36.451634+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:36.686669+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.309764+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.489150+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.608986+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.799843+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:38.184566+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:38.406061+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:38.971381+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.157684+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.348580+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.440046+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:40.762931+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:40.876252+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:41.187239+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:41.497996+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.023369+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.181906+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.401016+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.068538+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.259428+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.553363+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.817867+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.972725+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:44.308410+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:44.901669+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:45.092770+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:45.511195+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:45.808070+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:46.420599+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:46.578744+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:46.732302+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.022334+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.203870+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.395412+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.992683+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:48.222124+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:48.948369+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.184141+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.259793+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.565924+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.699261+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.823696+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.938957+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:50.058686+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:50.465983+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.105787+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.296091+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.487197+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.840102+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.020671+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.140379+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.211544+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.663927+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.137772+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.151324+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.520465+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:54.389045+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:54.612159+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:54.803040+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.220927+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.403195+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.522925+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.859063+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:56.307887+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:56.428679+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:57.654820+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:57.814026+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:58.099911+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:58.870098+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.104065+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.180770+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.414685+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.730422+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.218003+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.453713+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.529006+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.688053+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.719492+0100	2852870	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP

ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T08:15:25.276171+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:36.282341+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:47.423943+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:58.635898+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:09.704808+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.438957+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.558777+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.660367+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.780113+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.973291+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:16.093047+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:16.861498+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:17.104412+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:17.265499+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:17.561297+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:18.219524+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:18.457419+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.297999+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.489026+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.560556+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.940519+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:20.061860+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:20.742563+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:20.862339+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.122700+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.633275+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.752912+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.913088+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:22.193448+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:22.889463+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:23.026630+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:23.311295+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:23.665706+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:24.076634+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:24.988136+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:25.227602+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:25.517890+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:25.844786+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:26.146865+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:26.331979+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:27.732238+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:28.109502+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:28.270761+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:28.990280+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.180741+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.273442+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.393027+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.512806+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.705168+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.044076+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.306832+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.441802+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.901440+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.140787+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.375740+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.913421+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.118221+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.193579+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.532468+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.892923+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.014299+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.297324+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.729584+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.945749+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.141194+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.331996+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.452540+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.614021+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.733643+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:36.466000+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:36.698614+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:37.585903+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:37.873980+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:38.233251+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:38.411345+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:39.368712+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:39.488313+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:39.808701+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:40.804865+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:41.207051+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:42.182103+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:42.354035+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:42.477902+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:43.661961+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:43.877520+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:43.997886+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:44.908348+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:45.147915+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:45.535560+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:45.808852+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:46.421509+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:47.723304+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:48.108141+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:48.233311+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:48.949115+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.201032+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.628243+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.748137+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.867858+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.987611+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:50.153467+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:50.472190+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:51.993287+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:52.113952+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:52.277390+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:53.536781+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:53.730525+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:54.421955+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:54.613113+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:55.493071+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:55.905195+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:56.315567+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:56.440255+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:57.789408+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:57.909394+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:58.193959+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.183609+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.419906+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.626478+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.734510+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.749956+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:17:01.262613+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:17:06.936729+0100	2852923	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP

ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T08:15:28.448509+0100	2858801	1	Malware Command and Control Activity Detected	92.255.57.155	4411	192.168.2.5	49718	TCP

ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T08:16:27.686454+0100	2858799	1	Malware Command and Control Activity Detected	192.168.2.5	49718	92.255.57.155	4411	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: MiGFg375KJ.exe

Avira: detected

Found malware configuration

Source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Xworm {"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Multi AV Scanner detection for submitted file

Source: MiGFg375KJ.exe	Virustotal: Detection: 56%			Perma Link
Source: MiGFg375KJ.exe	ReversingLabs: Detection: 63%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: MiGFg375KJ.exe

Joe Sandbox ML: detected

Source: MiGFg375KJ.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: MiGFg375KJ.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb@ source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.pdbY source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb`- source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: symbols\dll\mscorlib.pdbpdb` source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbl source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb0T source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb#v2 source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb) source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA98000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbMZ source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: 0C:\Windows\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb@ source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: .pdbZ source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb)v( source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA98000.00000004.00000020.00020000.00000000.sdmp, WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.pdbp source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Management.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: mscorlib.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Management.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.pdb03y source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: indoC:\Windows\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2858800 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:49718 -> 92.255.57.155:4411
Source: Network traffic	Suricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 92.255.57.155:4411 -> 192.168.2.5:49718
Source: Network traffic	Suricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.5:49718 -> 92.255.57.155:4411
Source: Network traffic	Suricata IDS: 2858801 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound : 92.255.57.155:4411 -> 192.168.2.5:49718
Source: Network traffic	Suricata IDS: 2858799 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.5:49718 -> 92.255.57.155:4411

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 92.255.57.155

Source: global traffic

TCP traffic: 192.168.2.5:49718 -> 92.255.57.155:4411

Source: Joe Sandbox View

ASN Name: TELSPRU TELSPRU

Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155
Source: unknown	TCP traffic detected without corresponding DNS query: 92.255.57.155

Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects AsyncRAT Author: ditekSHen
Source: Process Memory Space: MiGFg375KJ.exe PID: 7292, type: MEMORYSTR	Matched rule: Detects AsyncRAT Author: ditekSHen

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF8489142B6	0_2_00007FF8489142B6
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF84890EA26	0_2_00007FF84890EA26
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848900EE0	0_2_00007FF848900EE0
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF84890F7D2	0_2_00007FF84890F7D2
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF8489004C7	0_2_00007FF8489004C7
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF8489005C1	0_2_00007FF8489005C1
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848904797	0_2_00007FF848904797
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF8489010A8	0_2_00007FF8489010A8
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF84890201C	0_2_00007FF84890201C
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848910847	0_2_00007FF848910847

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7292 -s 1976

Source: MiGFg375KJ.exe, 00000000.00000000.2165721313.0000000000542000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameXClient.exe4 vs MiGFg375KJ.exe
Source: MiGFg375KJ.exe	Binary or memory string: OriginalFilenameXClient.exe4 vs MiGFg375KJ.exe

Source: MiGFg375KJ.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
Source: Process Memory Space: MiGFg375KJ.exe PID: 7292, type: MEMORYSTR	Matched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT

Source: MiGFg375KJ.exe, -----------------------------------------.cs	Cryptographic APIs: 'CreateDecryptor'
Source: MiGFg375KJ.exe, -----------------------------------------.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: MiGFg375KJ.exe, -----------------------------------------.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: MiGFg375KJ.exe, -----------------------------------------.cs	Cryptographic APIs: 'CreateDecryptor'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@2/5@0/1

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Mutant created: \Sessions\1\BaseNamedObjects\o8kSNczORMveFDjV
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7292

Source: C:\Windows\System32\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\4284e7ff-f4b8-4f43-9d4a-683d6ea10fae

Jump to behavior

Source: MiGFg375KJ.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: MiGFg375KJ.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: MiGFg375KJ.exe	Virustotal: Detection: 56%
Source: MiGFg375KJ.exe	ReversingLabs: Detection: 63%

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

File read: C:\Users\user\Desktop\MiGFg375KJ.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\MiGFg375KJ.exe "C:\Users\user\Desktop\MiGFg375KJ.exe"
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7292 -s 1976

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Section loaded: winmm.dll	Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: MiGFg375KJ.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: MiGFg375KJ.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: Microsoft.VisualBasic.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\mscorlib.pdbpdblib.pdb@ source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.pdbY source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb`- source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: mscorlib.ni.pdbRSDS7^3l source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Configuration.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: symbols\dll\mscorlib.pdbpdb` source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\mscorlib.pdbl source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009D3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb0T source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb#v2 source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb) source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA98000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdbMZ source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: 0C:\Windows\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: Microsoft.VisualBasic.pdb@ source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.ni.pdbRSDS# source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: Microsoft.VisualBasic.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.Windows.Forms.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: .pdbZ source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb)v( source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA98000.00000004.00000020.00020000.00000000.sdmp, WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Management.ni.pdbRSDSJ< source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Windows.Forms.pdbp source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Management.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Drawing.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: mscorlib.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Management.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Xml.pdb03y source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: \??\C:\Windows\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA42000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.Configuration.ni.pdbRSDScUN source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: indoC:\Windows\mscorlib.pdb source: MiGFg375KJ.exe, 00000000.00000002.3345880759.000000001B618000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: System.ni.pdb source: WER2AFB.tmp.dmp.6.dr
Source:	Binary string: System.Core.ni.pdbRSDS source: WER2AFB.tmp.dmp.6.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: MiGFg375KJ.exe, -----------------------------------------.cs	.Net Code: _202B_200C_206B_202B_200F_202E_206A_206B_206F_206A_206F_206D_206B_206B_202B_202E_200B_200D_206C_202C_200E_200C_206B_202B_200C_200E_202E_200B_202A_200D_200C_206E_200B_206E_206E_202A_200B_206D_202A_202C_202E System.AppDomain.Load(byte[])
Source: MiGFg375KJ.exe, -Module-.cs	.Net Code: _202B_202D_200B_200C_202A_206F_206C_206C_200E_200E_202C_206B_200B_200E_202B_202B_200B_206B_200E_206D_206C_202B_200C_206F_206C_202A_200F_206F_206F_202D_206C_206A_206B_206E_202A_200C_202E_206A_200D_200F_202E System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848908AAC pushad ; iretd	0_2_00007FF848908B2D
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848907BD6 push esi; ret	0_2_00007FF848907BD7
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848913C7F push eax; ret	0_2_00007FF848913C8A
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF848907567 push ebx; iretd	0_2_00007FF84890756A
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Code function: 0_2_00007FF8489000BD pushad ; iretd	0_2_00007FF8489000C1

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Memory allocated: B90000 memory reserve \| memory write watch			Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Memory allocated: 1A880000 memory reserve \| memory write watch			Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Window / User API: threadDelayed 8776			Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Window / User API: threadDelayed 1003			Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe TID: 7464	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe TID: 7464	Thread sleep time: -33204139332677172s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe TID: 7468	Thread sleep count: 8776 > 30	Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe TID: 7468	Thread sleep count: 1003 > 30	Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: MiGFg375KJ.exe, 00000000.00000002.3345987358.000000001BA20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\MiGFg375KJ.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002D43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -PING!<Xwormmm>Program Manager<Xwormmm>1654380
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002D43000.00000004.00000800.00020000.00000000.sdmp, MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002D43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>1654380
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0@
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002D43000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -PING!<Xwormmm>Program Manager<Xwormmm>1654380@
Source: MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002D43000.00000004.00000800.00020000.00000000.sdmp, MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002E0E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager2

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Queries volume information: C:\Users\user\Desktop\MiGFg375KJ.exe VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: MiGFg375KJ.exe, 00000000.00000002.3341112469.00000000009F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Source: C:\Users\user\Desktop\MiGFg375KJ.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected XWorm

Source: Yara match	File source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MiGFg375KJ.exe PID: 7292, type: MEMORYSTR

Remote Access Functionality

Yara detected XWorm

Source: Yara match	File source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: MiGFg375KJ.exe PID: 7292, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 DLL Side-Loading	2 Process Injection	1 Disable or Modify Tools	OS Credential Dumping	131 Security Software Discovery	Remote Services	11 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	141 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	141 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	13 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Software Packing	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
MiGFg375KJ.exe	57%	Virustotal		Browse
MiGFg375KJ.exe	63%	ReversingLabs	ByteCode-MSIL.Infostealer.Tinba
MiGFg375KJ.exe	100%	Avira	TR/Dropper.Gen
MiGFg375KJ.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
92.255.57.155	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
92.255.57.155	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://upx.sf.net	Amcache.hve.6.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	MiGFg375KJ.exe, 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
92.255.57.155	unknown	Russian Federation		42253	TELSPRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577164
Start date and time:	2024-12-18 08:14:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MiGFg375KJ.exe renamed because original name is a hash value
Original Sample Name:	7bd6448fe487d0b8998f8da1ea906eb43a26240e8fb47f1f56fb16d5447ec333.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@2/5@0/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 97% Number of executed functions: 142 Number of non-executed functions: 4
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.22, 20.190.181.3, 13.107.246.63, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target MiGFg375KJ.exe, PID 7292 because it is empty
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:15:11	API Interceptor	4583350x Sleep call for process: MiGFg375KJ.exe modified
02:17:05	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
92.255.57.155	anyrunsample.ps1	Get hash	malicious	Unknown	Browse	92.255.57.155/1/1.png
92.255.57.155	https://reviewgustereports.com/	Get hash	malicious	CAPTCHA Scam ClickFix, XWorm	Browse	92.255.57.155/1/1.png

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELSPRU	anyrunsample.ps1	Get hash	malicious	Unknown	Browse	92.255.57.155
	sEOELQpFOB.lnk	Get hash	malicious	RedLine	Browse	92.255.57.75
	ref095vq842r70_classement_atout_france.pdf.lnk.d.lnk	Get hash	malicious	RedLine, SectopRAT	Browse	92.255.57.75
	fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5a.exe	Get hash	malicious	Stealc	Browse	92.255.57.89
	LXS5itpTK7.exe	Get hash	malicious	Stealc	Browse	92.255.57.89
	SEejSLAS9f.exe	Get hash	malicious	Stealc	Browse	92.255.57.89
	mMgFHz9PdG.exe	Get hash	malicious	Stealc	Browse	92.255.57.89
	vCZfRWB1kd.exe	Get hash	malicious	Stealc	Browse	92.255.57.89
	1891f566c018182f1b5826b5fe2a05d6927aff15638d2.exe	Get hash	malicious	Stealc	Browse	92.255.57.89
	EbXj93v3bO.exe	Get hash	malicious	Stealc	Browse	92.255.57.89

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MiGFg375KJ.exe_1afe68a24b8d99bf88be477644667aaf35e59d_20e48a1b_71e3644d-0fe0-4921-be54-3d0ed809074a\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.2151305720119832
Encrypted:	false
SSDEEP:	192:e9HFTAVz0nk1vaWQGlaTlgFF3WzuiF2Z24lO8n:gHFTACnk1varGQRoUzuiF2Y4lO8n
MD5:	F1ED71B9428F9BCC8F2847DA8B2B0EEA
SHA1:	5D9D3417096B661B18FAA91C56B18A995528AB4F
SHA-256:	0D62180D3E7B3C152F6F025000143D65CAA9AB0A25119EEF6A473EEEEFF4E92D
SHA-512:	4B006C1396EAC9EE7861A9DE39D850D71B003F9DD77DB239EEB218B44B79B81C87066970312449EC696A97B3315F441C24590F1C7A9050F63658A90C560FF6B1
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.7.9.8.2.0.2.4.2.5.8.4.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.7.9.8.2.0.8.5.1.9.6.1.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.1.e.3.6.4.4.d.-.0.f.e.0.-.4.9.2.1.-.b.e.5.4.-.3.d.0.e.d.8.0.9.0.7.4.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.a.0.4.6.f.4.8.-.6.a.e.5.-.4.6.2.4.-.8.3.4.d.-.9.7.2.1.8.2.1.6.8.b.7.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.M.i.G.F.g.3.7.5.K.J...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.X.C.l.i.e.n.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.7.c.-.0.0.0.1.-.0.0.1.4.-.7.2.b.c.-.b.5.9.1.1.c.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.d.f.a.a.2.0.b.a.4.e.9.a.a.d.2.e.1.1.a.c.d.c.1.f.a.0.3.f.2.d.d.0.0.0.0.0.0.0.0.!.0.0.0.0.2.5.b.f.1.e.f.6.1.8.2.d.d.5.3.3.8.8.b.2.3.3.2.b.a.f.a.d.c.5.9.2.c.9.9.8.3.e.0.f.!.M.i.G.F.g.3.7.5.K.J...e.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AFB.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 16 streams, Wed Dec 18 07:17:00 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	575244
Entropy (8bit):	3.0426730723050293
Encrypted:	false
SSDEEP:	3072:GdWyOhEKTPl+VNMZ1CCqqCP3+vqFe7CEI13cuRa4sxCt8CzjmHcSpRPvcAr:iA2KTPqwqq43QHQ3JaRxCt8CzqrHrr
MD5:	A75B0C635650215F06EBBF1ACD50C1FA
SHA1:	FB0BA9D89EC107477D58CB2379A1EECE42BDE109
SHA-256:	681BCF4A8BBCA80E8037F652924A4D97D2C5FB69114D6B3451303CCE7B5AE462
SHA-512:	B7ABB8A7A32A81F0E9970C5B6A454C74B2BE60D7B42B76FFA597B8306186B07ABDA8A26E86BB05454F8EBFF541B858D01A2339CDA618429F43F4BC5569AB392E
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... ........vbg........................H...........$....&......@... '.......?.............l.......8...........T............?..<...........`7..........L9..............................................................................eJ.......9......Lw......................T.......\|...\|vbg....:........................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C73.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8924
Entropy (8bit):	3.703491811817523
Encrypted:	false
SSDEEP:	192:R6l7wVeJ9o5J6YEItrgmfZZ+prg89b1kR7fiKHm:R6lXJSX6YEyrgmfne1i7fij
MD5:	C726DC3B42428A89BA1CF44DE8F5F0F0
SHA1:	AECAD8F4403EDBCBBD1E6AF6FC14CD4CB393E5DF
SHA-256:	78537FA8C279A3FEAD52069769DB2B60ADA51D6F9DE8817EF6F9E2933371E366
SHA-512:	9CE6E35DFAC5E187220FB753F1C2D6A4B8A50A39F3120F477154273F0865237A2FC81CC99E082B75B1C1B08A657963D0B12A2C3D0412CF501BDEDE7C3ED819EC
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.9.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CB3.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4782
Entropy (8bit):	4.468277911172693
Encrypted:	false
SSDEEP:	48:cvIwWl8zsWJg771I9aNWpW8VYwYm8M4JpcFv7Xyq8vjq1nYad:uIjfsI7987VwJOXWG1nYad
MD5:	19CE3188D1FAF7C337470BCB1549D4B6
SHA1:	F47DD7880A8B012A454923E752C4E20EBD19D985
SHA-256:	D4DD5334C5C413567667F35004A2BA5F70EF32B5E422D0AB5991CCD9ED3725FF
SHA-512:	0D79577B00EA2FC32373DE5405E12518A261F6FDBB018A169E10AE04D91CE78818A1FE6B05EA4ED701332EB1C72FF961637C9626F7D0F7E3B61380EFBC888FD6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636379" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.421623154362018
Encrypted:	false
SSDEEP:	6144:RSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNS0uhiTw:ovloTMW+EZMM6DFyg03w
MD5:	81B8C27DC7A116A5D940ABFC201126AF
SHA1:	8E136A28044668CC67F3FD52FBE06DB10216E854
SHA-256:	3ABA410A91A4F67071E238D8A3A4B5EC0AC60BCAEC368C99CCBBEFE26488D74B
SHA-512:	3CD40A91DCF054BC96607093B1565941CED19144BEFCA08BFC459CE4336E63D90A7477684AEE1E82CD8A1B4A417912C4EAA5B763F5AE7F36D7F16E0385993F07
Malicious:	false
Reputation:	low
Preview:	regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm*L\..Q................................................................................................................................................................................................................................................................................................................................................K.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	5.442060260254694
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	MiGFg375KJ.exe
File size:	172'032 bytes
MD5:	24c587128fec0ff6d2b02d8722c0c8c1
SHA1:	25bf1ef6182dd53388b2332bafadc592c9983e0f
SHA256:	7bd6448fe487d0b8998f8da1ea906eb43a26240e8fb47f1f56fb16d5447ec333
SHA512:	52a832340bae126eb8d1d6d316f3e9f741e23d73c1d1dca9cf8c096518174d14aa35d83e7e09f075de3afbe4e11bb7120020f4604de132b09590c97eeb3a6ced
SSDEEP:	3072:K2dT8eGZeApZQALXSt+b8aMOjx/S0hXAQltJmDfm0mbmKvD3+Ztm+p6OD/I:DGZeAAA9b5MOjx/S0hXAQltJmDfm0mbY
TLSH:	0EF3599D765076DFC867D872DEA81C64EA6074BB531B9203A02316EDEE4D89BCF140F2
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Pg................................. ........@.. ....................................@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x42b3fe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x675011CD [Wed Dec 4 08:24:45 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2b3a8	0x53	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2c000	0x4d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2e000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x29404	0x29600	39930a7769bf92556bcd6d79fbafdade	False	0.41033327039274925	data	5.4484487095064065	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x2c000	0x4d0	0x600	b96ace240ba3c99bbb9761e4e8dd22a1	False	0.3756510416666667	data	3.7307785693156315	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x2e000	0xc	0x200	bfe7ebb58020353c73f346783fabca80	False	0.041015625	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x2c0a0	0x244	data			0.4724137931034483
RT_MANIFEST	0x2c2e4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5469387755102041

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-18T08:15:24.714015+0100	2858800	ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:25.148514+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:25.276171+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:28.448509+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:28.448509+0100	2858801	ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:36.280440+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:36.282341+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:47.420925+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:47.423943+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:15:58.442913+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:58.633619+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:15:58.635898+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:09.701604+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:09.704808+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:14.967533+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.158142+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.379708+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.438957+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.490008+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.558777+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.579230+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.660367+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.750336+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:15.780113+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:15.973291+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:16.093047+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:16.720222+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:16.861498+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:16.911153+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:17.102121+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:17.104412+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:17.172114+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:17.265499+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:17.561297+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:18.214710+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:18.219524+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:18.451633+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:18.457419+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.058825+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.249605+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.297999+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.369426+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:19.489026+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.560556+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.940519+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:19.991847+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:20.061860+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:20.664056+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:20.742563+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:20.814055+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:20.862339+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.108710+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.122700+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.295000+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.419355+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.528276+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.633275+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.719231+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:21.752912+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:21.913088+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:22.063592+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:22.193448+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:22.833306+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:22.889463+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:23.024279+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:23.026630+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:23.215199+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:23.311295+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:23.662075+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:23.665706+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:24.061134+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:24.076634+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:24.984240+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:24.988136+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:25.175082+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.227602+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:25.374187+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.517890+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:25.564935+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.842394+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:25.844786+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:26.137839+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:26.146865+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:26.329096+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:26.331979+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:27.293948+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:27.686336+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:27.686454+0100	2858799	ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:27.732238+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:28.077832+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.109502+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:28.270761+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:28.558844+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.748999+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.940151+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:28.990280+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.059904+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.172329+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.180741+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.251124+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.273442+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.371728+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.393027+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.491370+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.512806+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:29.703682+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:29.705168+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.008897+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.044076+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.305233+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.306832+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.439464+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.441802+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:30.617946+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.752448+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:30.901440+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.133882+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.140787+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.324792+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.375740+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.560797+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.635446+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.751111+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:31.913421+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:31.926772+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.061828+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.118040+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.118221+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.193579+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.252794+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.525544+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.532468+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:32.821707+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:32.892923+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.012701+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.014299+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.203551+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.297324+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.326631+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.631071+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.729584+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:33.928838+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:33.945749+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.139997+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:35.141194+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.330812+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:35.331996+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.452540+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.614021+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:35.642453+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:35.733643+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:36.451634+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:36.466000+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:36.686669+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:36.698614+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:37.309764+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.489150+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.585903+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:37.608986+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.799843+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:37.873980+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:38.184566+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:38.233251+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:38.406061+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:38.411345+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:38.971381+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.157684+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.348580+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.368712+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:39.440046+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:39.488313+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:39.808701+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:40.762931+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:40.804865+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:40.876252+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:41.187239+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:41.207051+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:41.497996+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.023369+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.181906+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.182103+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:42.354035+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:42.401016+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:42.477902+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:43.068538+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.259428+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.553363+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.661961+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:43.817867+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.877520+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:43.972725+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:43.997886+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:44.308410+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:44.901669+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:44.908348+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:45.092770+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:45.147915+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:45.511195+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:45.535560+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:45.808070+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:45.808852+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:46.420599+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:46.421509+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:46.578744+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:46.732302+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.022334+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.203870+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.395412+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:47.723304+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:47.992683+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:48.108141+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:48.222124+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:48.233311+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:48.948369+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:48.949115+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.184141+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.201032+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.259793+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.565924+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.628243+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.699261+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.748137+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.823696+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.867858+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:49.938957+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:49.987611+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:50.058686+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:50.153467+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:50.465983+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:50.472190+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:51.105787+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.296091+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.487197+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.840102+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:51.993287+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:52.020671+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.113952+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:52.140379+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.211544+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:52.277390+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:52.663927+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.137772+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.151324+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.520465+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:53.536781+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:53.730525+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:54.389045+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:54.421955+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:54.612159+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:54.613113+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:54.803040+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.220927+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.403195+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.493071+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:55.522925+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.859063+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:55.905195+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:56.307887+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:56.315567+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:56.428679+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:56.440255+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:57.654820+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:57.789408+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:57.814026+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:57.909394+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:58.099911+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:58.193959+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:58.870098+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.104065+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.180770+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.183609+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.414685+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.419906+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.626478+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.730422+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:16:59.734510+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:16:59.749956+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:17:01.218003+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.262613+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP
2024-12-18T08:17:01.453713+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.529006+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.688053+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:01.719492+0100	2852870	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes	1	92.255.57.155	4411	192.168.2.5	49718	TCP
2024-12-18T08:17:06.936729+0100	2852923	ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)	1	192.168.2.5	49718	92.255.57.155	4411	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 08:15:13.263468027 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:13.383112907 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:13.383200884 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:13.566689968 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:13.687089920 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:24.714015007 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:24.833561897 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:25.148514032 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:25.190176010 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:25.276170969 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:25.395720959 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:28.448508978 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:28.502710104 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:35.847111940 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:35.966567039 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:36.280440092 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:36.282341003 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:36.401959896 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:46.987543106 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:47.107186079 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:47.420924902 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:47.423943043 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:47.543380976 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:58.128182888 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:58.247766972 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:58.442913055 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:58.487238884 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:58.633619070 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:15:58.635898113 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:15:58.755408049 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:09.268924952 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:09.388457060 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:09.701603889 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:09.704807997 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:09.824430943 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:14.534589052 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:14.654169083 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:14.654267073 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:14.773854017 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:14.847172976 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:14.967533112 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:14.967575073 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:14.967608929 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.087541103 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.087605953 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.158142090 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.158205986 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.263390064 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.263459921 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.379693031 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.379708052 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.424705029 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.438894987 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.438956976 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.490008116 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.533991098 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.558470011 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.558777094 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.579230070 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.627953053 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.660115004 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.660367012 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.721468925 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.721817970 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.750335932 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.779979944 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.780112982 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:15.841590881 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.899630070 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.971050978 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:15.973290920 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.092822075 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.093046904 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.212590933 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.212686062 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.332191944 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.456290960 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.575754881 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.575854063 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.695492983 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.695564032 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.720221996 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.768361092 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.861430883 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.861498117 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.911153078 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.911237001 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:16.981367111 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:16.981440067 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.030782938 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.101162910 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.102121115 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.104412079 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.172113895 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.221467018 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.265444040 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.265499115 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.363127947 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.387176037 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.387252092 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.507380009 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.557740927 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.561296940 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.681360006 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:17.681629896 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:17.801166058 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.018718958 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:18.138284922 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.214709997 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.219523907 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:18.339186907 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.451632977 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.457418919 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:18.577181101 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.577236891 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:18.697029114 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.706146955 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:18.826513052 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.826586962 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:18.946300030 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:18.946371078 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.058825016 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.058895111 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.065969944 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.066029072 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.178400040 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.178467035 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.185514927 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.249604940 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.249660969 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.297940969 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.297998905 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.369199991 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.369260073 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.369426012 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.455862999 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.461416006 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.461477995 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.484373093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.488771915 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.489026070 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.560271978 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.560555935 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.580998898 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.581468105 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.608586073 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.675399065 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.680222034 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.680514097 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.701102972 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.701220036 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.799690962 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.800175905 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.820700884 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.820846081 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.940356970 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:19.940519094 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:19.991847038 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.060054064 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.061860085 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.131623030 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.181571007 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.181879044 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.301806927 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.302017927 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.421806097 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.503261089 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.623013973 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.623078108 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.664056063 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.742511034 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.742563009 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.814054966 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.814127922 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.862273932 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.862339020 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:20.933660030 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:20.981826067 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.003026962 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.108710051 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.108769894 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.122653008 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.122699976 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.228655100 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.228725910 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.242470980 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.295000076 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.295057058 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.348176003 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.348246098 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.414690971 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.419354916 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.471473932 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.513428926 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.513564110 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.528275967 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.633132935 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.633275032 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.719230890 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.752839088 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.752912045 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:21.872425079 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.910113096 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:21.913088083 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.032587051 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.032689095 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.063591957 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.160310984 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.193356037 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.193448067 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.314714909 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.314817905 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.434284925 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.550152063 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.669645071 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.768665075 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:22.833306074 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.889388084 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:22.889462948 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.009104967 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.024279118 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.026629925 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.189713001 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.189774036 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.215198994 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.268347979 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.311242104 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.311295033 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.430845976 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.430908918 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.550396919 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.662075043 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:23.665705919 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:23.785204887 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.061134100 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.076633930 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:24.196247101 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.550338030 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:24.669946909 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.670032978 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:24.789555073 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.789622068 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:24.909171104 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.984240055 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:24.988136053 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.107810974 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.107880116 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.175081968 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.227514982 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.227602005 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.347121000 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.347218037 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.374186993 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.471479893 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.513370991 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.517889977 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.538201094 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.564934969 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.565047979 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.637478113 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.637614012 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.686084032 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.757241011 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.842394114 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:25.844785929 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:25.964816093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:26.137839079 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:26.146864891 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:26.266427040 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:26.329096079 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:26.331979036 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:26.451628923 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:26.452168941 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:26.571795940 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.253031015 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:27.293947935 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.372716904 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.372792959 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:27.492505074 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.492582083 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:27.612178087 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.612291098 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:27.686336040 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.686454058 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:27.731784105 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.732238054 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:27.806138992 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.851859093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:27.989818096 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.077831984 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.109402895 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.109502077 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.229159117 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.268690109 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.270761013 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.390280008 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.390537977 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.510052919 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.534341097 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.558844090 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.654699087 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.654778957 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.748999119 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.749078035 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.774401903 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.868707895 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.868782997 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.940150976 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.940242052 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:28.990204096 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:28.990279913 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.059904099 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.061173916 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.153559923 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.153666019 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.172328949 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.180670977 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.180741072 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.251123905 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.273241997 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.273442030 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.300359011 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.371727943 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.392971039 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.393027067 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.491369963 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.491437912 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.512559891 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.512805939 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.611004114 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.632947922 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.703681946 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.705168009 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.804554939 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.804662943 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.825649977 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.825741053 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.924204111 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:29.924290895 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:29.945291042 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.008897066 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.009145975 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.043961048 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.044075966 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.128686905 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.128890991 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.163634062 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.248552084 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.305233002 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.306832075 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.426342010 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.439464092 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.441802025 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.617398024 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.617491007 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.617945910 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.658989906 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.738013029 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.738075018 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:30.752448082 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.901364088 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:30.901439905 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.021049976 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.021183014 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.133882046 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.133965015 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.140732050 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.140786886 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.253570080 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.253635883 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.260278940 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.324791908 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.375648975 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.375740051 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.445183992 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.496148109 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.496216059 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.560796976 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.616187096 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.616311073 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.635446072 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.751111031 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.751260996 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.913305998 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.913420916 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:31.926772118 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:31.972040892 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.032998085 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.033108950 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.061827898 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.118040085 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.118221045 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.193386078 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.193578959 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.237926006 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.252794027 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.353446960 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.353609085 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.473459005 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.525543928 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.532468081 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.652023077 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.652081013 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.771661043 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.771729946 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:32.821707010 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.892832994 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:32.892923117 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.012562037 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.012701035 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.014298916 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.177414894 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.177480936 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.203551054 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.268392086 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.297251940 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.297323942 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.326631069 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.440196991 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.440274000 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.605375051 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.608459949 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.631071091 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.728244066 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.729583979 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:33.849227905 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.928838015 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:33.945749044 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:34.065502882 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:34.706607103 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:34.826226950 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:34.826282024 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:34.945919037 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:34.945993900 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:35.065632105 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.139997005 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.141194105 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:35.260706902 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.330811977 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.331995964 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:35.451482058 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.451669931 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.452539921 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:35.613337994 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.614021063 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:35.642452955 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.733567953 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.733643055 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:35.853085041 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:35.987607002 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:36.108170986 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.253830910 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:36.373363018 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.451633930 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.466000080 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:36.585858107 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.686669111 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.698613882 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:36.818322897 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.818398952 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:36.938075066 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:36.938138008 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.057909012 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.057981968 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.177659035 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.177722931 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.297916889 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.297969103 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.309763908 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.465339899 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.465399981 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.489150047 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.585113049 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.585902929 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.608985901 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.609889030 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.680105925 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.680231094 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.749280930 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.749883890 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.799843073 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.799858093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.871498108 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.873980045 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:37.991005898 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.993572950 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:37.993707895 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.061594963 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.113297939 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.113435030 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.184566021 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.233022928 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.233251095 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.353142023 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.406060934 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.411345005 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.530915022 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.534310102 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.653870106 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.653935909 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.773541927 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.847039938 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.966584921 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:38.966641903 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:38.971380949 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.129271030 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.129347086 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.157684088 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.157748938 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.248996019 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.249049902 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.277321100 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.277364969 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.348579884 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.348635912 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.368664980 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.368711948 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.396989107 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.440046072 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.488250017 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.488312960 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.587929010 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.653312922 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.656068087 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.775784969 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.805195093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.808701038 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:39.966655016 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:39.966758966 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.133212090 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.133322954 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.252842903 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.253895044 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.374006987 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.376327991 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.496467113 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.565565109 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.685158014 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.685224056 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.762931108 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.762991905 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.804810047 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.804864883 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.876251936 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.876307011 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.882498026 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.882549047 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.924802065 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:40.924866915 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:40.953859091 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.002029896 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.002088070 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.087261915 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.087333918 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.121619940 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.187238932 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.187309980 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.206984043 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.207051039 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.306919098 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.306978941 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.312716007 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.369358063 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.369424105 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.397855997 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.426567078 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.426661968 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.489129066 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.497996092 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.589298964 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.592339993 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.617674112 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.659138918 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.680303097 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.684066057 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.711870909 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.711980104 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:41.803636074 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.808527946 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.871102095 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:41.871210098 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.023369074 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.023490906 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.181905985 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.182102919 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.353219032 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.354034901 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.401015997 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.471524000 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.473970890 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.477901936 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.598742962 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.598906994 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.718437910 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:42.718498945 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:42.838007927 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.003266096 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.068537951 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.068658113 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.123004913 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.123065948 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.188338995 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.188417912 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.242634058 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.242705107 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.259428024 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.349338055 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.349427938 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.362202883 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.387423992 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.387480974 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.507033110 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.507107973 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.553363085 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.553957939 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.660151958 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.661961079 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.717209101 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.717403889 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.781564951 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.781919956 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.817867041 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.877407074 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.877520084 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.901412964 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.972724915 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.973973989 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:43.997050047 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:43.997885942 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.029030085 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.160413027 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.165627003 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.165740013 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.189788103 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.268495083 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.285320044 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.286103964 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.308409929 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.449265003 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.449904919 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.569528103 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.659621954 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:44.779301882 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.901669025 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:44.908348083 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:45.028047085 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.028106928 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:45.092770100 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.147793055 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.147914886 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:45.267541885 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.348814964 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:45.468482018 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.511194944 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.535559893 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:45.655200958 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.808069944 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.808851957 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:45.928529024 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:45.987910032 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:46.107475996 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.143749952 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:46.263387918 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.263619900 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:46.387741089 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.420598984 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.421509027 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:46.578743935 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.578841925 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:46.732301950 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.732369900 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:46.893168926 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:46.893248081 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.012844086 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.013063908 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.022334099 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.065383911 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.177179098 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.177273035 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.203870058 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.203967094 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.297487020 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.297600031 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.324081898 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.395411968 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.417294025 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.417382956 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.488075972 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.488154888 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.537051916 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.537117958 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.611274958 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.661199093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.720205069 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.723304033 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.801994085 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.802459002 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.911259890 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:47.911434889 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:47.992682934 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.000147104 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:48.105201006 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.108140945 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:48.119820118 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.222124100 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.228241920 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.233310938 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:48.352945089 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.412360907 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:48.533684969 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.536065102 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:48.655653000 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.655777931 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:48.775428057 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.948369026 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:48.949115038 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.068680048 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.081379890 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.184140921 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.184206963 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.200967073 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.201031923 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.259793043 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.259876966 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.303795099 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.303875923 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.320579052 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.375188112 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.388484001 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.388544083 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.423362970 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.508183002 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.508266926 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.565923929 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.628025055 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.628242970 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.699260950 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.747876883 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.748136997 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.823695898 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.867754936 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.867857933 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.938956976 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.939084053 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:49.987392902 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:49.987611055 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.058686018 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.153317928 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.153466940 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.178441048 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.269855022 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.273233891 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.273926020 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.393440008 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.465982914 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.472189903 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.591818094 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.591878891 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.711410999 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.711467981 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.830981016 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.866147041 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:50.985606909 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:50.985667944 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.105482101 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.105539083 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.105787039 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.159007072 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.265155077 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.265216112 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.296091080 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.388607979 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.388669968 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.416167021 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.416234970 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.487196922 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.487272978 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.535891056 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.535943985 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.607235909 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.659017086 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.709261894 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.709944010 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.727092981 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.829586029 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.829689026 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.840101957 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.971529961 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:51.993187904 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:51.993287086 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.020670891 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.112986088 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.113951921 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.140378952 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.211544037 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.211648941 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.277287006 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.277390003 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.331195116 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.397171021 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.518727064 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.638258934 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.638319969 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.663927078 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.663984060 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:52.897994995 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:52.898047924 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.137772083 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.137862921 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.138770103 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.151324034 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.151390076 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.209804058 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.209887981 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.257383108 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.257457972 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.271032095 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.329480886 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.342168093 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.417114973 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.417171955 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.520464897 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.536719084 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.536781073 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.656281948 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.727705956 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.730525017 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.847296953 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.847431898 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.849972010 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.850698948 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:53.967490911 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:53.970170021 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.081208944 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:54.200704098 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.301944017 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:54.389045000 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.421750069 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.421955109 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:54.541603088 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.612159014 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.613112926 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:54.732672930 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.732731104 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:54.803040028 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.852292061 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.852343082 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:54.971919060 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:54.971987963 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.092468977 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.092534065 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.212161064 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.212234974 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.220927000 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.268395901 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.373250961 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.373402119 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.403194904 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.403259039 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.493014097 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.493071079 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.522924900 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.523001909 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.594028950 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.594180107 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.642554045 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.645006895 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.764720917 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.800159931 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.859062910 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.904855967 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.905194998 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:55.997150898 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:55.997294903 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:56.025156975 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.095756054 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.116977930 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.117223024 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:56.236751080 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.307887077 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.315567017 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:56.428678989 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.436142921 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:56.440254927 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:56.560760975 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.222027063 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.341888905 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.341963053 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.461890936 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.503149033 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.622865915 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.625965118 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.654819965 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.768400908 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.789334059 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.789407969 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.814026117 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.908845901 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:57.909394026 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:57.936906099 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.069145918 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.069391966 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.099910975 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.161871910 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.190078974 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.193958998 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.291584969 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.313582897 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.313955069 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.433577061 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.581284046 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.701004982 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.701061010 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.820635080 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.820687056 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.870098114 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.870163918 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.942416906 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:58.942457914 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:58.990194082 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.064013958 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.064065933 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.104064941 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.104126930 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.180769920 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.180835962 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.183564901 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.183609009 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.223639965 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.294939995 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.300353050 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.300406933 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.303025007 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.414685011 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.419850111 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.419905901 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.539475918 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.610836029 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.626477957 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.730422020 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.734509945 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.746037006 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.749955893 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.844136000 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.853967905 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.854260921 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:16:59.869440079 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:16:59.973793983 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:00.784441948 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:00.903925896 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:00.903971910 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:01.023422003 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.023473978 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:01.142926931 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.142978907 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:01.218003035 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.218070984 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:01.262561083 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.262613058 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:01.337580919 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.382093906 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.453712940 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.529006004 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.529088020 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:01.688052893 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.719491959 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:01.721987963 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:06.936728954 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:07.056305885 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:07.060776949 CET	49718	4411	192.168.2.5	92.255.57.155
Dec 18, 2024 08:17:07.180444002 CET	4411	49718	92.255.57.155	192.168.2.5
Dec 18, 2024 08:17:07.633991003 CET	49718	4411	192.168.2.5	92.255.57.155

Target ID:	0
Start time:	02:15:08
Start date:	18/12/2024
Path:	C:\Users\user\Desktop\MiGFg375KJ.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\MiGFg375KJ.exe"
Imagebase:	0x540000
File size:	172'032 bytes
MD5 hash:	24C587128FEC0FF6D2B02D8722C0C8C1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000002.3343641450.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	02:17:00
Start date:	18/12/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 7292 -s 1976
Imagebase:	0x7ff62f4c0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Function 00007FF8489142B6 Relevance: .6, Instructions: 574COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01e756f0906cf166c34136f7665156ed95d7b09229d7d8df3d056f475b9e12c8
Instruction ID: 71ad8024944c72a1eb29aec7df86c462802995c9f2ff27db85ea415d2eeea619
Opcode Fuzzy Hash: 01e756f0906cf166c34136f7665156ed95d7b09229d7d8df3d056f475b9e12c8
Instruction Fuzzy Hash: 1112C530F1C94A4FF798FB2898596B976E2EF88341F5441B9D40EC72C6EE38AC468745

Function 00007FF84890EA26 Relevance: .5, Instructions: 471COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7decf2b3300533229e217ecca7285126b0ed60b17c307afec88c20f9422a70b
Instruction ID: 7fcbe0e3c18cb306eeea41016c4def79470db2df8019830fbc452925dcc8024a
Opcode Fuzzy Hash: a7decf2b3300533229e217ecca7285126b0ed60b17c307afec88c20f9422a70b
Instruction Fuzzy Hash: E8F1A43090CA8E8FEBA8EF28C8557E93BD1FB55351F04426EE84DC7295DB3499418B86

Function 00007FF84890F7D2 Relevance: .5, Instructions: 454COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96198968e548ef1c47d5e7e1399f8ff4fc315b40a9b2ec525f46df56c6d5aaae
Instruction ID: 1954e22ad58ce1c39f6aea6585e8f0e282ff974528536aa9b0f97f6b56482095
Opcode Fuzzy Hash: 96198968e548ef1c47d5e7e1399f8ff4fc315b40a9b2ec525f46df56c6d5aaae
Instruction Fuzzy Hash: 6BE1C23090CA4D8FEBA8EF28C8597E97BE1FF55351F04826ED84DC7295DB74A9408B81

Function 00007FF8489004C7 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c2f99c16caf9ca3c844ddb729f25d8a4a555c5a74fa9de147dfae82a123f83a
Instruction ID: dac50eaca19127ab47b5b088acda0fe2b9eb4e38fc0255b1dd3561f7aacf2ca2
Opcode Fuzzy Hash: 7c2f99c16caf9ca3c844ddb729f25d8a4a555c5a74fa9de147dfae82a123f83a
Instruction Fuzzy Hash: 0C51282770C6550FD3187E6DBC860E97B50EFC2276704877BD6C9CA053DE58684B8295

Function 00007FF84890201C Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b794c83042fcc831c4e2e433b5f2c0d6b7178b752f16ea1c5dedd71fbd4f250
Instruction ID: 985d808d1fca6a7bfdf1f7db7bf90649501146da6a7ab3dfaa6eb05890c7767a
Opcode Fuzzy Hash: 7b794c83042fcc831c4e2e433b5f2c0d6b7178b752f16ea1c5dedd71fbd4f250
Instruction Fuzzy Hash: 5C416D31A0CB8E4FD71EAB7488655757BA1EB86310F1582BED44BC72D7EE246807C781

Function 00007FF848900EE0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92eef5eebfb6d887da166bb51cf02bec501a5ec2e91a753ec0813d022d513796
Instruction ID: 84408ebca800aba701a30f950d0fe854e9d568e66432d3a9a270d7ccce4ef1ce
Opcode Fuzzy Hash: 92eef5eebfb6d887da166bb51cf02bec501a5ec2e91a753ec0813d022d513796
Instruction Fuzzy Hash: A311E23270C90C0F972CA96D981A5B677DAD3C7221B01833EE587C2296EE61A81342C4

Function 00007FF8489048D6 Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 741cc5b190447ccd91655ad1abb08c2d6fce0206873ff12151ae240a75a98bf9
Instruction ID: f779e88913641ae32cf37d37a624429932bee26d20a03fcb47b5d6d70e8d4cd1
Opcode Fuzzy Hash: 741cc5b190447ccd91655ad1abb08c2d6fce0206873ff12151ae240a75a98bf9
Instruction Fuzzy Hash: 5B51E122A4D7C24FD30A97785C660A57FB1DF4321071986EFC4C6CB1E7E518681AC792

Function 00007FF8489078D0 Relevance: 1.5, Strings: 1, Instructions: 202COMMON

Download Yara Rule

Strings

sBO_^, xrefs: 00007FF848907938

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: sBO_^
API String ID: 0-182594170
Opcode ID: e94bb0cb980d0e6f20eab432fc59ebfbaffb8af8d214f3b27fb5a234cc82392f
Instruction ID: 6ce14df034c7898d86561134b5b026f16b3edaed4d9cc7d97568c37d6eedd7b6
Opcode Fuzzy Hash: e94bb0cb980d0e6f20eab432fc59ebfbaffb8af8d214f3b27fb5a234cc82392f
Instruction Fuzzy Hash: 07516831A0CA0A5FD708BB78C85D1F93BD1EF96361F04067AD40AC72E6FF69A8058384

Function 00007FF848904BA6 Relevance: 1.4, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 3b1a59442403772afb63bd3fa39a25cd55acc6b49ed662e8fad7f53c1b802ba3
Instruction ID: cd11c45c5b7d9fa82bcaac847888fc4d22eb33bc2597da16f5232057f8042c66
Opcode Fuzzy Hash: 3b1a59442403772afb63bd3fa39a25cd55acc6b49ed662e8fad7f53c1b802ba3
Instruction Fuzzy Hash: 69512E2190E7C64FD3079B7858660A53FB1DF43214B1A86EFC0CACB1E7E508680BC3A6

Function 00007FF848904922 Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: fd628c393d4e2e5aa4415e8a9c89c71a11d1171b4c0b945b1194b7dc61c57f3f
Instruction ID: 4ea0933f489c45cc8fff2d587b7ffe41301576d7f04ba9e072e03eb1112bdfdd
Opcode Fuzzy Hash: fd628c393d4e2e5aa4415e8a9c89c71a11d1171b4c0b945b1194b7dc61c57f3f
Instruction Fuzzy Hash: 8451E32194D7C24FD30B9B744C664A57FB5DF4321071A86EFC4C6CB1E3E518680AC7A2

Function 00007FF848904AA2 Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 005da9cc2cb2e9c56997d4d279c264d02403abaafa3cea79d67a2e613a4cf15c
Instruction ID: 4d672f04446d89dad738bc5be9a4dbb2cdc6b6b3fac1efdcfa51add42bfd1977
Opcode Fuzzy Hash: 005da9cc2cb2e9c56997d4d279c264d02403abaafa3cea79d67a2e613a4cf15c
Instruction Fuzzy Hash: B551E32194E7C65FD30B97784C664A57FB0EE03210B1A86EBC4D6CB1E7E51C681BC7A2

Function 00007FF848904F32 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: f5b04cde9acd7fc58ca9223e7606ad3a2f11909dd4750059930c4f54a8d202d0
Instruction ID: 13d4ae632ee7d0e0ab4876d12959ad4d578ac851d93c96b926ff3542e8b947d4
Opcode Fuzzy Hash: f5b04cde9acd7fc58ca9223e7606ad3a2f11909dd4750059930c4f54a8d202d0
Instruction Fuzzy Hash: 5551132190EBC28FD35797348C654A57FF0EF43250B1985EBC0C6CB5E3E628681AC7A6

Function 00007FF848904B9A Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 7ba299b3f3cdef46217a037508ee19634f6e8a412f83c098a4cb4a285bf76f5e
Instruction ID: 9dabb41644aa8aff1d17b352b229c027c8f8103bfa79d4c9e41fd70ceb25cbfe
Opcode Fuzzy Hash: 7ba299b3f3cdef46217a037508ee19634f6e8a412f83c098a4cb4a285bf76f5e
Instruction Fuzzy Hash: A251FC2290E7C24FE30797784C660A53FB1DE43214B0A86EBC0C6CB1E7E50C690BC3A2

Function 00007FF848904FCB Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 23462dff7af0cfb51457020d9364aa5bc2f28aeb1e330fc87a0e347a34f16bd5
Instruction ID: 3837ce603e5c08b6153c15641047749934dd0db9af3cc0d5b8f7f30ada346dbb
Opcode Fuzzy Hash: 23462dff7af0cfb51457020d9364aa5bc2f28aeb1e330fc87a0e347a34f16bd5
Instruction Fuzzy Hash: E551DD2194E7C25FD30797788C664A57FB0EF43214B1A86EBC0C6CB1E7E518681AC7A2

Function 00007FF848904E54 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: d459773a82148b0b18643e78679ab74051d0670ffdef22f79bd3ecc4a6bc0b88
Instruction ID: 4e2f1e03508ad6fe8c2a3b40cdff63df73874a7bf0d4e3fe0a0d16a2384a3187
Opcode Fuzzy Hash: d459773a82148b0b18643e78679ab74051d0670ffdef22f79bd3ecc4a6bc0b88
Instruction Fuzzy Hash: 6F51D02190E7C25FD34797348C664A57FF1EF43210B1A86EBC0C6CB5E7E618681AC7A6

Function 00007FF8489049E8 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: c7d9ee90159fb095af793e7714f9d9924dd8223d961a5dff8aa8255f75b01367
Instruction ID: 829295cf5146b1da0fd3a472c5d11c3daccbd7578240cb50900a3308cd3d689b
Opcode Fuzzy Hash: c7d9ee90159fb095af793e7714f9d9924dd8223d961a5dff8aa8255f75b01367
Instruction Fuzzy Hash: D451AC2294E7C25FD30797788C664A17FF0EE4322071A86EBC4D6CB1E7E51C690AD762

Function 00007FF848904C20 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 5371f15d983f84a40713386476f59bf64771165518a88f4e030268ed3fe17647
Instruction ID: b42a2902533622ee801ffc64fbed1ad2d559e37173ffdaf32a28cc5245d26ee2
Opcode Fuzzy Hash: 5371f15d983f84a40713386476f59bf64771165518a88f4e030268ed3fe17647
Instruction Fuzzy Hash: F151CD2194E7C25FD30B97784C664A17FB0EE43210B1A86EBC0C6CB1E7E51C681BC7A2

Function 00007FF848904FB5 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 583a4d8c3a1e68a4fccd2a93b3a1ec8a022a37810e55b5ffdbef4d5c5e7ec17d
Instruction ID: d52e909cff61b6f0df4de0a2e79ee490c7dd9ceaa34a829dfbb6d303fa9cd380
Opcode Fuzzy Hash: 583a4d8c3a1e68a4fccd2a93b3a1ec8a022a37810e55b5ffdbef4d5c5e7ec17d
Instruction Fuzzy Hash: 3F51DD2194EBC25FD30797784C6A4A53FB0DE43265B1A86EBC4C6CB1E7E51C281AC762

Function 00007FF848904989 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: e5aaa82c54259f4e43761293da6d653cb17a0261101cd914c1d075095b50e61f
Instruction ID: 8ea7496758977f4b4d72db1eee5f4c440542c4a2d57cf0057728a1229fe23763
Opcode Fuzzy Hash: e5aaa82c54259f4e43761293da6d653cb17a0261101cd914c1d075095b50e61f
Instruction Fuzzy Hash: 1551DF2194E7C25FD30797788C664A57FB0EF43210B1A86EBC0C6CB1E7E51C680AC762

Function 00007FF848904AF5 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: a25a8fddcd89fa1159ce995f9408f533677fe45ba1a3d4d34f6c3b4f511bfea4
Instruction ID: 0174ba145f708b62df43dd773da94e5d1e84052afb11966236517c7256d6ecf2
Opcode Fuzzy Hash: a25a8fddcd89fa1159ce995f9408f533677fe45ba1a3d4d34f6c3b4f511bfea4
Instruction Fuzzy Hash: 0751D02194E7C25FD30797749C664A57FB0DF43210B1A86EBC0D6CB1E3E51C680AD762

Function 00007FF848904A32 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: b5c78001716cdf87a53efa13c227642501365a7be26c1c10352643ddc4befed7
Instruction ID: af212a25a570d65017d7e063826c4bb0801b1bf566711efcce10da7c7ae1350a
Opcode Fuzzy Hash: b5c78001716cdf87a53efa13c227642501365a7be26c1c10352643ddc4befed7
Instruction Fuzzy Hash: 0851CF2194E7C25FD30797748C665A57FB0EF43210B1A86EBC0D6CB1E3E61C685AC7A2

Function 00007FF848904A6A Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: e974b0d2a17a418f873f6a715dc7e69709f4bf528d6262a2f5543474672cf20b
Instruction ID: cda12c383692bb9f15f92a0327aff8cdeacce6d3e9ad386778314579a99a24e1
Opcode Fuzzy Hash: e974b0d2a17a418f873f6a715dc7e69709f4bf528d6262a2f5543474672cf20b
Instruction Fuzzy Hash: FE51CE2194E7C25FD34797788C664A57FF0DF43220B1A86EBC0C6CB1E3E518684AC7A2

Function 00007FF848904B2D Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 88aeb7108c9283373bcca4fb146e68eef4a3c64549d4ed777530aa8108b99cfd
Instruction ID: b137e984e72a8648e2dada777f9a0e4e2f6c9890c0f0dce51452cd0fdd1dd011
Opcode Fuzzy Hash: 88aeb7108c9283373bcca4fb146e68eef4a3c64549d4ed777530aa8108b99cfd
Instruction Fuzzy Hash: C151ED2194E7C25FD34797788C664A17FB0EF03210B0A86EBC0D6CB5E3E51C680AC7A2

Function 00007FF848904DA5 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: bbd8a2d979a7281664948f0a66265f97b039fb6243a311faf26d479c61e55200
Instruction ID: 76894889c7dc5b89f2a35ea3c58d3fb0a82a02cc9ce046e354ee00019f676dd0
Opcode Fuzzy Hash: bbd8a2d979a7281664948f0a66265f97b039fb6243a311faf26d479c61e55200
Instruction Fuzzy Hash: 4E51D02194E7C25FD30797748C664A57FB1DF43210B1A86EBC0D6CB1E3E51C681AC762

Function 00007FF848904D36 Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: ad971a0ff87384135370dd4d433038b0140d874ca0a61a6433864681e7302988
Instruction ID: aa9233955b4f67a48edd62b7d763cf8a706b96313bf5436e4241739ffc87ae9c
Opcode Fuzzy Hash: ad971a0ff87384135370dd4d433038b0140d874ca0a61a6433864681e7302988
Instruction Fuzzy Hash: B151DE2194E7C25FD30797788C664A57FB1DF43210B1A86EBC0D6CB1E3E51C680AC7A2

Function 00007FF848904E1C Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 8dec7aab2657662969aa4b56f3f9d1068bf9e38d9ff2371f09fc0bfee434abc2
Instruction ID: c6075fa5176a102fca78ba02c3f8a441daa86053072f023826292aa066916bfc
Opcode Fuzzy Hash: 8dec7aab2657662969aa4b56f3f9d1068bf9e38d9ff2371f09fc0bfee434abc2
Instruction Fuzzy Hash: 9151C02194E7C25FD30797748C664A57FB0EF43210B1A86EBC0C6CB1E3E51C680AC762

Function 00007FF848904E06 Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF848905101

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: c1ba1d90a801c1427ca33ede11bbb6223de2bb523564eb5d8ba0ab165c5565cc
Instruction ID: 6c706a4fe19558764343968f0c00fdbf1b3d9355e97bee87df2a724bb515a403
Opcode Fuzzy Hash: c1ba1d90a801c1427ca33ede11bbb6223de2bb523564eb5d8ba0ab165c5565cc
Instruction Fuzzy Hash: 2A51EE2190E7C24FD34797748C664A57FB1EF43210B0A86EBC0C6CB1E7E61C281AC7A2

Function 00007FF848910917 Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

d, xrefs: 00007FF84891093C

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 0bdf73268469d5834ee5abc134d0d2431ffa53918bafe90fa0a6757d1ec174e2
Instruction ID: fcf2110b21b56a19e68c8119388143a23aea698ca2cb7806bdb777f0661b8a54
Opcode Fuzzy Hash: 0bdf73268469d5834ee5abc134d0d2431ffa53918bafe90fa0a6757d1ec174e2
Instruction Fuzzy Hash: BF21F53171C9224FEB0CBA6884695BC36D6EB89741F54823DD5CBDB3E5DF2858048688

Function 00007FF848905260 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

CC, xrefs: 00007FF84890526F

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: CC
API String ID: 0-3501234288
Opcode ID: 833bf02ed062bde51d93c97a794a908f0d92f6db8574e9bb4c4befc72b472909
Instruction ID: 0178c5e6d333a873be5744a9fd8c24fe31293d53c79afbb196a2bbcba82fb893
Opcode Fuzzy Hash: 833bf02ed062bde51d93c97a794a908f0d92f6db8574e9bb4c4befc72b472909
Instruction Fuzzy Hash: D5119621F1CD469FE29CAB3C842E5357BC2FF5A782B1541BED44AD32D6EE24AC404A46

Function 00007FF848900488 Relevance: 1.3, Strings: 1, Instructions: 61COMMON

Download Yara Rule

Strings

sBO_^, xrefs: 00007FF848907938

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: sBO_^
API String ID: 0-182594170
Opcode ID: f167ac5fec11a83f64fa6617b370e461aa927f19fbb155977dede5eb7a9c0139
Instruction ID: ffd6b815d9caa1c664bceb75c6b7406bfcc1a834d22999402dbed01dbe90cfda
Opcode Fuzzy Hash: f167ac5fec11a83f64fa6617b370e461aa927f19fbb155977dede5eb7a9c0139
Instruction Fuzzy Hash: 4A115330E0DA176FE759BA2844886BA2A45EF827F5F040275D419CB2D6EF5DE8008288

Function 00007FF848909764 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

sBO_^, xrefs: 00007FF848909781

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: sBO_^
API String ID: 0-182594170
Opcode ID: 170e22e0504eabeaf560f1d9e7781ca086ef79e3953b30a875f1a212ef59b41d
Instruction ID: a5feb850c6ff32773ab2b76526751170346cd32280a369c6bc6c6c332fd7dee8
Opcode Fuzzy Hash: 170e22e0504eabeaf560f1d9e7781ca086ef79e3953b30a875f1a212ef59b41d
Instruction Fuzzy Hash: 91F0A731A8C9065FE71AFB14D4957FC3692EF82391F44063DD50AC62D2EF6C69014704

Function 00007FF84890782F Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

sBO_^, xrefs: 00007FF84890786B

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID: sBO_^
API String ID: 0-182594170
Opcode ID: 88dd45132b08d5834270c99b2752e6029fa65f1a92e4b9366ba4990b8b42d66c
Instruction ID: f926654bca6b65186f49b04112f2f06df450a99f513af680d06e6a5edf3c6ef4
Opcode Fuzzy Hash: 88dd45132b08d5834270c99b2752e6029fa65f1a92e4b9366ba4990b8b42d66c
Instruction Fuzzy Hash: 66E09A20A0D9022EF304FB38400A3BD28429F827D5F014578E00AC62D7EF2DAC92D245

Function 00007FF84890F3E6 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8632f82d32de3b5501451e2d6d359f4eba5397d7afa16666d51fe9e4039028e2
Instruction ID: cde3216afc61fac19e6afaf4a26d58e92863524a1b4f3d5e681ee85e26c8e6a6
Opcode Fuzzy Hash: 8632f82d32de3b5501451e2d6d359f4eba5397d7afa16666d51fe9e4039028e2
Instruction Fuzzy Hash: 5FB1C33090CA4D8FEB68EF2898557F93BE1FF55351F04826AE84DC7292DB7499418B82

Function 00007FF848909D0C Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95b3fc6f44469c1260dedd3fd78dc3ce10d3cf11687007dcaeb046a45ef59beb
Instruction ID: 80f49d218a37c0dadfe57d911fbee7277a0bef125ce2f1da21b349ddaf9d7926
Opcode Fuzzy Hash: 95b3fc6f44469c1260dedd3fd78dc3ce10d3cf11687007dcaeb046a45ef59beb
Instruction Fuzzy Hash: E391483090D6C68FD70BE73488556A5BFA1EF47361F0842EED04ACB2E3DA686C46C755

Function 00007FF848911DE0 Relevance: .3, Instructions: 258COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24edf054a721402281cf6d090e9967a0f25bfa25b6618ab3150b8acee6c3e4f1
Instruction ID: f930b11d3c82a40dbaa3a3f94e6822034073790563bf788a3e45a472bac88d00
Opcode Fuzzy Hash: 24edf054a721402281cf6d090e9967a0f25bfa25b6618ab3150b8acee6c3e4f1
Instruction Fuzzy Hash: 97711630E1CE4A9FF759F76898596B97FA1EF85742F0402BAC00AC3397DF2868058345

Function 00007FF848910A43 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ade204db21003323f6f39ae6d14efe33b02133981b22299a142e3e290d4fdc0
Instruction ID: 365e9d5371cb0e50353f2f30772a8a3f218ef06988272584c9f351ec2bf5b04a
Opcode Fuzzy Hash: 1ade204db21003323f6f39ae6d14efe33b02133981b22299a142e3e290d4fdc0
Instruction Fuzzy Hash: 1471F23090CA4C8FDB59EB68C8557E9BBF0FF5A311F1442AAD089D7296CA346846CB81

Function 00007FF848901494 Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49399901631c68d37f916e30a1f5a516e23471ea20c5d89b6326b1f795e4d173
Instruction ID: 278b2a4d01d9c808325f7a9afae436d842d995a20270cda9c98c0c7bd1fbc4b3
Opcode Fuzzy Hash: 49399901631c68d37f916e30a1f5a516e23471ea20c5d89b6326b1f795e4d173
Instruction Fuzzy Hash: 5E71E261E1CE875FEB4EAF3884556A5BBE1FF65340F0542BAD04AC71C7ED28A8058750

Function 00007FF848900EB8 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6800a2540767a585af596faf194695745cddc8067d39d84ff8ba68e1847e67a
Instruction ID: ef61c2d8e1c1a72e95fddfabe6c16c9820da5d809d26c6cc4ec3c49ef518b768
Opcode Fuzzy Hash: d6800a2540767a585af596faf194695745cddc8067d39d84ff8ba68e1847e67a
Instruction Fuzzy Hash: 7D51A221E2CE875FEB5DBF28845A6A9B7D1FF64340F4446BAD04FC32CAED28A4458740

Function 00007FF84890A1B8 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6945892d89d76405aacf74b473828977bc3d7cae272f358ce7f32dd594cfeaa1
Instruction ID: ed0bea632a6a9207b8b6b86d55f7122bf45f8f2f1e3bf2979c08cf5ef14710d3
Opcode Fuzzy Hash: 6945892d89d76405aacf74b473828977bc3d7cae272f358ce7f32dd594cfeaa1
Instruction Fuzzy Hash: 3A51F721F0D9490FE75DA63C582A2BD2AD1EB9A351F45027EE08AC72CBED1C5C4643C5

Function 00007FF848909970 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9920f1bfaf604d147da0d828f6c3a2fa5ed77371bf7df301963b281d2dd1eba0
Instruction ID: 931789aae1ee8a9593f8d7043901512286d1d2f1722fcc8e3a1faf5cefd8f08e
Opcode Fuzzy Hash: 9920f1bfaf604d147da0d828f6c3a2fa5ed77371bf7df301963b281d2dd1eba0
Instruction Fuzzy Hash: 5951C33090CA498FDB59EF68D8596A97BF1FF66311F0501BED04AC72A2DB38E801CB51

Function 00007FF84890A2C5 Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deef99537157517b804ecf6d78a8d17ee48d0d945ad60d440d5baa1611ef87ea
Instruction ID: 6744d731c63fb386da3dca730ca06c4df17487b08ade3c67e6f0f8d638bfd340
Opcode Fuzzy Hash: deef99537157517b804ecf6d78a8d17ee48d0d945ad60d440d5baa1611ef87ea
Instruction Fuzzy Hash: 9751A261F1CE098FE758AB2C545A2BD77D1FF99381F44467ED04AC328AEE28A8424785

Function 00007FF84890C31C Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74250abf6776859b3d076ff335e7109912b317202ea82facd83a7972d6cd9cf0
Instruction ID: 1beb3286eb03434df876cd24edb36533055df7eff41ebe20f803a2f3065ec1da
Opcode Fuzzy Hash: 74250abf6776859b3d076ff335e7109912b317202ea82facd83a7972d6cd9cf0
Instruction Fuzzy Hash: FD516230918A1C8FDB58EF58D845BE9BBF1FB59310F0482AAD04DD3256DE74A9858F81

Function 00007FF84890B593 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4456d88cb1f1a5364bc1b0574c3f4ab3d3c8bbb877a50f2d8f9bfa4323cba5de
Instruction ID: 8861d73291f596966cecfea24cfb604c3d00ba802e02e4018a01468bb293b05b
Opcode Fuzzy Hash: 4456d88cb1f1a5364bc1b0574c3f4ab3d3c8bbb877a50f2d8f9bfa4323cba5de
Instruction Fuzzy Hash: D8518130A08A1C9FDB58EF68D8857EDBBF1FF58301F14426AD04DD3256DA34A8468F81

Function 00007FF8489119DA Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52399b7b304e4544772631dabcea0db08ffa6f813ed944a3d5f635839460f61e
Instruction ID: e82907760cc7d7ebf1478228950d96c6971d1241dee58fbb6b763f8d952127c2
Opcode Fuzzy Hash: 52399b7b304e4544772631dabcea0db08ffa6f813ed944a3d5f635839460f61e
Instruction Fuzzy Hash: D1511871E0DACA5FEB09EB6488651E97FB1EF46351F0942FAC044DB2D7DA2C1806C791

Function 00007FF848912E44 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 683e32567faf40de17768ae22cba27dd5a3d779d033b8ba22e98fad4ab8d9b39
Instruction ID: aec0f1f8d9f16708c092c61f9500b94b86367b2ab9abaa9817a4f25a295e9f47
Opcode Fuzzy Hash: 683e32567faf40de17768ae22cba27dd5a3d779d033b8ba22e98fad4ab8d9b39
Instruction Fuzzy Hash: 7841F33190CB498FDB09DFA888557E9BFB1FF56320F0482ABC049C7292DB789845CB81

Function 00007FF8489124E6 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1da8797f5980116d74ea36e72caf7192a95b45be10d287f20183677a6de64d9
Instruction ID: 85af164deead147b53413da84c026a4bfe3ebc506c0a5717846e401b0107d024
Opcode Fuzzy Hash: a1da8797f5980116d74ea36e72caf7192a95b45be10d287f20183677a6de64d9
Instruction Fuzzy Hash: DF41A170A0CE098FEB4CFB58949A6BD7BE1FF58351F40042EE05BD7292CE74A8428B45

Function 00007FF8489022C5 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028378960a94e7e91164492c6298b10e0cf30a51f434bfdc63f51639557fae27
Instruction ID: a3c071eba94864e12932222848c266a44b9746d51525691bd192c7aa4bdd3bc9
Opcode Fuzzy Hash: 028378960a94e7e91164492c6298b10e0cf30a51f434bfdc63f51639557fae27
Instruction Fuzzy Hash: FF517A6140E7C24FD30B9B7488661A17FB1AF53215F1A45EBC0C6CB1E3E62CA94AC762

Function 00007FF848913912 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 642dc0dd4402be5d54aeb066cf2ccf3cf95157725bcde4c8f3266d06c8891807
Instruction ID: 0a5596c2aaab5c80dc16cb0a734462f14fb549ce29ae25e1f5010c25786cb295
Opcode Fuzzy Hash: 642dc0dd4402be5d54aeb066cf2ccf3cf95157725bcde4c8f3266d06c8891807
Instruction Fuzzy Hash: B541F471A0CE098FEB59EE2C84955A977F1FB98351F04467ED04BC7396DF38A8019B44

Function 00007FF848912380 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db72492c98a8041507f6d12c44c87bcb64d64b5e793476713a46650fdd6684f
Instruction ID: 2ac1a3cf322dd2e9d84f856144ee9e174a20634a7ec0acfe287d7c363fee5f4f
Opcode Fuzzy Hash: 6db72492c98a8041507f6d12c44c87bcb64d64b5e793476713a46650fdd6684f
Instruction Fuzzy Hash: 4031F332A0C91D4FEB6CFA68985A6FD77D5E789361F40423EE00AD72D5EE64680183C5

Function 00007FF848911A88 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1223ed981b3c3c74b5baa0e4874ee18da7e51a453f893b3c30fdd4a8010bdb5
Instruction ID: b19b5485aa5719f7317c38930255cf958a376c93d93ee69a3b51ca68a67b7d63
Opcode Fuzzy Hash: b1223ed981b3c3c74b5baa0e4874ee18da7e51a453f893b3c30fdd4a8010bdb5
Instruction Fuzzy Hash: 5D41E371E0DAC99FEB06DB64C8645E9BFB1EF46351F4901EAC044DB2A7DA2C1806C751

Function 00007FF848907D28 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 655934ccceaec601fdd00dd338df08db4ad0f706354fdfc843e6076ad6754ef9
Instruction ID: 3511cd21de6410a133221ebd3f5d398e0469094a33f5017090ee76b10f4eb20e
Opcode Fuzzy Hash: 655934ccceaec601fdd00dd338df08db4ad0f706354fdfc843e6076ad6754ef9
Instruction Fuzzy Hash: C231F26250EBC61FD31B5B784C7A0B17FA5DB4356070A42FFD086CB1E3EA09580B8396

Function 00007FF848911520 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8adf7dda2158a8907e301317240afdf6ea838bbce9e0a9fdecb6d21ab8c1ec3a
Instruction ID: ac55b78d7899e7d560919bbc24c660a1d8725ffaf4848441abc49099f952837f
Opcode Fuzzy Hash: 8adf7dda2158a8907e301317240afdf6ea838bbce9e0a9fdecb6d21ab8c1ec3a
Instruction Fuzzy Hash: AA411271C0CA889FE725EF6C98496F97FF0EF56351F0401AEC09AC7293DA246805CB56

Function 00007FF848906FB0 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30afdd0f75c3d05f5e41499833824816d2110b010ee4e8a30f2a002aff59bbbe
Instruction ID: 28ad0023ab8bd6aa55491413d5189d2c8a9ed3e713f101af72d281c71c9d0741
Opcode Fuzzy Hash: 30afdd0f75c3d05f5e41499833824816d2110b010ee4e8a30f2a002aff59bbbe
Instruction Fuzzy Hash: 55214E6260CA5A1FE32E657C6C6B4B13FD5D743671B0501BFD487C71E3ED0968034295

Function 00007FF8489073F3 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca0ca78024073676c41505ceeb904cc9af8ba57bdc2b5d1e903cde0d0769c96b
Instruction ID: df312e427fd82ef7c7a7fb78101cabf4dddbff9b0ec605c3a2b83314306a0952
Opcode Fuzzy Hash: ca0ca78024073676c41505ceeb904cc9af8ba57bdc2b5d1e903cde0d0769c96b
Instruction Fuzzy Hash: 97310C31B1C91A4FE758FB2C98495F977D2EB84362F44473AD08FC3395DE28A8428685

Function 00007FF8489004E0 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fe2f40966c0d840884073760ae7fe967b88c57b09674a3641450a2c5d1a7ba8
Instruction ID: 45e4b34a7120ff6bf3152cb2c390a0eedea0fb42d1658ae8781f0bee0c3e7359
Opcode Fuzzy Hash: 2fe2f40966c0d840884073760ae7fe967b88c57b09674a3641450a2c5d1a7ba8
Instruction Fuzzy Hash: 7B31B42B70D9564AD3157B6EB9451EC3B50EFC12767088A77D2C8CD083DE5C688E83A5

Function 00007FF848913448 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d811f6402368335ad705d295732509d9dc49d35c5e2ea099b0dd60ccc351a9d6
Instruction ID: 25b4eb038cfc5d604eb8ea0d57ccfed90d7eb3c38346ffdcbdf0dc52fceabcc6
Opcode Fuzzy Hash: d811f6402368335ad705d295732509d9dc49d35c5e2ea099b0dd60ccc351a9d6
Instruction Fuzzy Hash: 0E31F37080CB889FEB16DB6898587E97FF0EF56321F0441AFC0C9C3193DA686805CB52

Function 00007FF848901F52 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cf83a062be492734a2359359f2f4dfd4fb4221e7ad63f66f425a42a55ffc643
Instruction ID: d2b3a3b0136354620cd83384e3516ba555887f343adf6387572ca16bc70cf34b
Opcode Fuzzy Hash: 9cf83a062be492734a2359359f2f4dfd4fb4221e7ad63f66f425a42a55ffc643
Instruction Fuzzy Hash: B8316D3150DB854FE32AAB649CA44727FA2DF83361B1942FFC146CB2E3EB196845C395

Function 00007FF848910FC0 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f0933839e6538e3b1efcd83f23bf925ca4e015d3794b1a930883892dbd21367
Instruction ID: f20a7045b598a8d1b4cebd1f2d1db117009d867dc214190ec2de00cbe0e8afa0
Opcode Fuzzy Hash: 6f0933839e6538e3b1efcd83f23bf925ca4e015d3794b1a930883892dbd21367
Instruction Fuzzy Hash: 30310531B0CA1D5FDB48FB6CE8995EDBBE1FB89360F04027BD40AD7392DA2458408780

Function 00007FF848911550 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7769481c51da157452fea6b255fbb02cb580bc4b515c320b3b7685e182fc89be
Instruction ID: 450de2a8797b93ab3da8716462a96b4b5ae8646654a8f5810b813df108c5b3e9
Opcode Fuzzy Hash: 7769481c51da157452fea6b255fbb02cb580bc4b515c320b3b7685e182fc89be
Instruction Fuzzy Hash: 2B31A07190CA489FEB29EF6CD8896EABFF0EB56311F00416FD08AC3252DA746805CB55

Function 00007FF848900500 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77cd76effaf4f422d553f18261e9da8beef899b1a4b3ca578e715ee37e4ff186
Instruction ID: d954ba552f146678b264097a5256c3420dac36b7593e2eee468b90b4fec5e424
Opcode Fuzzy Hash: 77cd76effaf4f422d553f18261e9da8beef899b1a4b3ca578e715ee37e4ff186
Instruction Fuzzy Hash: 3F21D62B70D9550AD3017B2EB9461EC3B50EFC1276B084677D6C8CE083DE5C688A83A5

Function 00007FF848905E25 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab1c4e8e3e9aabd3e5ebb212274ad092b235b1fbb3169fcf3fcea7d5589093df
Instruction ID: eba900b9724e7f555e6522e0155827fcfe0cc7290fe542b0c5f7412e5b51215e
Opcode Fuzzy Hash: ab1c4e8e3e9aabd3e5ebb212274ad092b235b1fbb3169fcf3fcea7d5589093df
Instruction Fuzzy Hash: 56311671E0C98B5FEB48AB6484291BDBEA1FF46381F4401B9D105DB2CAEE3C59048796

Function 00007FF8489106C8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5612dfff1e52ee7ddd17d85c91484934934f3cee5701dc18af8a7844cbc8d67c
Instruction ID: 5c20565bf9dacb688eb2e054d7c945384d391ca453285e9dce690f87896cf4cb
Opcode Fuzzy Hash: 5612dfff1e52ee7ddd17d85c91484934934f3cee5701dc18af8a7844cbc8d67c
Instruction Fuzzy Hash: 0631D16294EBD95FE743A7B458191D97FF1EF97221B0901FBD088CA1A7DA1C080AC362

Function 00007FF848910C99 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb4102b6517e885f9444c48d61ac2247cc5b836ede1fc6a140b082c0f480b6c7
Instruction ID: 0ef95c84ec944ce459bfa296cab8783723b3fb1245ee9e960dedd212a36071a1
Opcode Fuzzy Hash: eb4102b6517e885f9444c48d61ac2247cc5b836ede1fc6a140b082c0f480b6c7
Instruction Fuzzy Hash: 4E214631D0CA8A5FE70AFB389C585B53FA1EF463A1F1802BAC045C72D6DE286845C791

Function 00007FF84891323B Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c478136c5c907d2d210229be1353b72dc2dc406e06308c79f8406347f789305
Instruction ID: 2c7bd04092f1af0a042ed16144c621922e0f54b38b6e841c7ecd7a46c6daa39d
Opcode Fuzzy Hash: 6c478136c5c907d2d210229be1353b72dc2dc406e06308c79f8406347f789305
Instruction Fuzzy Hash: 3331D53054E7CA4FE757A77488252A17FF1EF87261F0941EBC086CB293DA5C4806C362

Function 00007FF8489089B0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ca966b8fc04f9a46f073ffb9d16240ecdec53856e8e2e07625bc1b6e0427b90
Instruction ID: e5fd22045babf404f157539f846341b72f435019e9a79349facf72ac760b93cb
Opcode Fuzzy Hash: 3ca966b8fc04f9a46f073ffb9d16240ecdec53856e8e2e07625bc1b6e0427b90
Instruction Fuzzy Hash: 83210131A0DBC18FE316A6785C690647FE0DF53661B1900EBD089CB2A7EA6C4C4AC356

Function 00007FF848911814 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 464abca64d8a88661ae1c3ab440e924d964408989c01ea42e4ea0ce5e9329d24
Instruction ID: af941bbbe44ac222d4b3f3bb23b062125305c4164a218f0fd3ca7dc94731def1
Opcode Fuzzy Hash: 464abca64d8a88661ae1c3ab440e924d964408989c01ea42e4ea0ce5e9329d24
Instruction Fuzzy Hash: 4721D371E1CE0A9FE758FB28804827966D1FF58391F1495BAC45EC7297CF38A8818740

Function 00007FF848910DA9 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fac2b088a574f39ee2dee43d4a302c1a25e3603a9c93daa59beecabda04e9c7
Instruction ID: d90c0d2516142abcc45a0038ad0f78cb4a4d75ebc4f624e6b4c5da10a92de515
Opcode Fuzzy Hash: 3fac2b088a574f39ee2dee43d4a302c1a25e3603a9c93daa59beecabda04e9c7
Instruction Fuzzy Hash: CF217F20F1CD199FEB86F76C842A1787AD2FF59752B4401BAD009C3397EF28A8818701

Function 00007FF8489110FB Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e9dd2d13533b1277071af20589625b494bc940e0cb98a2c5debc02a6c2e5a5
Instruction ID: 9c5af60dfbc080072f5ff141b5554c79b052fc10fe5423423a9cc60447d27eed
Opcode Fuzzy Hash: 52e9dd2d13533b1277071af20589625b494bc940e0cb98a2c5debc02a6c2e5a5
Instruction Fuzzy Hash: 2021F330F1CD4A6FF38CFB38842D678AAD2EF58351B5406BAD40AC3397EE2898408745

Function 00007FF848908467 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0507425735346eac8aa091c9e1e2ef165c0dc3e8f6a342bd27319e94846c55ea
Instruction ID: ee2036f70a470e3027e9d4fde5cece87fa8105bfdb5d75b6cd8e347cd77e23b2
Opcode Fuzzy Hash: 0507425735346eac8aa091c9e1e2ef165c0dc3e8f6a342bd27319e94846c55ea
Instruction Fuzzy Hash: 5E119021B1C9064FF358BA3C582A27D65C3EBD8B91F594179D40ED73CAEE68AC021245

Function 00007FF848912A90 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b23b9b05aa572bb393eccff3655780ab158fbaf871e92c34f5da2e1932adeaad
Instruction ID: 206e6af6abe53d325733fc6d808a70b7774d14ebec1185b0c37642d309247703
Opcode Fuzzy Hash: b23b9b05aa572bb393eccff3655780ab158fbaf871e92c34f5da2e1932adeaad
Instruction Fuzzy Hash: 7E11A31195D6C55FE71AA7A828281A17FE4CF4726AB1800EBE4D9C62D3DD091816C3AA

Function 00007FF848900540 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07cc7fd908eb44969219a8e97d1523cbc5b0f807eaf6c21b129be807e379205c
Instruction ID: 73b495aaabd308a66eb260eaf151b3f61600508bf66ef4023e55fa387422e196
Opcode Fuzzy Hash: 07cc7fd908eb44969219a8e97d1523cbc5b0f807eaf6c21b129be807e379205c
Instruction Fuzzy Hash: F101041BB0C9890FE311762EA8460EC3F50EFC2366B0806B7D6C8CA053EE4C285A43A5

Function 00007FF84891244A Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50b7ad202d5c6da1313f9f911279f4b3e2d547b0afe57e3b587e4266af904ead
Instruction ID: 6c48193b79a82458c1781151271ae689606cfdfd094ddba3d022caab84ba83c5
Opcode Fuzzy Hash: 50b7ad202d5c6da1313f9f911279f4b3e2d547b0afe57e3b587e4266af904ead
Instruction Fuzzy Hash: 8201B932B1CD190FE74CFA7C68171FC7681E78A761B40427ED50AD77D6DE18680102C9

Function 00007FF8489031C0 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd566243c89a419f459cdc8c1ef25104b8d74fbe0225aea6d3997ceeb06e9a4f
Instruction ID: 931978df19d6e167d5d73cf083edf372db978318984961278ce68b7dbb565195
Opcode Fuzzy Hash: cd566243c89a419f459cdc8c1ef25104b8d74fbe0225aea6d3997ceeb06e9a4f
Instruction Fuzzy Hash: 2811C621A1DFC54FD767973C5825061BFF0DF57202B0945FBC4C9C35A3EA0968068386

Function 00007FF848907400 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b28c7cc15fcddba71e828ab1dfc6fff91afb35f4d782c3035eaf0178cc39bb60
Instruction ID: fb73cd182ee03ae0b4b92fcb8626335e5b520bff7ec3c312621558bd0e86b53b
Opcode Fuzzy Hash: b28c7cc15fcddba71e828ab1dfc6fff91afb35f4d782c3035eaf0178cc39bb60
Instruction Fuzzy Hash: C4010830E1C91E4FF768FA28844A5BA77A1EB85392F04463AD04FC3385DE68A8019285

Function 00007FF848909EF4 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6603e9b0d8278e46fd79263310d0124b65e57e895a1bac64fa6c296f2100e03
Instruction ID: f5d561095fc07dd56e7d43d0f161f4175f9cd7d988ce3f3e08f0c8db0f9a3e94
Opcode Fuzzy Hash: a6603e9b0d8278e46fd79263310d0124b65e57e895a1bac64fa6c296f2100e03
Instruction Fuzzy Hash: B511AF30E0C80A8FDB49EA58D448AB97BA2FB89352F14817DD10AC7394DB35A842CB40

Function 00007FF848900548 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c711b92da3e758ebf1b37a3adeccd7fc9b267312b116574e713c45a53a111c4
Instruction ID: 08f78548dffc02ef8217893288cdfdfd4bae27d3be7a24746927229f78c9ab5e
Opcode Fuzzy Hash: 1c711b92da3e758ebf1b37a3adeccd7fc9b267312b116574e713c45a53a111c4
Instruction Fuzzy Hash: E801F51BA4DA890FE311773DA8460EC3F60EFC2266B0906B7D6C8CA053EE4C685943A5

Function 00007FF848900ED8 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cff2419778966c601eafe783497e611cfd5ad1e8a26422830424874ee829ca5
Instruction ID: b350ed968ebc23261c59d5ac1539705558f2c7db8234f334ecd3873073589101
Opcode Fuzzy Hash: 7cff2419778966c601eafe783497e611cfd5ad1e8a26422830424874ee829ca5
Instruction Fuzzy Hash: A3012B3310D5090FF31CA96DAC4E4B1768AE787270761523EF146C7296FC55A8538184

Function 00007FF848900A8D Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df61fadf58079d0b861aa51cf3f650594dadb9afda8370adf5b61405b006914b
Instruction ID: 1b3469c4619ddfe2f80c5789f71a9cacdcd9b4ad159879184643444c30269009
Opcode Fuzzy Hash: df61fadf58079d0b861aa51cf3f650594dadb9afda8370adf5b61405b006914b
Instruction Fuzzy Hash: 1111D67192CB415FD748FB28804A96AB7E0FF98245F40047DE089C7296EA38A5418B42

Function 00007FF848907995 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6bd17601352fdc033df8ff7d3be6fc59897ea85c56839c434952fdd198bb30d
Instruction ID: 679924ac77dc23fbd1646c8ef01c91351e78555bc494f9f176008b0f20e7f22b
Opcode Fuzzy Hash: c6bd17601352fdc033df8ff7d3be6fc59897ea85c56839c434952fdd198bb30d
Instruction Fuzzy Hash: 1F11217194CA895FD709EB78C8AC0AD7FE1EF66310B4101BBE406C72E6EF684914C391

Function 00007FF848902BA0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3c0f6844274ea2036eec5eeca5d777d18427f128376b09eb59cb0d253647c6c
Instruction ID: 856b2bdee33b23133a814fcc6a77f0f12a89cf651a7ec9ffacd8bb5a0be1f15b
Opcode Fuzzy Hash: c3c0f6844274ea2036eec5eeca5d777d18427f128376b09eb59cb0d253647c6c
Instruction Fuzzy Hash: 3E01493250D7850FE31E9A798C598613FA6EB4326472A42AEF085CB2E7E8649C07C354

Function 00007FF848913B22 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b73a4f789d52e7a8e4b667254da4f9b1e66cbe5a27892fd81a5a3e249c3833ab
Instruction ID: be59fc78d09cdb485dd0e6344c2fe1f4e6cd9e72e240f20f9a2a6b5ca226fb8f
Opcode Fuzzy Hash: b73a4f789d52e7a8e4b667254da4f9b1e66cbe5a27892fd81a5a3e249c3833ab
Instruction Fuzzy Hash: 6811C630A1CA458FE388EF3C986923876D1FF99751F4506BEE059C73D6CF28A8418B45

Function 00007FF848909FA9 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abf914151babc3746988855bbed07667daf1add255bfb8fa3b394642f13f39b1
Instruction ID: ba23e937e7ea4d74fe3017b6f7a1d0fe77edc86e774d7c7ee5b309a5c1d9191e
Opcode Fuzzy Hash: abf914151babc3746988855bbed07667daf1add255bfb8fa3b394642f13f39b1
Instruction Fuzzy Hash: BE115130F1C80A8FDB59EA58D4489B977A2FB85352F14817DE20AC7394DB35AC42CB44

Function 00007FF84890990E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d03fb8c6203a30fd189aa7f9ca64735b787a9b45528f41f6a5b311de77cf3b07
Instruction ID: 3407978fd42f4aa31604c80e95484959cbfab1027a747cd0153b87ec246cdada
Opcode Fuzzy Hash: d03fb8c6203a30fd189aa7f9ca64735b787a9b45528f41f6a5b311de77cf3b07
Instruction Fuzzy Hash: 65012B21F0CC064BE749A66C45182B936C2DFC5791F658279D00AC72DEEE2C6C158385

Function 00007FF8489093E8 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c3f6359cd2813c9d4a5f21648e7a685f76311365da6b0d69a63f5c5d97f5728
Instruction ID: 235d9edcd192a53624edc32fe46abd24d57d55f1107374ec93071833eb6856d9
Opcode Fuzzy Hash: 2c3f6359cd2813c9d4a5f21648e7a685f76311365da6b0d69a63f5c5d97f5728
Instruction Fuzzy Hash: DBF0A022F6C9281BA62CA19D7C0A4B6BBD8E789AA6F10007FF44EC3786DD555C4241D9

Function 00007FF84890AC69 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2b7d863295534538820343613657c21fdbff1b18e14cee2fe931c2c95d40e83
Instruction ID: ac0eef5f99e64178ed9f6b94056ac09f11f68fa59151c2da7f0c9b0c1ec16e09
Opcode Fuzzy Hash: c2b7d863295534538820343613657c21fdbff1b18e14cee2fe931c2c95d40e83
Instruction Fuzzy Hash: 48F0FC3171C5194FE608AD6C8D4917976C2E7D5301F61C338D44AD73DEED389C059284

Function 00007FF848901974 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24b5ce4f575825be9e32b80a83db4f48f29cee21ea12c03bb6f3f54f688d57b7
Instruction ID: e072bba20650b58da2aef8580d6967e4702e7adac04fb6b9ebb71bf239722f47
Opcode Fuzzy Hash: 24b5ce4f575825be9e32b80a83db4f48f29cee21ea12c03bb6f3f54f688d57b7
Instruction Fuzzy Hash: B0F0C23171CA018FD30CEA28C856579B3D6FB9A30AB10567DD08BC2296EF28E502894A

Function 00007FF84890140A Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5ad3bbe4b7727f00aa22cc3b871b61e8253410b407a0fc16469a7819b2a7446
Instruction ID: 9298fc3727366d2e149414d94c7de6839110b84036b19ab7383a2316573416c4
Opcode Fuzzy Hash: f5ad3bbe4b7727f00aa22cc3b871b61e8253410b407a0fc16469a7819b2a7446
Instruction Fuzzy Hash: 4BF08232B9DA054F931C7A5CB8560B8B7C1EB46626B1002BFD14FC5192EE1AA453858D

Function 00007FF848908217 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01ab0187f3859dd32a97a327d57fc39ae86046042afcd97a7d574c1edc6a97c5
Instruction ID: 55a072b26ca0dece31f041bf15febc2c8ad364ce5f925293a8dd0c78f600fa64
Opcode Fuzzy Hash: 01ab0187f3859dd32a97a327d57fc39ae86046042afcd97a7d574c1edc6a97c5
Instruction Fuzzy Hash: EB012160E2C90A5EEB48BB78442A1FD9DA1EF56392F944479D00AD32CBEF7CA8014715

Function 00007FF84890A3A9 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31d344e9cb602db403c8f7d2259c40b0c3714fd7d02698f67268fcd4816c6bdf
Instruction ID: 1e73db5ae14080b15876152cb285b345ea7627ff886762511785ef115437ac40
Opcode Fuzzy Hash: 31d344e9cb602db403c8f7d2259c40b0c3714fd7d02698f67268fcd4816c6bdf
Instruction Fuzzy Hash: 4CF02271F0CA068FEA6CAA6C005C23D29D6EF56381F04463ED10AC32D9DF789C824688

Function 00007FF848900F70 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b221452d42e3c3c13b836f9da111f6eb5b07d4bc88908d4da1090cda81ac7bff
Instruction ID: bbcd120543d4b87116ece600a200def40e4842ac2f5b7fc4c1cbe5ed18030d97
Opcode Fuzzy Hash: b221452d42e3c3c13b836f9da111f6eb5b07d4bc88908d4da1090cda81ac7bff
Instruction Fuzzy Hash: 99F0E931F28E150BE7A8E92C9406179B3D1EB99212B00467AD85FC3354DF14B84306C5

Function 00007FF848913BF4 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1584f43d51f8e1c7b4d34b8c7596aa467492f4f60ff4b42d2c33de5317710038
Instruction ID: a0d47fb145013c9c2eecef7cdb173156d902a0daac8d907e2e1c94a44e92c21c
Opcode Fuzzy Hash: 1584f43d51f8e1c7b4d34b8c7596aa467492f4f60ff4b42d2c33de5317710038
Instruction Fuzzy Hash: 5CF0F662E1DE874FF39DEE3C049E07A6BE1EB59A8270440FEC09BC729ADD5C68054344

Function 00007FF848901307 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50ad8ac6cdf01301d3fb0a499674a57a0d158bb36be1d7d5dc27f544762446f3
Instruction ID: b66d9d279c1372cb12ae90297542919aaf4da9abf59d272cfa2baf796e293efc
Opcode Fuzzy Hash: 50ad8ac6cdf01301d3fb0a499674a57a0d158bb36be1d7d5dc27f544762446f3
Instruction Fuzzy Hash: 01F0B43171D6058FC71CEE28855547837D7E786306B60A53EE48BC76E6DE2495028545

Function 00007FF8489066F5 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3f2192627649e8f608688bb246bc2a7132dac7c0042604c75bbe0552f609226
Instruction ID: d7ec721e152a7675b8a5c2f5278f3d4b9d62c8a7fc099a62e2239dcb55896ec0
Opcode Fuzzy Hash: c3f2192627649e8f608688bb246bc2a7132dac7c0042604c75bbe0552f609226
Instruction Fuzzy Hash: 55F04F30729A094FD74CEB2C84AAA7977E1FF48745B10157CE44EC72A6DE28EC02CB85

Function 00007FF848912D51 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5024bf5e6ec3c95bbf6034cd60999d9649f2c4477682c6c59fc7fdb65a27ba1b
Instruction ID: 1bcbe9051cff318a09451a3640350d75220317190bbafc5ee0876e0b30245dfb
Opcode Fuzzy Hash: 5024bf5e6ec3c95bbf6034cd60999d9649f2c4477682c6c59fc7fdb65a27ba1b
Instruction Fuzzy Hash: 0BF0243171850A4FD308EF6DE8944D8F791F79832075586BBC408CB3AAEA79D8818780

Function 00007FF848901C2C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaf167a2ca77c667bb8ddea86de682e9abd695c2ddf6a1d2dd532ac73af869cb
Instruction ID: c944e6ce01925a22c322529d0e46a5f200d2ade51d6bc2532662f73de53cfa45
Opcode Fuzzy Hash: eaf167a2ca77c667bb8ddea86de682e9abd695c2ddf6a1d2dd532ac73af869cb
Instruction Fuzzy Hash: 8FF0F021B1C91B4BE71CED6898549B63382EB91390B04427EC11BC7689FE68F9424688

Function 00007FF84890ACF8 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89e1614661bfaef6cbc7b2ddd01202947c3ebd9d1065ffa58a0cdcb791e527f
Instruction ID: e162fd742e63f1eaeb0502162b6d1d85f478540b45b472e6dfa4e2013c8e63a6
Opcode Fuzzy Hash: f89e1614661bfaef6cbc7b2ddd01202947c3ebd9d1065ffa58a0cdcb791e527f
Instruction Fuzzy Hash: 0EF02721B0C90A4FE309AD6C8D4D17A3683E7C5302F62C739D44ADB2EAED349C0691C9

Function 00007FF848913BCC Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75f4c0d5b2a0c79ae54f6fc9a4fe67364bc51bd2d640466c8d8616f65abb74d8
Instruction ID: 1f28c48144edacf4b5ec3880b58fb520b10d72254251ec9f7ffd685398d30046
Opcode Fuzzy Hash: 75f4c0d5b2a0c79ae54f6fc9a4fe67364bc51bd2d640466c8d8616f65abb74d8
Instruction Fuzzy Hash: 9EF0E230A1C9498FF74DFE2C84C943A37E1DB9A74270040BAD58BCB3E5DE1CA8029744

Function 00007FF848902C3A Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f88032a0f6bebd1e8ab9517aeeb4ae7a08ef0eed1c861ad5afa73baedb695e24
Instruction ID: d65257634e00c9b34e832d76caec96992129c93ae49cabfff2b4c3616d532a07
Opcode Fuzzy Hash: f88032a0f6bebd1e8ab9517aeeb4ae7a08ef0eed1c861ad5afa73baedb695e24
Instruction Fuzzy Hash: FBF0A73320D6064FE70DBE2888594283657EBC6311775923EE543EB2E6DD38E8068544

Function 00007FF848914199 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa45a5875b9fa6adda279da6cafb0b3607b75d823b5cad4e0cee1c6e3c8e6556
Instruction ID: 6f777d1371da6b4f8326eebbd4c2cf9c52abcac4427a3e21525d77be9ae67cfa
Opcode Fuzzy Hash: aa45a5875b9fa6adda279da6cafb0b3607b75d823b5cad4e0cee1c6e3c8e6556
Instruction Fuzzy Hash: A6F0582144F3C95FC713A7756C25485BFB0EE43210B4E02EBD080CB0A3D61C089DC7A2

Function 00007FF84891331E Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ff63ce67349c8fc1bdd64f6a2259ecd522980491d37807c299385eded9d15d
Instruction ID: 308b123b46cd4faf5bd1a003d3b26fd7b9c2f7b6a666a90504f9716d3e097147
Opcode Fuzzy Hash: e0ff63ce67349c8fc1bdd64f6a2259ecd522980491d37807c299385eded9d15d
Instruction Fuzzy Hash: 8CF08C31B0C9064FF72CB51888661BC6696EB883A2F54963EC98BC63D1DE5CA9065289

Function 00007FF848912E14 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbb838dc7696de4a3e87a830b7e5911395e74857b025f4c5f1a24108e53fb5de
Instruction ID: bf6ee1b4ec5784b9d4a8bf02786e608df296dce94ff99e761814a542c9d7a7ab
Opcode Fuzzy Hash: cbb838dc7696de4a3e87a830b7e5911395e74857b025f4c5f1a24108e53fb5de
Instruction Fuzzy Hash: 46F0E23171C80A4FF71CFD6C88994B52A86D7E8392B224539C409CB3D5EF68E8064248

Function 00007FF848909661 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eca1b624904ec49964cbfb2cbd8081a55d42ae659c377473c52aa2df8ab3239
Instruction ID: 518349f0845d9b450327cda38387094d22d202ed8ab5419fddd9eb5a44f3156d
Opcode Fuzzy Hash: 0eca1b624904ec49964cbfb2cbd8081a55d42ae659c377473c52aa2df8ab3239
Instruction Fuzzy Hash: 92F03170E0850A8FDB48DFA5C4455AEB7F1EB58351F51852DD515E7284DB78AA008B50

Function 00007FF84890B11F Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba548bcce4e5d51a98550112aba8ffd19abcbfd19f2d5653da7fb86f7d098d88
Instruction ID: d89977c74dbd1c3495355ab344d82c3b9c2679b520cdf944f2c654ed73fa6d91
Opcode Fuzzy Hash: ba548bcce4e5d51a98550112aba8ffd19abcbfd19f2d5653da7fb86f7d098d88
Instruction Fuzzy Hash: 14F06D20F0D90E4FE684BAB8081D27975D2EB8A652F20407AD50FC3796FE5C98826246

Function 00007FF848900578 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4adcf9fc73eeed777cf3f11c670f1e938bd08152a07eeddb7f559919b3cc3bff
Instruction ID: 30e63c0375720da664379fae15dee68369a8f3d8c44ff3ac397bb6cabbb356cd
Opcode Fuzzy Hash: 4adcf9fc73eeed777cf3f11c670f1e938bd08152a07eeddb7f559919b3cc3bff
Instruction Fuzzy Hash: 1DF0821294DAC51EE722372958560F87F20EF83259F0901F7D5CCCA093EE1C28588356

Function 00007FF8489125D0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6795fb8ea591cf2e98e60da79ab602cd39fb7e283bc0f73f2cd1b2d4dacfbef9
Instruction ID: 360dbd31ad5c24b63579b29f94b6655a5b23e1ea313f6f6ff4308951c7040152
Opcode Fuzzy Hash: 6795fb8ea591cf2e98e60da79ab602cd39fb7e283bc0f73f2cd1b2d4dacfbef9
Instruction Fuzzy Hash: 80F08212E1C9469FE64CF5F4047D0785857EF6A682F55407AD10AC62D7DD5858024605

Function 00007FF848913130 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff993657142ea5ddbeadc3304d233d0d261886d4477f2b57197b3186026a0375
Instruction ID: ef0a9ef5855a1f2876e26f40e3632f86780044d1c12979120daea004af2c240f
Opcode Fuzzy Hash: ff993657142ea5ddbeadc3304d233d0d261886d4477f2b57197b3186026a0375
Instruction Fuzzy Hash: F2F0553230C9128BE30CFE2E8C96079B29BEBD4320F20433DA047CB7E2DDAC28024244

Function 00007FF84891118F Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60495a7fddadb1724c8ff2e35bdabfa395b484f4078c9fdccf5e53a95fa6a133
Instruction ID: 2be00c25a9b62ed4ae0a434a249bc835a2b97951aeb48427483ac4d6fa151f37
Opcode Fuzzy Hash: 60495a7fddadb1724c8ff2e35bdabfa395b484f4078c9fdccf5e53a95fa6a133
Instruction Fuzzy Hash: B0F0A732F0C5065FF71CBE58A8584797B62DB44361B154779C407D73D2DF69A8808685

Function 00007FF84890AE25 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04c5052cfabb94d6aecf92ad8140188c6455c15769ce425fe6ea2f4beb2f0ab9
Instruction ID: 1286a3ff51b30b1bd8420dba227a7027cc7b141291708caddba29f3b20f464f1
Opcode Fuzzy Hash: 04c5052cfabb94d6aecf92ad8140188c6455c15769ce425fe6ea2f4beb2f0ab9
Instruction Fuzzy Hash: 81E02220B0C90E4FE648BAEC6856278BBC1DB48781F11813AC90DCB2C7EE28584112C6

Function 00007FF84890139A Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01259bba0074536fd3c458ddcbe97ccab7e7ad3f3f337b6d8d86443bfc22fb83
Instruction ID: c689686ffb6333cbe063848fe7c679b1612ca18770ae1146dfd4c32c99bd8b3c
Opcode Fuzzy Hash: 01259bba0074536fd3c458ddcbe97ccab7e7ad3f3f337b6d8d86443bfc22fb83
Instruction Fuzzy Hash: 89E06562D1DF425EE29DAA2C581D1397AD2EB56B42F44217DD44AC3683EE186802464A

Function 00007FF8489103EA Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 552ec5d946f0463ec55c39acf60dfdacbb88bfba7935853deb814096ed25ce41
Instruction ID: 1b21b09040eb450469ae4b8e044a96489a29c3cf80fe9f77546dc51d63edaf67
Opcode Fuzzy Hash: 552ec5d946f0463ec55c39acf60dfdacbb88bfba7935853deb814096ed25ce41
Instruction Fuzzy Hash: A6E01A22E1CD695AEB50B6AC68291ECBBA0FF49AA5F4400B7D50DE3286DE1868414296

Function 00007FF848907F41 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 362e3d3baa3e0e820b3a2d22fc9ab96a3b248ae951349e7ab4cc6ade9c4dcee4
Instruction ID: 250e097349c9e260c9df642f96ebc1082026bcb533b9d5c32a530c4fadc76696
Opcode Fuzzy Hash: 362e3d3baa3e0e820b3a2d22fc9ab96a3b248ae951349e7ab4cc6ade9c4dcee4
Instruction Fuzzy Hash: 43E02B11E1CA891FDB497A7C88165343AC6DB4B651F140478D10EC32C3EE146C454246

Function 00007FF8489103CE Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6eda78e261ff9459a865f55fb68fdf05d7b051ea37039d8acdb532e0a0a6ea87
Instruction ID: 2447d858f206717ad27b43039d347a1e970a74d3494f6a8d01573c89866f6e95
Opcode Fuzzy Hash: 6eda78e261ff9459a865f55fb68fdf05d7b051ea37039d8acdb532e0a0a6ea87
Instruction Fuzzy Hash: 31E0D83764C8094FE71CBD1048AA4B97286E785362B26827FC803D33E0DD5868010284

Function 00007FF848911F76 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae379e7f34699e3eaa5041bd9c03ef2acbed502acf5622a1f8d8ef3521dba7a1
Instruction ID: 000c2df6378e0001b502bd3dcd2d665886a5cff13befd057beb7cc06787aed08
Opcode Fuzzy Hash: ae379e7f34699e3eaa5041bd9c03ef2acbed502acf5622a1f8d8ef3521dba7a1
Instruction Fuzzy Hash: A8E092317188064FD70CFA2884A95BA37D7D794351B5A863BD80BC77A5CA689D414200

Function 00007FF8489098DE Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d2cb326273c6dc696670296723d8ea03231036adcf93956fb16aaf5c5e8f827
Instruction ID: 11d6aa7118deea0e48261d107ef7686b956bb11f9344035bc874a502bf1d28a4
Opcode Fuzzy Hash: 2d2cb326273c6dc696670296723d8ea03231036adcf93956fb16aaf5c5e8f827
Instruction Fuzzy Hash: 0DE09B32B0C5054FD34D7528454A1A576479BC1751B15C279C506CB3DDED3494054644

Function 00007FF8489090E0 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9f4a5be1654e3a42185fb4900dc6127e1190725be29246331023bd809b4e9a5
Instruction ID: b282543b83de60f87bf8e576e7c29d71230d76bd4300fb2a346b679b8cbe031a
Opcode Fuzzy Hash: e9f4a5be1654e3a42185fb4900dc6127e1190725be29246331023bd809b4e9a5
Instruction Fuzzy Hash: CFE0DF31B088024BD70CB62CCD8A4A977D2E7C9321F50C326D802CB2D9EA389A5983C5

Function 00007FF848902420 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26a8c71740a82acfcae7d9ac14d69ec6d79c8037c486e5c094dc7579d3ca067e
Instruction ID: 70b38108d1e227d6f2259f018d5da5d09aae9ea998f3d32523bbc9f8be6bd284
Opcode Fuzzy Hash: 26a8c71740a82acfcae7d9ac14d69ec6d79c8037c486e5c094dc7579d3ca067e
Instruction Fuzzy Hash: 38E0DF7162CA004FD24CDE2CC85102A77E2EB8A200F00593EE0D3C72A5DA24F8028F02

Function 00007FF84890B05D Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc2a41b70f1d51c68f44e0fff3b5e2f33d258fdb647e2442d326b75c2c258065
Instruction ID: ce39d776532c558e00378910f0cc57c8713bee14024656240097ac11487ec0d9
Opcode Fuzzy Hash: bc2a41b70f1d51c68f44e0fff3b5e2f33d258fdb647e2442d326b75c2c258065
Instruction Fuzzy Hash: 7EE02012B2C40A9FF6583BB8C41B3BC74C1EF153C0F804139A608C72C7DE4C98001156

Function 00007FF84890856C Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f5279153b33c1709e27374ef89ded55134c050a5cf89338143496f8b31c5abd
Instruction ID: 773fd5bd5076dccc287d0206ff69ed87747f693c8ccf4edb6868400d91f71147
Opcode Fuzzy Hash: 9f5279153b33c1709e27374ef89ded55134c050a5cf89338143496f8b31c5abd
Instruction Fuzzy Hash: 50E0C212F1CD026BE26C7A7C286927C1983EB952E1B65863AC008D72D5ED78940223C5

Function 00007FF848912FE9 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 992699d8757dd61da728ea437d78a90142cf1d8d72412c739e45843b345adefe
Instruction ID: 5af7115e6abda8bd2bdaca68a3b0dd0132eec61e390f35976d1530f56d629fe1
Opcode Fuzzy Hash: 992699d8757dd61da728ea437d78a90142cf1d8d72412c739e45843b345adefe
Instruction Fuzzy Hash: 54E0CD30B544464BD70CF91CCD454A573D7E3C4321794C366C413C73DDD939966586C5

Function 00007FF848902471 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 974fbb5c21d288b9079c5becd61034ead01ecc35083075e4fd6ede8684d3b38f
Instruction ID: 317845bab9a299e650e4459b589446fcbdff238de85254907795c7ca466f66f3
Opcode Fuzzy Hash: 974fbb5c21d288b9079c5becd61034ead01ecc35083075e4fd6ede8684d3b38f
Instruction Fuzzy Hash: 1AE0923060CA05CFD319AA11C049567B7E2FF92345F204878E08B8B791EF38F542C745

Function 00007FF848913F0C Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d528c3f06f8d31ce8540b7c8531ca771b392d9ad2f9d259907ee169877c493
Instruction ID: fe8ca46eebf527fc5ce63010be8d18e6b2be7b48214c3b73b44c6df5b2fb415f
Opcode Fuzzy Hash: 92d528c3f06f8d31ce8540b7c8531ca771b392d9ad2f9d259907ee169877c493
Instruction Fuzzy Hash: FFE0EC31B0CD189FDB8CFB788469A687BF5EB5974171144BDD10AC72A2DE38D8059F04

Function 00007FF84890AE78 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa57a6c07fabcec67df229f988c2c6531337ef06fcaf5c86c285847360ab2131
Instruction ID: 34995f76f3e8ce875a264fc355ff39d150f1ac31166cd80e1153649d1855e688
Opcode Fuzzy Hash: fa57a6c07fabcec67df229f988c2c6531337ef06fcaf5c86c285847360ab2131
Instruction Fuzzy Hash: 17D02B10B1C90D4FF6047E6C4D562B875C1FB58701F604138A60DC72DBED1C6C00214A

Function 00007FF8489027FE Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8adeb9dc5f79ca4319aebb9bf3b3a91d5a8f5f923f7879eabf7ee633d887a3e
Instruction ID: 48fd773d83165785cfec2ed2827283286373a70cca6bd79cd99ee029353aaa33
Opcode Fuzzy Hash: e8adeb9dc5f79ca4319aebb9bf3b3a91d5a8f5f923f7879eabf7ee633d887a3e
Instruction Fuzzy Hash: A6E08C32908A449FE359FA24C4845AA77A2FF9638AF10053CE0CBC7382EF35B906C700

Function 00007FF84890A3E1 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e90a59ffb1af013e340f04fd76f1d20b8571f42fa40c44eeb4065bba82a938a
Instruction ID: a3df5604009f43cdd629c9037885e3953ad827f91e040c2f629258286b22bebc
Opcode Fuzzy Hash: 9e90a59ffb1af013e340f04fd76f1d20b8571f42fa40c44eeb4065bba82a938a
Instruction Fuzzy Hash: 84D012757656198FC24EEA5C94ED12877E1EB5C712380443EC54AC32A5CF6458429B50

Function 00007FF84890852D Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a01772ce7c78c12ebe4bc0180a10afb87cfda103bb4abdca5b7cc0fad2f6b61
Instruction ID: 41793bcfe95b255be1fcbc3a334758b7004feddc4036cc3c8fe277c7be2d042d
Opcode Fuzzy Hash: 3a01772ce7c78c12ebe4bc0180a10afb87cfda103bb4abdca5b7cc0fad2f6b61
Instruction Fuzzy Hash: 68D05B2075D9115BF7483E6C441D33D39D6DB98781F10813E9009D32D9CD64DC015397

Function 00007FF848902ED8 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 203af5192f959b284e9e82b398372d85b3703792569a9e03874fb6b126d06a05
Instruction ID: 02b4ccd00e9fb19aa2111393ba940a790d394b86320580cc18597abf46db48da
Opcode Fuzzy Hash: 203af5192f959b284e9e82b398372d85b3703792569a9e03874fb6b126d06a05
Instruction Fuzzy Hash: C5E08C3185CE029FD2B9BA3080011697BA2FF42286F50443DC08BC3692EF34B802C644

Function 00007FF848902262 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58051217eb1bd3d0bdabb35658ee2a2ff0e7a3a00fecbf47c1f2c0ae2ba4dd9b
Instruction ID: b6cd44c78a001f455d7b8d44668dcd226d3a57d63fb90e56c2a9ee36d7fc66b0
Opcode Fuzzy Hash: 58051217eb1bd3d0bdabb35658ee2a2ff0e7a3a00fecbf47c1f2c0ae2ba4dd9b
Instruction Fuzzy Hash: 5CD0C230A1C3118ED30CDA19809603A77E0EF4A642F10947EB2C2C1261CE35B0028E02

Function 00007FF84890AD7A Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d20763b3c7995cb8a5dda0a1dd77e6675dc74ae6f9bc86000d7847fcaecb1cc
Instruction ID: bf39d8a5c2fab8fdeb29a7a015cd4d73a3c0ee25e9d90b5a230f9a0afc6f74a3
Opcode Fuzzy Hash: 3d20763b3c7995cb8a5dda0a1dd77e6675dc74ae6f9bc86000d7847fcaecb1cc
Instruction Fuzzy Hash: BFD0A70076C90A4FF70C7ADC486673D76C1EB58600F60833DD50ECB3CADE596C05529A

Function 00007FF8489027B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c11d6845edf0a1d893cee8413bd930cf479955aefcfa3abb255467047645bd
Instruction ID: db46afa2ced256ae20753f3bb28d3c1906f40384250e00f0cca75fec9fc2e95a
Opcode Fuzzy Hash: 41c11d6845edf0a1d893cee8413bd930cf479955aefcfa3abb255467047645bd
Instruction Fuzzy Hash: 61E08C7161C3814FC35DEE1884D146ABAA4AB12381F9054BEF183CB292EA24E5048B95

Function 00007FF848907F10 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6974c315bb3852fa55c75a9880efc19b0b58f314f43d65b0ea90272f07eec3b
Instruction ID: dd39e3345dbc83b1149619175e87d4b54d5d225d81f726d4af0329e849b20a9d
Opcode Fuzzy Hash: c6974c315bb3852fa55c75a9880efc19b0b58f314f43d65b0ea90272f07eec3b
Instruction Fuzzy Hash: 95D0A70077CE491FE18CBA68001A23575CADB1A615F50543DD20EC21D7FF0958420185

Function 00007FF84890273E Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ccff2ec907c3903f94656f8fb428cd5d0d0e7b854063094db70653a89205552
Instruction ID: 4d3a33f571e207e5f56ae642995e3500be7efa85b5651baf5d34ee333bb5bc70
Opcode Fuzzy Hash: 6ccff2ec907c3903f94656f8fb428cd5d0d0e7b854063094db70653a89205552
Instruction Fuzzy Hash: D6D0A77074DA445FD31C3198A8021783591DF07346B5400FDD18EC2342C92889864BC5

Function 00007FF84890A375 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3e54a9c41b1732b917723ff13a8e1a197c000247779127dd3d5a975a96ced24
Instruction ID: b7d6107041f314ee9e093a1717babfa746adcd6435ffd9261ec0307d9037585b
Opcode Fuzzy Hash: a3e54a9c41b1732b917723ff13a8e1a197c000247779127dd3d5a975a96ced24
Instruction Fuzzy Hash: AFD0A73434C6090FE25CA51880E15311192EF4EB00F30903DD28BC73D7CE281C420659

Function 00007FF84890A41C Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5c6799db14f34c09e134e390124928d393adfd6a0bced81022624f6cb9643a2
Instruction ID: ca3e0a8787453fa4c6173ec34ba598610971cb05e739880a7430464d87ba3b2f
Opcode Fuzzy Hash: c5c6799db14f34c09e134e390124928d393adfd6a0bced81022624f6cb9643a2
Instruction Fuzzy Hash: F7D0A73074C6454FF34CD51C85A15322192EF4EB00F30953CE246C73D6C92D5C414548

Function 00007FF84891317C Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 866f77332ae3a636dfd7cc61ccfab8c51f105036a9de5345f47299ed2a1da963
Instruction ID: 57989ea303cc140edb8fc818a77460980311a09850dc9d5be4b8ba7aeaf493d2
Opcode Fuzzy Hash: 866f77332ae3a636dfd7cc61ccfab8c51f105036a9de5345f47299ed2a1da963
Instruction Fuzzy Hash: CBC0120161D8015AF505756C6D0A37D2ADB9784651F21513AA14AC72D6DE699502104A

Function 00007FF84890ADFB Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f45cb2f9a736f65fe75bcdab84204b056000285a52133a7810fbe2809785ddb5
Instruction ID: 786312cc4c415a10b2144fbcada844a244f2e42947de8396dc0a8a58299030e5
Opcode Fuzzy Hash: f45cb2f9a736f65fe75bcdab84204b056000285a52133a7810fbe2809785ddb5
Instruction Fuzzy Hash: 40C08001B1C51D0FF584796C090D2796CC5E74D742F155175E74DD32D7FD445C4161C9

Function 00007FF8489029B7 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73069330581a06bc614e8f26f24ead2cbddb0f997dfa02d29ec068c582148c20
Instruction ID: 0bebe2826dfe845e607dba9ce06e90ff43ff308106bbac144f41bcee9d3c578b
Opcode Fuzzy Hash: 73069330581a06bc614e8f26f24ead2cbddb0f997dfa02d29ec068c582148c20
Instruction Fuzzy Hash: 97D0A73050DB054FD35EF624D5916B63B65AB017C2F10146DD053CA9D3E910B4068701

Function 00007FF8489085A6 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195239acfdee847bdec91043e94544abfea289b109cd463e531a240ed3e6bf86
Instruction ID: 20752095381b79147a619655807853f3a86d404c83e45555267bc178c37f02a9
Opcode Fuzzy Hash: 195239acfdee847bdec91043e94544abfea289b109cd463e531a240ed3e6bf86
Instruction Fuzzy Hash: 82C01211F4C90AAED654AB7404151AC6D866B89990F650839C00EDB6C5EE3894024219

Function 00007FF848912647 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8bef09a2aa0a727c58c8f55190f6a2ddfe045bd4708b04a43d1eadfe3d8997f
Instruction ID: 48ca16a9232ca4b4370e819390df987f484f24c2aad16b90ff128003fa2a9316
Opcode Fuzzy Hash: f8bef09a2aa0a727c58c8f55190f6a2ddfe045bd4708b04a43d1eadfe3d8997f
Instruction Fuzzy Hash: D1D022303082008FC20CDD3884E41103123F70A322F24822DE12BC73C0CF7888028A04

Function 00007FF84890A4F4 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f59ceeb21aa2bd6eb0ad0b2b25c1e4c4f8a165a11c212d14bcf6ae17c0b39de
Instruction ID: 35647119b42b565bbc3e4c29336274188a28d0cf20e85ebd3f262d283dd3c1b7
Opcode Fuzzy Hash: 6f59ceeb21aa2bd6eb0ad0b2b25c1e4c4f8a165a11c212d14bcf6ae17c0b39de
Instruction Fuzzy Hash: 14D02230B086014FC68C3AF900EA12878E1BF05221BA0823FC31BC32E3EB2D64020385

Function 00007FF84890ADD7 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e204d8dbac44a4e1bdd1ff93c7846bc3f217be0faf25266977c0e17220586d
Instruction ID: 067c07a5a19bda671184c662657cfbf22042c514788b52cb09f134a71b51a30d
Opcode Fuzzy Hash: f5e204d8dbac44a4e1bdd1ff93c7846bc3f217be0faf25266977c0e17220586d
Instruction Fuzzy Hash: 87C08C0070DA094FE204B9A8081A26865CA9789605F218036864AD72C2ED149C0022CA

Function 00007FF848901158 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4d49a8027841467ca8b7f18761e9bd3a94633a6b5ae172823962f3ef00cacf
Instruction ID: c4ab5bfe13bf285d99ea10b746eda83bf448da1321bb71b4ddae30d3827ce455
Opcode Fuzzy Hash: 6b4d49a8027841467ca8b7f18761e9bd3a94633a6b5ae172823962f3ef00cacf
Instruction Fuzzy Hash: 7DB01230C6BA0745DA39323208460A578B1EF06285FF009F8D50A8018DE9AF90D5C243

Function 00007FF848907C31 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6db604aa466f3a838e0df5a35b54776f976378ecd44b46c0b2c79a16ad145e73
Instruction ID: 0aac820af79fee2510ec9b587ca78e86e7f150b0a0be5b611720c0325870c468
Opcode Fuzzy Hash: 6db604aa466f3a838e0df5a35b54776f976378ecd44b46c0b2c79a16ad145e73
Instruction Fuzzy Hash: 15C08032A08405DB850CE978445407C77175FCA370B3F032DC425BB1E1CE105C404658

Non-executed Functions

Function 00007FF8489010A8 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 721dea6e45cb7a077b5cfb861aeb2111b3917d3a19bf9cbb1110a220a11d9152
Instruction ID: 7139dc6f22fe8806aea7f51ff1e17101888e9cacef4ccc672ad4ef2b371bb6d9
Opcode Fuzzy Hash: 721dea6e45cb7a077b5cfb861aeb2111b3917d3a19bf9cbb1110a220a11d9152
Instruction Fuzzy Hash: BC514E33A0DA965FD319FF3CA8554F53F90EF83266B0941BBD185CB093EA1468468395

Function 00007FF848904797 Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3b8c71ff52675ae2a999e09c71ccdf49cc4d35ce84e14658c5ed033819f35b6
Instruction ID: 16263a7d4c1eb57a346f7d151fc7f08a17ad6de208a65b86d970405509bfcc60
Opcode Fuzzy Hash: e3b8c71ff52675ae2a999e09c71ccdf49cc4d35ce84e14658c5ed033819f35b6
Instruction Fuzzy Hash: 94416C3160D7C90FD30EAA384C9A476BFA5DB83225B1582BFD5C7CB1A3EE1458078382

Function 00007FF848910847 Relevance: .1, Instructions: 134COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c84fff1a3f481641faba32cea3192547bbeb81ec929212c52aed5d6604cc9d6
Instruction ID: 0384d1f044715e5278d53f570b8310e29bd6022112b3e9ae0804e6f6f7cc8b13
Opcode Fuzzy Hash: 1c84fff1a3f481641faba32cea3192547bbeb81ec929212c52aed5d6604cc9d6
Instruction Fuzzy Hash: 04414B3164D7A50FD71BDA7888640963FF5EB87720B1982EBD486CF2A7D9194809C7C1

Function 00007FF8489005C1 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3346668692.00007FF848900000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848900000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848900000_MiGFg375KJ.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4661e79a5ee768bba3c90510bd943450890d5b3f2c8f9ffbbe34668a3afd2ebb
Instruction ID: df16edf4665bec53334ced7348cc56aee89df42f33ec148f5837c353b0b87245
Opcode Fuzzy Hash: 4661e79a5ee768bba3c90510bd943450890d5b3f2c8f9ffbbe34668a3afd2ebb
Instruction Fuzzy Hash: F5114872A1C3980FD32CAD654CCF433FB59E787214B02837EDAC6C2592EF2498138281

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MiGFg375KJ.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Xworm

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_MiGFg375KJ.exe_1afe68a24b8d99bf88be477644667aaf35e59d_20e48a1b_71e3644d-0fe0-4921-be54-3d0ed809074a\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AFB.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C73.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2CB3.tmp.xml

C:\Windows\appcompat\Programs\Amcache.hve

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
MiGFg375KJ.exe